March 18, 2010, 4:46 PM — It used to be e-mail spam, while annoying, wasn't that harmful. Things have changed. During the last day I received e-mails promising that they contained news about March Madness; Sandra Bullock's possibly misbehaving husband; and Michael Jackson's estate making a deal for a mint of money. Every last one of them contained a link to Windows malware.
I know this because, running a Linux system, I could safely visit these bogus Websites and watch Windows malware smack on my PC like bugs on a windshield. Most users though, if they'd clicked on through these links, could have ended up with one or more of the latest and greatest of Windows viruses.
I find this more than a little disturbing. Yes, good anti-virus protection will stop most of the attackers. But, by the very nature of these ever-evolving threats, anti-virus software is always playing catch-up. Sooner or later, even if you're religious about updating your anti-virus programs, something nasty is going to get through. If you're lucky it will be something that's easy to delete. If not, you may have to wipe your PC down to bare metal and reinstall everything.
But, that comes with using Windows. What's more disturbing is that these malware-bearing messages are getting to be timelier and better written. It used to be that malware e-mail was badly written junk. You'd never mistake them for a legitimate message. The three messages I mentioned though all looked like they could have been real ones. I'm about as paranoid as it comes in computer security, but the basketball one almost tricked me.
It's not just e-mail though. On my own blog, Practical Technology and several other IT sites where I have editor privileges I noticed a sudden flood of linking Web sites. I knew they were spam -- I mean, really a Web site about pet food wants to link to my story about Windows 7 disk mirroring software? I don't think so! As I started zapping these story responses, I started checking their links out on a Linux PC. Guess what? About one in five led to a site bearing Windows malware.
The moral of my story is that if you see a Web link in either your e-mail or in a comment section of a Web site and you think that it might be dodgy: Don't click on it. At best, you'll end up at a trash Web site. At worse, you're taken a chance on giving your PC a case of malware clap.