Social networking sites are a growing area of attack. You can search on LinkedIn, for example, and find 375 nuclear physicists who have worked at Lawrence Livermore National Lab. Social networking allows attackers to single out specific groups of individuals, and with targeted attacks on the rise, this is a significant threat.
The average Internet users can do a lot to educate and protect themselves. In general, it is absolutely critical to keep up-to-date with your operating systemís security patches. It is specifically very important to keep your Internet browser software updated as well since most malware infections today exploit security flaws in your Internet browser. Finally, if you're searching the Web with your favorite search engine and you encounter a link that looks potentially suspicious, try clicking on the "Preview" or "Cached" link if one is available. Many times this "preview" feature will allow you to view a safe, sanitized, offline copy of the Website in question which is usually enough information to determine if it is a site actually worth visiting.
What tools would you recommend to those interested in learning more about malware analysis?
On the commercial side of things, malware analysis doesn't get any easier than using HBGary's Responder product. You can trace all of the behavior of a malware program in just minutes. If you are on a budget or want to use free tools, you can download a number of great freeware utilities and tools.
For virtualization, you can download "Sun VirtualBox" or VMWare's freeware version of ESX which is called ESXi. You can also download a free debugger called "OllyDbg" that is an easy-to-use, GUI based usermode debugger that is very useful for single-step debugging certain malware packages. I'd also recommend the Microsoft-built debugger "windbg", especially if you're interested in researching kernel mode malware components. Microsoft also provides some very useful, free system utilities called "Process Explorer", "ProcMon", "FileMon", and "RegMon" (Previously from SysInternals).
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.