BEWARE of any program that calls itself Antivirus 2009. It will be like inviting the proverbial fox to guard the chickens.
This rogue anti-virus program, once installed, will flood your computer with fake infections. Already panicking, you are then told to purchase - using your credit card - software that will 'clean up' your computer.
Fall for that and you are another statistic in identity-theft scams.
This rogue program, which first surfaced a few months ago, is among similar new online threats that computer users have to be wary of now, on top of the usual spyware, malware and trojans.
The advice to never install such software is well-meaning, but what happens when you come across such an option on a reputable website?
It has happened. In July, Sony's PlayStation site was attacked by an SQL (Structured Query Language) 'injection' which redirected visitors to a site prompting them to download a fake virus scanner.
An SQL injection is an attack on the programming language by a malicious code. In this case, it redirected visitors to another website. In other instances, it could steal personal details from your computer.
Some PlayStation users were duped because they thought they were downloading genuine Sony software.
As with the perpetrators of Antivirus 2009, the scammers here hoped to entice users into paying for the product with their credit card.
In September, security software vendor Sophos reported that online publication BusinessWeek was hit by an SQL injection. Malware from a Russian Web server was touted on the affected pages.
While rogue threats have been around for a long time, there has been an increase in such activities this year.
'In the past two months, there has been an alarming surge of activity linked to these applications,' says Mr Derek Manky, a security researcher for network security firm, Fortinet.
'This aggressive tempo highlights a criminal organisation with a strong supply of resources at its fingertips, in terms of the digital underground and infrastructure.'
Another method used is online gaming trojans, which target online games to siphon account credentials so that the accounts or their virtual resources may be sold off.
Even browsers are being targeted.
According to Symantec, there were 88 vulnerabilities reported in Mozilla browsers, 22 in Safari, 18 in Internet Explorer, and 12 in Opera in the second half of 2007.
Symantec also listed 239 browser plug-in vulnerabilities in the last six months of 2007, an increase of 17 per cent. These would have allowed hackers to insert their own malicious code and mislead users into downloading rogue software or visit bogus websites.
Coupled with the rise in online phishing, or spoofing, it is no longer enough to just rely on anti-virus software alone for online security.
'The bottom line is, protect yourself against all possible threats, educate yourself about them and always run a good security suite that includes anti-virus, anti-spyware and worm protection,' says MrDavid Hall, the Asia-Pacific product manager of Symantec, the company behind the Norton brand of security products.
Another growing trend is the hosting of malware on social media - blogging sites and tools - leaving security products struggling to protect their users, for fear of blocking legitimate pages.
'With social media becoming part and parcel of our daily lives today, malware writers and hackers are increasingly using established websites like Blogspot and Geocities to host their malware because new pages are simple to set up without requiring identification,' says Mr Paul Duckin, head of technology for Asia Pacific at Sophos.
New products such as Norton 2009 and F-Secure Wellbeing 2009 offer an umbrella of features, including anti-virus and Internet Security.
The numbers justify their utility. Symantec's Internet Security Threats said in April that the second half of 2007 saw 499,811 new malicious code threats reported, which is a 136 per cent increase over the first half of 2007.
Of the top 10 categories of new malicious codes detected in the last six months of 2007, five were Trojans, two were worms and the rest were hybrids.
sherwinl@sph.com.sg
This story was first published in The Straits Times Digital Life on 5 November 2008.
