(Reuters) – While the big news is about hacks into the CIA’s and Senate’s public websites, Citigroup and Lockheed Martin, tens of thousands of people are victimized by cyber criminals each year, sometimes with devastating effect.

The FBI, which has a special Internet fraud center, received more than 25,000 complaints a month last year from people who were defrauded over the Internet by fake companies which offered to sell goods that never arrived, by people whose identities were stolen and by victims scammed by someone who claimed to be an FBI agent.

Victims lost hundreds of millions of dollars, according to the FBI’s Internet fraud report for 2010.

The conventional view of hackers as pimply faced, isolated young men out to harmlessly joyride some big company’s servers is out of date, despite the presence of groups such as Anonymous and Lulz Security, which strike for fun and political reasons.

The more worrisome hackers are crime rings in Asia and Eastern Europe or elsewhere beyond the easy reach of the law, where hackers may use a wireless connection in a Russian library to avoid detection.

These are the individuals who steal personal information, like names, addresses, dates of birth and email addresses. They then sell that information to thieves in Internet chat rooms. Those thieves often round out what they know about victims from Facebook pages — maybe a birthplace from a Facebook quiz — or other social media.

Maybe they’ll send a phishing email, pretending to know the victims. Or maybe they’ll send them something they might like because they have found out, for example, that they have a Sony PlayStation and were born in 1943.

But that game download for a grandchild could include key-logging software that secretly tells thieves what victims type. Perhaps they’ll use that to find out which banks they use, and their user names and passwords.

Some advice:

_ Limit information on Facebook and other social media. “Citizens need to start recognizing the value of their own personal data and not put out any data that isn’t necessary,” said U.S. Representative Jim Langevin, a co-founder of the Congressional Cyber Security Caucus.

_ Have solid Internet computer security software and update it monthly. Word to the wise: porn sites are notoriously loaded with viruses.

“Don’t click on links in spam messages and be extra suspicious of messages that piggyback on recent hot news items or events such as holidays,” says Joris Evers, a spokesman for McAfee Inc.

_ Some security experts advise against clicking in links in any email, no matter what the source.

_ Use strong passwords, which means a password that is long and has a mix of letters, numbers and symbols. A strong password is especially important for financial transactions.

Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said he does frequent sweeps of his computer using different security software.

“I do not use computers that my children use for my financial transactions,” said Lewis. “I change passwords and user names very frequently, not that that’s perfect.”

There are efforts to combat spam and phishing attacks.

Many Internet service providers identify and stop spam — estimated to be 90 percent of Internet traffic — before it reaches an inbox. But they only get a percentage.

Comcast, a major Internet service provider, reaches out to customers who have been contacted by potential criminals to warn them, said Jay Opperman, Comcast’s senior director of security and privacy.

“Our customers are very happy with the fact that we’re proactive,” he said. “Overwhelmingly, they’re like ‘Wow, I didn’t know. Thanks for letting me know.’”

June 24, 2011 8:00 AM PDT

by Seth Rosenblatt

Read more: http://news.cnet.com/8301-1009_3-20073682-83/how-avg-keeps-your-computer-safe/#ixzz1QD3Ec0yAAVG’s virus lab is centered in Brno, Czech Republic.

(Credit: Seth Rosenblatt/CNET)

The city of Brno in the Czech Republic is a place people go to learn. Situated some 130 miles southeast of Prague, its 11 universities host approximately 80,000 students, many of whom are computer engineers. So it’s no surprise that while AVG’s corporate offices are headquartered back in Prague, Brno hosts the lifeblood of the company: the virus lab.

Although consumer computer security has grown tremendously in the past five years–with nearly all the major security suite makers including some form of community-based protection, URL verification, or phishing prevention to accompany more traditional tools like firewalls and antispam measures–antivirus detection remains the quintessential PC security feature.

AVG’s Brno office is located in an complex that also hosts computer security vendorTrustPort, as well as a home appliance manufacturer. In most ways, the AVG offices on the sixth floor could be the offices of any software company. There’s a game room with foosball and table hockey; a small library with muted lighting; a playroom for the children of AVG employees; and relaxation spaces designed to resemble places not often seen in the heart of central Europe, like beaches festooned with hammocks. The walls of one of the eating areas has been painted to resemble a Starbucks, complete with a massive Starbucks logo.

Two floors down, the only indications that you’ve arrived at the virus lab are the raft of warnings plastered to the door. Yellow caution tape and printed flyers emblazoned with the biohazard icon make the lab stand out from the rest of the conference rooms and offices. Of course, computer viruses have yet to actually pose a threat to your biological health, but the point is clear: The lab is restricted. Omezený, in Czech.

Inside, security analysts sit in high-backed chairs at Dell computers running Windows 7, and except for what’s being displayed on their screens, the scene again returns to one of abject normality. The work that they’re doing, however, is of paramount importance to your computer’s security.

Karel Obluk, AVG’s Chief Scientist, said that people tend to underestimate the speed at which threats appear and disappear. “There’s more to do than calculate checksums,” he said. Also known as a hash sum, a checksum is a number generated by running a file through a tool designed to create checksums. The number is fixed, and changes if any of the data inside the file changes. A virus that alters a file will alter its checksum, so many antivirus programs today will generate checksums for every file on your hard drive, and then whitelist them unless it detects a change.

Obluk added that there are more than 40,000 new viruses a day. “We do keep up, but not by processing each and individual sample.” AVG’s automation takes over here, leaving about 50 samples per day per researcher. The company employs 25 analysts in Brno, and has five in China dedicated specifically to malware originating from there.

And make no mistake, the threat to your computer isn’t really about disrupting you or your life. The bad guys just want your CPU and bandwidth to make money. “A typical botnet can generate $11,000 per day, on less than 10,000 computers,” said Obluk. The business of being a bad guy is so lucrative, he added, that malware writers have taken out ads in online forums not just for engineers, but for user interface designers, office managers, and accountants.

AVG’s chief scientist, Karel Obluk. ‘The cyber criminals go for profit; it could equally be the whole economy or one country’s profit. When there were several spearheaded, targeted attacks against Boeing infrastructure, was that industrial espionage or cyber warfare?’

(Credit: Seth Rosenblatt/CNET)

How the good guys stop the malware
The short version of how malware gets stopped from infecting your computer is quite simple, according to Pavel Krcma, the head of AVG’s virus lab. First, the virus sample gets collected. It comes either via a user submission, is picked up by AVG’s protection algorithm, or is shared from another virus labs. Whereas on the business and marketing side the security software industry can be brutal, the analysts and other members of the research and protection side communicate regularly, Krcma said.

Once the sample is in the lab, the next step is create a checksum signature for the sample. This then gets checked against the existing database of checksums to ensure that its not actually a legitimate file, known as a false positive.

Assuming it is malicious, the next step is a bit “like undressing the virus,” said Jirí Bracek, AVG’s director of Security Engineering. The easiest way to see whether a file contains malicious code is to create an entropy map of it, he said, but because the files are almost always encrypted they have to rely on an emulator.

“We put it in a 64-bit Windows emulator, and we have a script emulator. Mostly malware scripts are obfuscated, and it’s the obfuscation that prevents us from using hashes or regular expressions, so we use the emulator to reveal it,” he explained. Citing proprietary information, however, Bracek wouldn’t reveal precisely

how the emulator works.

Inside the file’s binary code there are three sections: A .text section for executable code, the part that sends instructions to the processor; the .data contains file data; and the .rsrc, which contains icons and other resources. “We can see healthy code in the binary because healthy code has uniform lengths of jumps, they are organized,” said Bracek. “Malware code sometimes has code in different sections, such as .reloc or .rsrc. Malware also has code with chaotic jumps.”

Once a file has been positively identified as a threat, the researcher generates a checksum for it and updates the database. The update then goes out to AVG’s more than 110 million active users.

All told, from the point that AVG receives a suspected new threat to the point where the malware is blocked and that data is pushed out to AVG users around the world, the process takes about five minutes, said Krcma. The analysts are quite adept at what they do, he added. “It takes about one minute per piece of malware.”

AVG wouldn’t let us show you screenshots of precisely how they take down a virus, but here’s the threat map that their analysts see.

(Credit: Seth Rosenblatt/CNET)

Not all threats can be detected using entropy maps. For example, rogue antivirus programs, also known as fake antiviruses, can’t be detected using entropy maps, because those kinds of threats behave normally. The recent MacDefender attack was a rogue antivirus. Bracek explained that for rogue antiviruses, AVG instead looks at the user interface characteristics, since those are more likely to stand out.

Where the threats come from
“About 10 percent of attacks are coming from USB sticks,” said Obluk, which leaves the Internet for the lion’s share. But what does that mean? AVG’s researchers are seeing a mixed bag of social engineering, rogue antiviruses, and traditional viruses and botnets.

Premium SMS is also a problem, and Obluk cited an AVG study that found that 8 percent of about 2,200 sampled U.S.-based smartphone users said premium SMS scams had happened to them. A premium SMS scam is where a rogue process gets your phone to send a text message to a number that charges for the receipt of the message. Premium SMS has been used to help donate money to victims of natural disasters and to relief organizations, but instead of a $10 donation, the premium SMS scammers use smaller denominations to avoid detection, Obluk said, because a $1 variance in your phone bill tends not to stand out to people the way a larger charge would.

Another big problem on smartphones, he said, is URL spoofing, because a phone’s smaller browser makes it harder to read the location bar.

But Obluk cautioned that socially engineered threats–the threats that con people into giving up sensitive data–are the hardest to prevent and the hardest to inculcate against. “Mac and Linux and Windows are generally secure. It’s usually the user that’s the weakest link.”