Skip to main content

Infection Prevention: Phishing, Trojans, Viruses and Malware

Visalia Direct: Virtual Valley
February 4, 2013 Deadline
March 2013 Issue

Infection Prevention: Phishing, Trojans, Viruses and Malware

Shock. Horror. Anger.

Informing a small business owner that her computer had 4912 infected files, four rootkit viruses and a phishing redirect affecting her Web browser, I witnessed a range of emotions that understandably concluded with anger.

A simple mistake led to a panicked early morning phone call to me.

“I clicked on a link I thought was to a YouTube video. The message was from a friend, I thought,” my client explained. “And now, I can’t get anything done. Am I going to lose all my data?”

Her situation demonstrates a chain of events that is all too common. Tracing the events will help others avoid this same experience.

The series of events began when a friend of my client accidentally give away her e-mail password to an evil “phishing” bot. This was not a skilled hacking effort, but a simple ruse. Phishing requires bait. Criminals register Web domains that are close to those of popular Web destinations. Type an incorrect address and you end up at a phishing site. Some fake e-mails also link to phishing sites.

A phishing site appears identical to the authentic, trusted site. As more browsers hide the full addresses of sites, it is easy to assume you are viewing the real site. You enter your user name and password as you usually would, giving these valuable bits of information to the criminals.

Instantly, software uses the information you have mistakenly given away to access your online address book and any files stored online. If you use Google Apps or Microsoft Live for work, being phished has catastrophic results. People use Google for spreadsheets, business reports, contact lists, calendars and more. A simple typing mistake leads to serious trouble.

Stealing information after phishing for passwords is called “harvesting” data. After my client’s friend had an account harvested, the criminals then had software send e-mails to all the contacts in her address book. These e-mails seemed legitimate, with a paragraph about a YouTube video and a link that seemed to connect to YouTube.

My client, who enjoys funny pet videos as much as I do, clicked the link. This led to a “Trojan horse.” A Trojan appears to be a useful application, but it is actually a simple form of malware. In this case, the Trojan claimed to be an update to Adobe Flash, a common plug-in for multimedia content. A video played and she assumed all was well. Yet, what really was happening was a distraction. As she watched the video my client’s computer was being infected.

The fake Flash update installed at least two viruses: a rootkit and a replicating worm. Together, a rootkit and a worm can do a lot of damage. Criminals use rootkits to turn computers into “zombies.” Hackers use zombie computers remotely to cause other trouble. For example, it is common to use zombies to launch attacks on the computer networks of major companies or governments. You can use your computer remotely, and so can a hacker.

The phishing redirect was part of the complex attack on my client’s system. A redirect means that when you type one Web address, you are “redirected” to another. No matter how many times my client tried to access her favorite search engines, she was taken to a “hijack” site.

Hijackers make money by registering as “affiliates” with legitimate online retailers and search engines. The results you receive from a hijacked site might be genuine, and the hijacker receives income from the ad links displayed. Companies like Google and Amazon do all they can to stop hijackers, but it is a never-ending battle.

Poor security practices contributed to the infections. No matter which operating system you use, which mail program and which browser, there are always risks. There are some precautions that you can and should take.

If you use Windows, you should have an anti-virus suite installed. A suite should scan mail, block malicious Web pages and scan files as they are opened or downloaded from the Internet. Not all security software is equal, either. Visit AV Comparatives ( or AV Test ( for independent test results before installing a security suite.

The best security suites, according to independent tests, are Bitdefender Total Security and Kaspersky Universal Security. Both suites are available for Windows and OS X. Unfortunately, some popular suites are ineffective. Last year, Trend Micro requested that independent labs and reviewers stop testing their software and publishing the results. As expected, various independent tests found that Trend’s suite failed to detect, prevent and remove many common viruses.

While I have never had a virus on an Apple computer with OS X, I recall the frequent attacks targeting earlier Macintosh operating systems. Though I’ve never had a Mac infected, I scan files shared with other people because I don’t want to pass along an infection. I’ve removed macro viruses from many files received from my students and colleagues.

Most browsers include anti-phishing tools. Google’s Chrome browser alerts you to possible address errors. If you type “Aamozon” or “Amzon” in the address bar, Chrome asks if you meant to type “Amazon.” Apple’s Safari offers a preference to “Warn when visiting a fraudulent site.” That’s simply another description for phishing sites: fraudulent. Internet Explorer offers similar features.

I advise clients to avoid Flash, Java, Acrobat and other browser plug-ins if possible. If you are asked to install anything when you visit a site, click “No” or “Cancel” and leave the site. Don’t trust links to photos, videos or other content. Be cautious, especially if you start receiving e-mails that are oddly worded and try too hard to get you to click a link.

As for my client’s worry about her data, there were some challenges. While she had copies of her data, the backup drives were also infected. If a virus isn’t stopped immediately, you end up archiving the infection. I needed three different anti-virus tools to repair the files, a process that took several hours. A good security suite would have stopped the Trojan. A secure browser would have prevented her visit to a fake YouTube page.

People imagine hacking and phishing require extreme skill. In reality, criminals rely on people making simple mistakes. If you install a security suite, check your browser options and don’t trust requests to install software, you can reduce the risk of infection significantly.


Popular posts from this blog

Slowly Rebooting in 286 Mode

The lumbar radiculopathy, which sounds too much like "ridiculously" for me, hasn't faded completely. My left leg still cramps, tingles, and hurts with sharp pains. My mind remains cloudy, too, even as I stop taking painkillers for the back pain and a recent surgery.

Efforts to reboot and get back on track intellectually, physically, and emotionally are off to a slow, grinding start. It reminds me of an old 80286 PC, the infamously confused Intel CPU that wasn't sure what it was meant to be. And this was before the "SX" fiascos, which wedded 32-bit CPU cores with 16-bit connections. The 80286 was supposed to be able to multitask, but design flaws resulted in a first-generation that was useless to operating system vendors.

My back, my knees, my ankles are each making noises like those old computers.

If I haven't already lost you as a reader, the basic problem is that my mind cannot focus on one task for long without exhaustion and multitasking seems…

MarsEdit and Blogging

MarsEdit (Photo credit: Wikipedia) Mailing posts to blogs, a practice I adopted in 2005, allows a blogger like me to store copies of draft posts within email. If Blogger, WordPress, or the blogging platform of the moment crashes or for some other reason eats my posts, at least I have the original drafts of most entries. I find having such a nicely organized archive convenient — much easier than remembering to archive posts from Blogger or WordPress to my computer.

With this post, I am testing MarsEdit from Red Sweater Software based on recent reviews, including an overview on 9to5Mac.

Composing posts an email offers a fast way to prepare draft blogs, but the email does not always work well if you want to include basic formatting, images, and links to online resources. Submitting to Blogger via Apple Mail often produced complex HTML with unnecessary font and paragraph formatting styles. Problems with rich text led me to convert blog entries to plaintext in Apple Mail and then format th…

Screenwriting Applications

Screenplay sample, showing dialogue and action descriptions. "O.S."=off screen. Written in Final Draft. (Photo credit: Wikipedia) A lot of students and aspiring writers ask me if you "must" use Final Draft or Screenwriter to write a screenplay. No. Absolutely not, unless you are working on a production. In which case, they own or your earn enough for Final Draft or Screenwriter and whatever budget/scheduling apps the production team uses.

I have to say, after trying WriterDuet I would use it in a heartbeat for a small production company and definitely for any non-profit, educational projects. No question. The only reason not to use it is that you must have the exclusive rights to a script... and I don't have those in my work.

WriterDuet is probably best free or low-cost option I have tested. It is very interesting. Blows away Celtx. The Pro version with off-line editing is cheaper than Final Draft or Screenwriter.

The Pro edition is a standalone, offline versio…