By John Gable
ZoneAlarm Director of Product Management
Hardly anyone knew about it.
The Los Angeles Angels website was recently hacked overnight with a drive-by download. It tried to download “AntiVirus 2009”, a well known fake security program that actually installs malware, onto visitors' systems. The Angels fixed the problem the next day, but damage was done.
I don’t mean to pick on the American League West Champions. This happens much too often, not just in major league baseball, but also the National Football League (Miami Dolphins), job sites (Monster.com), financial institutions (Bank of India) and plenty more.
What else don’t you know about? Did you know about …
-
the virus/spyware that hit Check Free, the online bill pay service used by many major banks and others, which infected around 160,000 users?
-
the latest Internet Explorer 7 vulnerability that gives hackers a hole to silently install malicious software onto your PC?
-
the Waledac botnet Valentine email and e-card attack?
I suggest there are 3 good reasons most people don't hear about such incidents.
-
Hackers want to be invisible. Gone are the “good ole days” when a hacker wanted to become famous. The "I Love You" virus was a big problem, but at least you knew if you were infected. Now hackers go to great lengths to make sure you don’t know anything is happening as they take over your PC.
-
Web sites that have been hacked don’t exactly spend marketing funds to tell the world what happened. Responsible sites, like Check Free, quickly contact any potential victims to help them. But the last thing most sites want is to scare you away.
-
Same logic applies to software vendors, even security companies. Plus, sometimes they don’t want to advertise vulnerabilities because they don’t want to educate hackers how to break in.
Special kudos to the companies that do a good job at communicating threats. Adobe just issued a security bulletin about a buffer overflow issue with Adobe Reader 9 and Acrobat 9.
I’m happy to report that our new ZoneAlarm Extreme Security, which integrates our latest PC security suite with our web browser security and more, is the only security suite that blocked any of the threats I listed above from the very first moment they hit the Web (someone else might have stopped the LA Angeles attack - but I can verify that others missed all the other attacks).
In fact, ZoneAlarm Extreme Security blocks all of them. See our Stops Attacks Others Miss page for more details.
Do you think people need to know about these Web attacks or is ignorance bliss?
The invasion of privacy on social networking sites is a big concern of mine. I discovered this new job site called OneWire that connects top financial firms confidentially with finance professionals. You can actually be contacted by firms without having to reveal your identity! Check out OneWire.com if you're sick of SPAM!
Posted by: AB | February 25, 2009 at 03:58 PM