Who hasn't indulged in some egosurfing?
About half of Internet users have "Googled" themselves, according to Pew Internet and American Life study findings. And if ill-intentioned others think you're worthy of being searched for online, a few moments of vanity could lead to a malware attack, and ultimately the loss of personal and business data stored on your computer.
Fortunately, new programs are becoming available that can help lower the risk of infection -- which, along with a degree of caution online, can make all the difference.
The names of well-known politicos and famous celebrities have long been the target of cybercriminals. Earlier this month, Google warned users of targeted attacks against political figures gained through a known Internet Explorer vulnerability. (Microsoft offered a temporary fixit http://support.microsoft.com/kb/2501696 and continues to work on an official patch.)
But people who aren't making tabloid headlines may still fall victim to highly targeted attacks because of a data-sensitive job or even a high net worth. If a cybercriminal thinks there is an opportunity for financial gain by infiltrating your computer, there may be an attack with your name on it in the works.
Although attackers must exploit vulnerabilities in a browser, that's only half the equation -- the other half relies on people's innate, and therefore exploitable, curiosity to find out what others are saying about them online.
In preparation for an attack, a devious malware wielder first identifies his intended victims, perhaps by using a social networking site.
"The attack process, as with any targeted attack, starts with some form of reconnaissance: The attacker searches the business social networking site LinkedIn for executives at the targeted organization," Mickey Boodaeim, CEO of security software firm Trusteer, said in a blog post. "LinkedIn is the perfect tool for this: One can easily find victims by searching the company name and the role they are after."
Next, the attacker builds a webpage that can transfer malware into a computer during a visit using a vulnerable browser. The visitor doesn't have to download a file or take any other action; the malware will install itself onto the computer through a browser, often without a trace.
"Now, the attackers have a webpage that can be used to infect visitors with malware and the name of the victim whose computer they want to compromise," Boodaeim said. "But how do they get the victim to visit this page? With the help of Google ai and their own vanity ai of course."
The attacker adds the target's name to the malicious webpage and waits. And because of Google's comprehensive search engine combined with user egos, it probably won't be long.
Google regularly "reads and records" all websites to provide its search results. It also offers an automated service called Alerts to anyone with a Google account, so Google users can set up a search term tracker that monitor topics of interest, including themselves. When Google "sees" the target's name on the malicious site, it will generate an alert, just as Google would for a normal site. The alert is then sent as an e-mail notification to the target.
Who could resist? The target naturally clicks on the link. Once the page loads in the browser, it's game over: The malware is installed on the system and begins carrying out the attacker's assigned tasks.
Microsoft, Google, Chrome, Apple and others continuously monitor browser vulnerabilities and engineer patches, but it's always a race against cybercriminals, who continue to find new ways to breach computers. Your first line of defense is to keep your system and your browser up to date.
Meanwhile, browser security software programs can help you avert the types of attacks that involve nothing more than visiting a Web page. Most Internet security software suites include browser security features. Look for a package that includes a virtual browser that quarantines browser activity, creating a barrier between the browser and your computer's operating system.
Regardless of the security measures you choose to install, online security often comes down to you. If you're unfamiliar with a site or a Web address sounds suspicious, resist your vanity and pass it by.
Ogden-based TopTenREVIEWS.com guides consumers by comparing products in the world of technology, including electronics, software and Web services. Have a question for TopTenREVIEWS? E-mail Leslie Meredith at firstname.lastname@example.org.