Security firm AVG recently discovered a data-stealing botnet, which they quickly named Mumba, that they say has managed to compromise more than 55,000 computers around the world and pilfer a gold mine of personal data including bank account and credit card numbers.

Mumba was created and controlled by a cyber criminal gang that call themselves Avalanche, and are well-known to authorities. But that still doesn’t make them any easier to catch. This gang has been playing a cat and mouse game with authorities and security professionals, as they constantly look for clever ways to steal data, hide it, and cover their tracks.

What’s most disturbing about sophisticated attacks like this is that they usually rely on people like you not doing enough to protect your little corner of cyberspace as well as you could. Many of these attacks rely on exploiting either computers that are not as well protected as they should be, or mistakes and behavior by users who are just not paying attention.

So I thought it might be useful to point out some of the simplest and most exploited weaknesses that could be exposing you and your computer to the next Mumba.

For example:

• Not properly securing your computer. Might sound a bit obvious, but there’s more to protecting your computer than simply installing antivirus software and then forgetting about it. You need to constantly think about the security on your computer, add as many layers of security as possible (virus and spyware protection, firewall, data encryption, etc.), and set that software to update itself constantly.

• Not securing your behavior. Many exploits take advantage of either the occasional mistakes by users, or constant bad habits. One of the worst habits is simply visiting web sites that you’re not familiar with and don’t really need to visit anyway. Many sites can contain infected pages or links waiting to install malware on your computer.

• Not patching your computer. Much of the malware in circulation focuses on finding computers that still have an unplugged vulnerability or security hole that the user failed to patch. This is not a perfect science and many security holes are exploited before even the good guys know about them. But you still need to pay attention to alerts and updates and make sure your computer has the latest security fixes as soon as they become available.

Lessons learned?

• Do everything you can to protect your computer so that it doesn’t end up working for a gang of cyber crooks at the other side of the world.

• Avoid storing your most sensitive information on your computer, especially bank and credit card information, Social Security and IRS documentation, and passwords.

RELATED STORY: Mumba botnet shows the sophistication of criminal gangs

http://thompson.blog.avg.com/2010/08/todays-battle-with-cyber-criminals-is-a-bit-like-the-old-fashioned-cops-and-robbers-stories-of-years-agothe-police-were-cons.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+avgblogs_rogerthompson+%28AVG+Blogs+|+Roger+Thompson%29

Related posts:

1. IN THE HEADLINES: Rite Aid Fined for Dumping Your Data