Thanks guys for all the useful tips. I thought I had everything covered as I have virus software, firewalls and I never open any e-mail that I don't recognise and my virus software has an e-mail scanner.
I got e-mail confirmation this morning that they resolved both cases and reversed the charges which is great, I also called them to make sure everything was ok. They have kept the limitations on my account as they have to leave it for seven days for the payments to fully complete but as soon as they lift them I will be closing the account and won't be using them again.
I am now paranoid and have changed all my passwords on everything that uses one and also deleted the e-mail account and ran my virus scanner to make sure there isn't anything on my computer.
Virus Scanners are not 100% protection. Far from it. Anti-Virus software work through the use of signatures, which are a compilation of known malware to look for. It is very possible to create malware that no anti-virus solution recognizes. Never the less, ensure you always keep your virus scanner up to date.
Today criminals have powerful suites called exploit kits. One popular one is called the Blackhole exploit kit. Criminals license the software and rent a server. The Blackhole exploit kit allows them to easily create exploit code and also provides them the means to distributing the exploits. Because the exploit code is written dynamically and also uses custom encryption algorithms and obfuscation techniques, anti-virus solutions, more often than not, are useless.
Generally criminals will use the Blackhole exploit kit to seed (covertly insert) a malicious web page on a legitimate web site. Upon visiting the malicious page, a hidden iFrame is launched which scans your host to find vulnerabilities. When it detects known vulnerabilities, it will silently drop malware onto the host in order to exploit those vulnerabilities. Some of these exploits can be severe, such as giving the criminal complete control of your host, elevating their privileges, capturing keystrokes etc...
In order for exploits to work, there has to be a vulnerability. Vulnerabilities are software holes in software such as Adobe Flash, Adobe Reader, Microsoft Office, Windows O/S, Java etc... Your #1 defense is to ensure you are always running the latest and greatest version of any software running on your host. This will limit the number of publicly disclosed vulnerabilities that can be exploited on your host. Microsoft has come a long way in improving the security of their products. Every month they release a suite of patches. It is highly recommended to always update as soon as possible. Today Adobe are one of the worst when it comes to security. Ensure you are always up to date on their products.
Java is now a favorite among criminals to exploit. Ask yourself if you even need Java. If you have websites where Java is required, activate it for one browser and disable it for another. Do most of your browsing with the browser that has Java disabled. If you come accross a website where you need java, you can use that other browser for those circumstances. also ensure Java is always up to date.
When vulnerabilities are discovered, they eventually become publicly disclosed. Once that is the case, every exploit kit and vulnerability scanner are updated with the exploit code.
Another tip I highly recommend is to change the default password of the administrator account on your O/S. By default there is no password. Most people never realize to change this. Criminals know this and it makes it all to easy, if they can secure a remote connection to your host, they can log in as administrator and obtain complete control of your host. A difficult password here can save some headaches.
