Internet Threat Protection Guide
Internet attacks have become a business. And as with any business, the product must be ever-changing in attempting to entice you. But where a slick legit ad campaign might sway you into buying a gadget you don't really need, these social engineering techniques try to trick you into infecting your computer with malware you surely don't want. Look through these images of some of the latest tricks from malware pushers and phishers so that you can keep your most important security tool--you--up-to-date. And if you receive any of these messages, be sure not to click any links in them or follow their instructions.

Targeted Attacks Grow
The latest wave of e-mail-borne attacks looks entirely genuine and even uses your real name. This example, a fake BBB message, was one of the first. Similar attacks continue in the form of supposed IRS audit warnings, false business invoices, and Microsoft vulnerability warnings.

Malicious Mimicry
It looks real, but instead of downloading the actual Malicious Software Removal Tool (which does exist), this fake Automatic Updates alert launched from a MySpace profile, leading victims to install rogue antispyware. It's a good example of why you must consider not only whether something looks right (as this does), but also whether it comes up at the appropriate time. 

Fake Security Alerts
The next step in this Automatic Updates attack used a common scare tactic to make victims think their system was infected. Be skeptical of supposed security warnings that don't come from your own security software.

Video Bait-and-Switch Attack
Spyware spreaders throng to this technique, which lures people in with a salacious-sounding movie and then tells them they need to download a new video codec to watch it. Of course, you don't get a video, you get a 'Zlob' malware infection.

Do You Agree to This Malware Infection?
The media codec attack even goes so far as to display a fake license agreement during installation. How's that for misdirection?

Camouflaged Phishing
To fool people who might be alert enough to look at the URL, phishers today often use faked site names that begin with a real domain name and then add what looks like site input but is actually the name of the attack site (in this case, logwjwgwwwqwkqwk.com). Antiphishing tools, including those built into IE 7 and Firefox 2, are becoming more adept at blocking such sites, but keep your eye out.