Christmas time - a season to enjoy AND fear
Introduction
Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software. The malware writers are imaginative in using natural disasters, rock stars' various activities, Olympic Games, and presidential elections as stepping-stones for propagation of their programs.
The clever reader has long time ago figured out where this leads...
Christmas holiday - a recurring event
Christmas indeed arrives each year. So does - it seems - a flow of malicious software, which uses the Christmas holiday as the trigger to trick people into opening program files and clicking on links. The author of the malware's intent is usually to get your money into her possession.
The days around Christmas and the New Year are also a time when more vulnerable computers than usual are available on the Internet. One very popular Christmas gift is a new computer, and the eager recipient will of course want to connect his new computer to the Internet and start surfing/gaming/etc as soon as possible. However, that may not be the wisest thing to do without any precautions.
Before you connect your computer to the Internet you should check that it is set up with a firewall and protection against malicious software (antivirus/antispyware protection). If this type of software is not installed, the first action after connecting to the Internet should be to acquire and install such programs.
When a PC is sold to an end user, it is most likely not updated with the latest available security patches to operating systems and applications. E.g. Microsoft released six security patches for critical vulnerabilities as late as 9 December.
Immediately after connecting to the Internet (you are a multitasking person and can do this at the same time as you are getting the security software), you should therefore see to that your computer downloads the latest security updates that are available to your installed software.
Three years ago one very serious vulnerability with a working exploit and no available patch, was published in the days between Christmas and the New Year, and the security community had more active days than expected (and appreciated). This year two serious vulnerabilities with no available patch have been reported as the Christmas preparations are ongoing. Exploit code that utilizes these vulnerabilites is available on the Internet and malicious activity has been reported. It can be safely assumed that new malware emerges before any patches are available. Additional vulnerabilities may of course also arrive and be exploited.
New this year: the global finance crisis
Unlike other years, late 2008 adds another issue to the probability of being the victim of infection: The global financial crisis. One speculates - and this seems to be a fair assumption - that in times of financial difficulties, the malware activity rises. There are more persons with sufficient skills that have difficulties being employed in legitimate businesses and organizations. Illegal activity may be more tempting as the legal alternatives are getting increasingly problematic. Economic trouble of various kinds can make people feel that they have to use extreme means, which they would avoid in more normal circumstances.
Norman hopes that our customers, partners, and the Internet community in general, do not suffer from malware in the weeks to come, and wishes you all A Merry Christmas and the best wishes for A Prosperous Year in 2009.
