Skip to main content

Infection Prevention: Phishing, Trojans, Viruses and Malware

Visalia Direct: Virtual Valley
February 4, 2013 Deadline
March 2013 Issue

Infection Prevention: Phishing, Trojans, Viruses and Malware

Shock. Horror. Anger.

Informing a small business owner that her computer had 4912 infected files, four rootkit viruses and a phishing redirect affecting her Web browser, I witnessed a range of emotions that understandably concluded with anger.

A simple mistake led to a panicked early morning phone call to me.

“I clicked on a link I thought was to a YouTube video. The message was from a friend, I thought,” my client explained. “And now, I can’t get anything done. Am I going to lose all my data?”

Her situation demonstrates a chain of events that is all too common. Tracing the events will help others avoid this same experience.

The series of events began when a friend of my client accidentally give away her e-mail password to an evil “phishing” bot. This was not a skilled hacking effort, but a simple ruse. Phishing requires bait. Criminals register Web domains that are close to those of popular Web destinations. Type an incorrect address and you end up at a phishing site. Some fake e-mails also link to phishing sites.

A phishing site appears identical to the authentic, trusted site. As more browsers hide the full addresses of sites, it is easy to assume you are viewing the real site. You enter your user name and password as you usually would, giving these valuable bits of information to the criminals.

Instantly, software uses the information you have mistakenly given away to access your online address book and any files stored online. If you use Google Apps or Microsoft Live for work, being phished has catastrophic results. People use Google for spreadsheets, business reports, contact lists, calendars and more. A simple typing mistake leads to serious trouble.

Stealing information after phishing for passwords is called “harvesting” data. After my client’s friend had an account harvested, the criminals then had software send e-mails to all the contacts in her address book. These e-mails seemed legitimate, with a paragraph about a YouTube video and a link that seemed to connect to YouTube.

My client, who enjoys funny pet videos as much as I do, clicked the link. This led to a “Trojan horse.” A Trojan appears to be a useful application, but it is actually a simple form of malware. In this case, the Trojan claimed to be an update to Adobe Flash, a common plug-in for multimedia content. A video played and she assumed all was well. Yet, what really was happening was a distraction. As she watched the video my client’s computer was being infected.

The fake Flash update installed at least two viruses: a rootkit and a replicating worm. Together, a rootkit and a worm can do a lot of damage. Criminals use rootkits to turn computers into “zombies.” Hackers use zombie computers remotely to cause other trouble. For example, it is common to use zombies to launch attacks on the computer networks of major companies or governments. You can use your computer remotely, and so can a hacker.

The phishing redirect was part of the complex attack on my client’s system. A redirect means that when you type one Web address, you are “redirected” to another. No matter how many times my client tried to access her favorite search engines, she was taken to a “hijack” site.

Hijackers make money by registering as “affiliates” with legitimate online retailers and search engines. The results you receive from a hijacked site might be genuine, and the hijacker receives income from the ad links displayed. Companies like Google and Amazon do all they can to stop hijackers, but it is a never-ending battle.

Poor security practices contributed to the infections. No matter which operating system you use, which mail program and which browser, there are always risks. There are some precautions that you can and should take.

If you use Windows, you should have an anti-virus suite installed. A suite should scan mail, block malicious Web pages and scan files as they are opened or downloaded from the Internet. Not all security software is equal, either. Visit AV Comparatives (av-comparatives.org) or AV Test (av-test.org) for independent test results before installing a security suite.

The best security suites, according to independent tests, are Bitdefender Total Security and Kaspersky Universal Security. Both suites are available for Windows and OS X. Unfortunately, some popular suites are ineffective. Last year, Trend Micro requested that independent labs and reviewers stop testing their software and publishing the results. As expected, various independent tests found that Trend’s suite failed to detect, prevent and remove many common viruses.

While I have never had a virus on an Apple computer with OS X, I recall the frequent attacks targeting earlier Macintosh operating systems. Though I’ve never had a Mac infected, I scan files shared with other people because I don’t want to pass along an infection. I’ve removed macro viruses from many files received from my students and colleagues.

Most browsers include anti-phishing tools. Google’s Chrome browser alerts you to possible address errors. If you type “Aamozon” or “Amzon” in the address bar, Chrome asks if you meant to type “Amazon.” Apple’s Safari offers a preference to “Warn when visiting a fraudulent site.” That’s simply another description for phishing sites: fraudulent. Internet Explorer offers similar features.

I advise clients to avoid Flash, Java, Acrobat and other browser plug-ins if possible. If you are asked to install anything when you visit a site, click “No” or “Cancel” and leave the site. Don’t trust links to photos, videos or other content. Be cautious, especially if you start receiving e-mails that are oddly worded and try too hard to get you to click a link.

As for my client’s worry about her data, there were some challenges. While she had copies of her data, the backup drives were also infected. If a virus isn’t stopped immediately, you end up archiving the infection. I needed three different anti-virus tools to repair the files, a process that took several hours. A good security suite would have stopped the Trojan. A secure browser would have prevented her visit to a fake YouTube page.

People imagine hacking and phishing require extreme skill. In reality, criminals rely on people making simple mistakes. If you install a security suite, check your browser options and don’t trust requests to install software, you can reduce the risk of infection significantly.

Comments

Popular posts from this blog

What I Studied in Graduate School

Lower case ‘a’ from Adobe Caslon Pro, superposed onto some guides. (Photo credit: Wikipedia) Asked to summarize my research projects...

Curiously, beyond the theses and dissertation, all my work is in economics of media and narrative. I ask what works and why when offering stories to audiences. What connects with an audience and can we model what audiences want from narratives? (Yes, you can model data on narratives and what "sells" and what wins awards and what nobody wants.)

Yet, my degree research projects all relate to design of writing spaces, as knowing what works is also key to knowing what could be "sold" to users.

MA: How poor LMS UI/UX design creates online spaces that hinder the writing process and teacher mentoring of students.

Also: The cost of LMS design and compliance with legal mandates for usability.

Ph.D: The experiences of special needs students in online settings, from commercial spaces to games to learning spaces and which spaces are best desig…

Comic Sans Is (Generally) Lousy: Letters and Reading Challenges

Specimen of the typeface Comic Sans. (Photo credit: Wikipedia) Personally, I support everyone being able to type and read in whatever typefaces individuals prefer. If you like Comic Sans, then change the font while you type or read online content. If you like Helvetica, use that.

The digital world is not print. You can change typefaces. You can change their sizes. You can change colors. There is no reason to argue over what you use to type or to read as long as I can use typefaces that I like.

Now, as a design researcher? I'll tell you that type matters a lot to both the biological act of reading and the psychological act of constructing meaning. Statistically, there are "better" and "worse" type for conveying messages. There are also typefaces that are more legible and more readable. Sometimes, legibility does not help readability, either, as a type with overly distinct letters (legibility) can hinder word shapes and decoding (readability).

One of the co…

MarsEdit and Blogging

MarsEdit (Photo credit: Wikipedia) Mailing posts to blogs, a practice I adopted in 2005, allows a blogger like me to store copies of draft posts within email. If Blogger, WordPress, or the blogging platform of the moment crashes or for some other reason eats my posts, at least I have the original drafts of most entries. I find having such a nicely organized archive convenient — much easier than remembering to archive posts from Blogger or WordPress to my computer.

With this post, I am testing MarsEdit from Red Sweater Software based on recent reviews, including an overview on 9to5Mac.

Composing posts an email offers a fast way to prepare draft blogs, but the email does not always work well if you want to include basic formatting, images, and links to online resources. Submitting to Blogger via Apple Mail often produced complex HTML with unnecessary font and paragraph formatting styles. Problems with rich text led me to convert blog entries to plaintext in Apple Mail and then format th…