Hackers come in all shapes and sizes, and do what they do for a wide variety of reasons. Not all hackers are ‘bad’. Some hack computer programmes from an altruistic viewpoint, to help identify security weaknesses and then pass these back to the developers. Others are more direct in their actions, in that they hack a weakness in a product and post this online. This is claimed to force big developers to take action immediately, although of course it has the effect of telling everyone, good and bad, about the problem.

Most hackers as described in the media are more malicious. We can broadly split these into two camps; those who do it for malicious purposes, and those for criminal gain purposes. The first type is likely to spread viruses that destroy your data, or engage in denial-of-service attacks, and look to hack in order to cause damage. The user is far more likely to be aware if this sort of hack has happened on their computer.

The more criminally minded hacker is likely to want to remain hidden. They may be hacking to tackle control of your computer for their own purposes, perhaps as part of a botnet, or otherwise may be hacking to steal your financial details or identity. Whatever the hacker, they are sophisticated, intelligent and committed to what they are doing, and should never be underestimated.

Today’s hackers commonly use vicious multi-layered attacks, such as a worm in a chat message that displays a link to a web page infected with a Trojan horse. The attacks also use exploit code that combines malicious code with operating-system and browser vulnerabilities in order to launch an assault.

Worms have been found that tunnel though programmes, uncovering new vulnerabilities and reporting them back to hackers. The hackers then quickly assemble malware from pre-made components, exploiting the vulnerability before the majority of people can download a fix.

So what can I do?

To use your computer and the internet safely, you need to safeguard your files, your identity, and your personal information. Many tips appear elsewhere in the Broadband Security Centre but crucial steps to take are:

  • Stay aware of current virus news by checking sites like McAfee® Avert® Alerts.
  • Be careful exchanging floppy disks and CDs between computers; also, write-protect your floppy disk or CD. For file compression, use statically compressed ZIP files instead of self-extracting ones.
  • Protect your computer with strong security software and keep it updated. McAfee Internet Security Suite provides proven PC protection from Trojans, hackers, and spyware. Its integrated anti-virus, anti-spyware, firewall, anti-spam, anti-phishing, and backup technologies work together to combat today’s advanced multi-faceted attacks. It scans disks, email attachments, files downloaded from the web, and documents generated by word processing and spreadsheet programmes.
  • Enable automatic Windows® updates, or download Microsoft® updates regularly, to keep your operating system patched against known vulnerabilities. Install patches from other software manufacturers as soon as they are distributed. A fully patched computer behind a firewall is the best defense against Trojan and spyware installation.
  • Configure strong passwords. Don’t use common words, birthdates or names of friends and family. Use symbols and punctuation characters as well as some capital letters.
  • Configure your instant messaging application correctly. Make sure it does not open automatically when you fire up your computer. Turn off your computer and disconnect the DSL or modem line when you’re not using it. Beware of spam-based phishing schemes – don’t click on links in emails or IM.

 Instant Messaging is also an increasingly popular way for cyber criminals to distribute worms, viruses, and Trojans, and to commit fraud. Hackers like to target IM because they can use network ports that are already open for the IM client instead of having to open suspicious new ports.

Today, sophisticated multi-faceted attacks are launched through IM as frequently as they are through email. Hackers exploit operating-system and browser vulnerabilities to deliver malware such as Trojan keyloggers and screen scrapers that steal personal information, and to turn PCs into hijacked “zombies” used to commit crimes.

If the IM protocols don’t encrypt network traffic, the hacker can slip messages into an existing IM chat session and pretend to be the victim, causing embarrassment and the opportunity for fraud. Cyber criminals exploit IM’s user-friendly features and find potential victims simply by choosing from an updated directory of buddy lists. The cyber criminals also receive a notification each time their victims’ computers are online.

IM networks also support transfer files and use peer-to-peer (P2P) file sharing, making them vulnerable to malware hiding in files. With these weaknesses in mind, hackers use IM to gain backdoor access to unprotected PCs that run P2P. In this scenario, a Trojan typically modifies a computer’s configuration settings to share all files on its hard drive—logins, user IDs and passwords, Quicken files and credit reports, chat logs, emails, and medical and tax records. This can put a family at great risk.

Read Morehere