Gumblar and ASProx - the stuff of nightmares

People often ask me why Web User writes about security news so much. Surely everyone is protected now, they say.

It's a sad fact that no matter how good your anti-malware protection and firewall software, you can still become a victim of cybercrime.

This is because security protection doesn't just require the right software, it also relies on you following the rules of safe surfing.

Never click on links in emails you don't know the source of and don't open attachments in emails unless you are certain of what you have been sent and by whom.

This is simple stuff, but in a world where links can be presented to us through many different media - take Twitter, for example - people can often forget the basics.

Twitter members among you will probably admit to clicking on a link posted by someone you didn't know - I'll hold my hands up to that one too. Fortunately, I didn't suffer as a result but if I had, it would have been nobody's fault but my own.

Dodgy links can also make their way into search results and this is particularly hard to protect against. Usually, though not always, the URL is a clue, but there are thousands of specially crafted web pages out there just waiting to infect unwary searchers.

And it isn't just the specially created sites hosting malware - many legitimate sites get hijacked. This week there's a perfect example in the shape of the Gumblar botnet.

Gumblar has infected thousands of websites - not big names, but small sites - and they are now hosting malware that can help a cybercriminal see what you're doing online. So, even when you visit sites you trust, your privacy can be compromised.

Read Mary Landesman of ScanSafe's take on Gumblar for more information.

ASProx is another threat to be aware of. It's a Trojan that's been spotted on websites in India and Thailand, as well as New Zealand, which exploits vulnerabilities in Adobe software programs and could let a hacker take control of your PC.

Trend Micro's Det Caraig provides further details, but you should definitely ensure that you have the most up-to-date version of Adobe's Reader installed on your PC. The easiest way to do this is to open the program and click on Check For Updates in the Help menu.

These two attacks show that cybercriminals are constantly changing their tactics, so to stay as safe as possible on the web, it pays to keep abreast of what's going on. Just because you have an all-in-one security suite installed and fully paid up, doesn't mean you're safe.