Avoid Viruses and Spyware: Careful Inspection to Avoid Infection
By James Morehead
Enter “virus and spyware” in a search engine and you’ll be pummeled with results – more than it is possible to absorb. Do this, don’t do that, install this, don’t install that. A single blog entry can’t capture every possible permutation of malware so instead I’ll describe two real attempts by Internet bad guys to infect my home PC and/or steal personal information. I thwarted both by being observant – and being observant is by far the best way to prevent a nasty virus or spyware infection. And before you think otherwise, neither of these examples is the result of visits to sites with, well, salacious content.
Real Example #1 – Phisher attempts to hook me (I got away)
What is phishing? Here’s Wikipedia’s take: “phishing is an attempt to criminally and fraudulently acquire sensitive information”. A nasty example arrived in my email inbox recently. Here’s the text verbatim (the only thing I’ve changed is my email address – to protect my privacy):
=== Actual phishing email ===
From: "Wachovia" <clientcareservice.id11790881id@wachovia.com>
To: "xxxxx" <xxxxx@comcast.net>
Subject: Wachovia Bank: please confirm your online banking account data -Fri, 25 Apr 2008 00:18:31 -0500
Date: Fri, 25 Apr 2008 04:18:37 +0000
Dear Wachovia Bank customer,
We would like to inform you that we are currently carrying out scheduled maintenance.
In order to guarantee the high level of security to our business customers, we require you to complete “Wachovia Commercial Online Form”.
Please complete Wachovia Commercial Online Form using the link below:
http://commercial.wachovia.com/Online/Financial/Business/Service[remainder of URL removed by me to prevent propagation]
This is auto-generated email, please do not respond to this email.
=======
This was an easy one for me to identify as bogus – I’m not a Wachovia customer. The phisher, however, likely sent out millions of emails like this in the hopes some subset of people will be Wachovia customers. The link – and this is the key part – looks like a link to Wachovia’s website but it isn’t. The actual link takes you to this website: “commercial.wachovia.com.dllstackontodir29.cn”. Note the “dllstackontodir29.cn” tacked on to the end – that’s the home of the bad guys, not Wachovia.
What you see on the screen rarely matches the actual link. This is not a bad thing for legitimate sites – the full website typically carries a lot of extra information that makes the website work but is meaningless to the consumer. The shortcut text (what you see on the screen) is just enough text to tell you what you are clicking on. Scammers like phishers, unfortunately, take advantage of this. Similarly, it appears the email came from wachovia.com – it didn’t.
Golden rule here – never believe an email like this – a legitimate business doesn’t take this route to communicate updates. Furthermore, if you aren’t sure go directly to the site and log into your account from there (rather than clicking a link in an email) – if there is something you need to do you’ll find out there. Finally, if you accidentally click a link you didn’t intend to, close your Internet browser.
Real Example #2 –Bogus spyware protection software that is actually spyware
What you’ll see now is a very common cause of spyware infections. In this case the trigger was a chat message sent to me via Skype. The chat message was from a user called “Software Update” and the text had all sorts of nasty warnings. Just like the last example, I could tell it was bogus right away – Skype is not an anti-virus / anti-spyware application so there is no way it would have detected or reported suspicious activity.
Scrolling down in the chat message there is a link to onlinemon.info (don’t visit this site!).
Visiting that link takes you to a website that looks like this and here is where the fun beings. This website creates an illusion that your system is being scanned via animation. Your PC isn’t being scanned – the hoax is designed to get you to press the “Remove All” button... which ends up installing spyware! These websites are very effective traps.
If you find yourself at a site like this the best thing to do now is close the Internet browser using the red “X” in the upper right hand corner..
When you do you’ll likely see a window trying to scare you into clicking “OK” – don’t. Just hit the “X” again and you should be ok.
Of course, the best outcome is to never click through emails or chat messages from people you don’t know (or suspicious emails from people you do know). And in general stay far away from sites with content that would embarrass your grandparents.
If you are concerned that you have fallen victim to any of the tricks and traps mentioned here give support.com a call and we’ll help you out. Virus and spyware infections are designed to be nasty – some create inconvenience, some damage your data permanently some even steal financial information. We hope these examples help you avoid the more common traps.
One final word of advice – make sure your children follow these same guidelines. Today’s kids are heavy Internet users and are perfect targets for Internet bad guys.
Digg this post!