Rossander’s Security Reader

A few months ago, we started seeing a new trend where the hacker seeds the internet with websites which will trigger a fake Microsoft alert. When you open the website, you also get a pop-up box which looks just like an authentic Windows pop-up and tells you that you need to update the software on your computer. The security guys are always saying that you should keep your computer fully patched so many people click the link, thinking that they are protecting their computer. According to Tad Heppner of McAfee Labs, clicking on the box prompts an executable window requesting users to install the updates but actually leads to "a true malware cocktail."

Spoofing of the Microsoft Malicious Software Removal Tool (MSRT) is particularly common but all the Microsoft updates have been spoofed in one form or another.

In one recent case, the spoof was triggered by infected ‘friend’ requests on MySpace. Users triggered the trap when they went to check on the profile of the person trying to befriend them. If you are a MySpace or Facebook user, beware of friend requests from people you don’t know and be cautious when surfing other people’s profiles.

If you get a request to update software on your work computer, ignore it unless you also received an email from your IT department explaining the update. If you receive the pop-up on your home computer, go to your Control Panel and look for the Security Center. Once there, initiate the check for updates yourself rather than trusting the pop-up. Never click a pop-up that shows up on your computer unexpectedly.

Have you ever seen a "free" offer to scan your computer for security vulnerabilities? The most common one that I get is a pop-up ad that reads "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below." It looks like a great idea. You’re offering to test my machine for free so I know what, if anything, needs fixing. Doctors, mechanics, even the lawn guy offers that kind of free screening as a legitimate way to build a relationship with new customers.

Unfortunately, most if not all of these computer scanning offers are scams. They are rogue programs that will always report something that needs to be fixed or cleaned whether the flaw is real or not. They are designed to scare you into believing that there is something terribly wrong with your computer that only their software can fix.

Examples that attack Windows computers include SpySheriff, WinFixer, IEDefender and Cleanator. Interestingly, Mac users ran into this problem for the first time in January with a product called MacSweeper. MacSweeper is so “thorough” that it even finds flaws when it’s run against a PC – flaws that can only exist on a Mac.

Most of these are simple attempts to con you out of money or credit card numbers. Some are more malicious and will load spyware onto the computer or even disable your existing antivirus programs.

Never run software from unknown sources. If you do suspect that your computer may be vulnerable, use your own anti-virus and anti-spyware software. Don’t trust that “free” offer.

Note: The word “scareware” also includes more harmless pranks such as the program that pops up and says “Erase everything on hard drive?” with two buttons labeled “OK” and “OK”. (Nothing is actually deleted in this prank.) Just ignore those pranks.

A few more popup examples:

At some point, all of us have received a "helpful" message from a co-worker or family member warning us about the latest internet virus. Unfortunately, the overwhelming majority of these messages are hoaxes – scare alerts started by malicious people and then passed on by well-intentioned users who think they are helping by spreading the warning. The message itself is the virus, and it depends on your goodwill (and gullibility) to spread.

Do not forward hoax messages. Some hoax messages carry malicious instructions about how to delete certain "corrupt" files – files that actually are not only safe but even necessary to your computer. In others, the hacker offers a convenient link or tool to "check your computer and remove the virus" or "improve your performance". Instead of downloading an anti-virus tool, you’re actually loading the malicious software itself.

Even "innocent" messages with no direct malware attached have caused the e-mail systems at some companies to collapse when hundreds of users forwarded a false alert to everybody in their address book.

If you receive an alarm email about a virus from anyone except your own IT department, just delete it, especially if the message includes any "special" instructions. (The instruction to run your own anti-virus program is probably safe but I’d never trust someone else to tell me to load a piece of software.)

If you suspect that the message might be legitimate, forward it to your IT department and let them determine if a wider announcement is appropriate. You can also check at f-secure.com for a good list of known virus alarm hoaxes.

Spyware is Internet jargon for advertising-supported software. This type of software often automatically installs itself on your computer without your knowledge in order to collect your personal information and provide it to a website or advertiser. Spyware is hidden in the background and keeps track of your web browsing, what information you enter into forms and even the configuration of your hardware and software. The company receiving this information may use it directly or, more likely, will sell this information about you. Based on this information, you may begin to see incessant pop-up ads, giving the false impression that the Web page being viewed is responsible for the constant annoyances.

Spyware usually is usually hidden in or behind an application that you want to use (such as a music player). When you install the software, the spyware application also installs itself.

In addition to the annoyances of increased spam and advertising, the spyware application ties up valuable computing power and can eventually make it run slower. It can create conflicts with other software on your machine causing programs to lock up or causing your machine to crash. It can even be abused by hackers to steal your password or to take control of your computer.

If you load software from the Internet, read the license agreement carefully. Some companies actually disclose that they will install an application on to your computer and may allow you the option to "opt-out". For example, RealJukebox has the ability to track how you used the program including the number of recorded songs on the computer, the format that songs are recorded in, the user’s musical preferences, the quality level of the recordings, and the type of portable player connected to the computer.

You can use specialized software to find and disable spyware applications and to protect your computer. Two of the better-known free-ware applications are SpyBot Search and Destroy and Ad-Aware. Whatever anti-spyware solution you pick, be sure to keep it updated and run it regularly.

Be sure to read all "End User License Agreements" very carefully and make sure you understand what is actually going to be installed on your home computer.

Every so often, people ask me "why do they do it?" Why do the hackers put so much time and energy into committing crimes and sending spam? Why can’t they channel all that innovation for good?

The stereotypical hacker used to be a pimply-faced, pizza-eating kid working late at night in a caffeine-induced frenzy for guts, glory and bragging rights – kids breaking into systems just to prove that they could or writing computer viruses to delete hard drives for the cheap thrill of vandalism. There are still some of those folks out there but the vast majority of hackers and spammers are now in it for the money. They are organized, well-educated and they’re making big bucks.

According to McAfee CEO David DeWalt, cybercrime has become a $105 billion business and is now larger than the value of the illegal drug trade worldwide. Unfortunately, computer crimes are relatively safe crimes. Hackers hide behind multiple networks and their digital footprints. Many hackers run at least part of their scam through a foreign country – often one with poor relations with the US, significantly increasing the difficulty in prosecuting any case against the criminal. Law enforcement’s ability to find, prosecute and punish cybercriminals has not kept up with the growth of the criminal activity. And even if you do get caught, DeWalt noted that “If you rob a 7-11 you’ll get a much harsher punishment than if you stole millions online.”

And even if the hacker can’t make any money off you directly (by stealing your personal information or using your computer as a point-of-entry into the corporate system), they can still hijack your computer’s processing power to attack other systems. The hacker sees your computer as an asset.

Take spam as another example. If we all stopped buying, the spam problem would dry up in a matter of months. Yet 98% of all message traffic on the Internet is now spam. Who buys that junk? According to a study from several years ago, a spammer only needs to make one sale or con per 100,000 messages in order to make a profit. With those odds, they don’t even have to be good scams. They just have to find the one gullible person among your 100,000 closest friends.

• Keep your personal computer protected at all times with anti-virus, anti-spyware and firewall – and keep them all current. Keep your computer patched at all times.
• Pick strong passwords and never give them out to anyone no matter how good their story is.
• Be alert for phishing scams.
• Never buy anything from a spammer.