Last year, the amount of malware designed to steal your passwords increased 400 percent. In the first half of this year, malware growth nearly surpassed the entire quantity created in 2008. The danger to your passwords has never been greater. This malicious software can be downloaded from bad email attachments, stealthily “injected” into your computer by websites hijacked by cybercriminals, or even automatically sent to you through your favorite social networks or games by friends’ systems that have become infected.
Here are the latest trends detailed in McAfee’s latest research paper, “Inside the Password-Stealing Business: The Who and How of Identity Theft,” and some quick and easy tools to defend yourself against attacks:
- Watching Your Every Move: In the past, cybercriminals relied on reviewing long logs of each key you’ve typed to find and snag passwords. But now, malware can simply take pictures of your screen as you enter passwords, others can ID and capture your entries, even from concealed logins (those sites where your passwords appear as “******”). Cybercriminals can hijack legitimate websites and create fake pop-ups to request your information. Other malware will go straight into your computer’s back corridors and browsers to steal your saved passwords.
- Gamers Beware: Gaming passwords are now the most targeted logins on the Web. The black market for gaming goods and currencies, and the malware to steal them, continues to grow. As these graphs from the McAfee Threats Report: Second Quarter 2009 show, the growth of such malware far surpasses that of malware seeking banking logins, making gamers the most targeted group on the Web. Malicious programs steal gaming passwords so cybercriminals can sell off gamers’ virtual goods for real money—everything from custom characters, weapons, items, and virtual money.
- Leaving Your Door Unlocked: New password-stealing Trojans and worms not only steal your info, they leave your computer vulnerable to other attacks. Once these bad programs have broken into your computer, they can serve as an entry point for many other pieces of malware. This means your passwords and personal information are not only stolen once, but are left vulnerable to other cybercriminal malware such as Sinowal or Zbot.
- Malware Plays Nice: Malware has many new techniques to avoid being detected by researchers and security software. From knowing when to “play nice” while in sandbox environments (where researchers safely analyze malicious code), to attacking and modifying the very code of security software to keep itself concealed, cybercriminals are getting better at protecting their investments—and keeping your passwords in harm’s way.
How to Protect Yourself
- The best way to protect your computer from all cyberthreats—password stealing or other—is to run the most up-to-date version of security software.
- If you’re worried your system is already infected, check out McAfee’s complimentary malware scanner, McAfee FreeScan.
- Stolen passwords can lead to all sorts of trouble—from fraud to identity theft. If you’ve been victimized, or worry about your vulnerability to attacks, check out McAfee’s free Cybercrime Response Unit for resources about your level of risk, how to stay safe online, and what authorities to contact if you’ve been scammed.