Visalia Direct: Virtual Valley
February 4, 2013 Deadline
March 2013 Issue
Infection Prevention: Phishing, Trojans, Viruses and Malware
Shock. Horror. Anger.
Informing a small business owner that her computer had 4912 infected files, four rootkit viruses and a phishing redirect affecting her Web browser, I witnessed a range of emotions that understandably concluded with anger.
A simple mistake led to a panicked early morning phone call to me.
“I clicked on a link I thought was to a YouTube video. The message was from a friend, I thought,” my client explained. “And now, I can’t get anything done. Am I going to lose all my data?”
Her situation demonstrates a chain of events that is all too common. Tracing the events will help others avoid this same experience.
The series of events began when a friend of my client accidentally give away her e-mail password to an evil “phishing” bot. This was not a skilled hacking effort, but a simple ruse. Phishing requires bait. Criminals register Web domains that are close to those of popular Web destinations. Type an incorrect address and you end up at a phishing site. Some fake e-mails also link to phishing sites.
A phishing site appears identical to the authentic, trusted site. As more browsers hide the full addresses of sites, it is easy to assume you are viewing the real site. You enter your user name and password as you usually would, giving these valuable bits of information to the criminals.
Instantly, software uses the information you have mistakenly given away to access your online address book and any files stored online. If you use Google Apps or Microsoft Live for work, being phished has catastrophic results. People use Google for spreadsheets, business reports, contact lists, calendars and more. A simple typing mistake leads to serious trouble.
Stealing information after phishing for passwords is called “harvesting” data. After my client’s friend had an account harvested, the criminals then had software send e-mails to all the contacts in her address book. These e-mails seemed legitimate, with a paragraph about a YouTube video and a link that seemed to connect to YouTube.
My client, who enjoys funny pet videos as much as I do, clicked the link. This led to a “Trojan horse.” A Trojan appears to be a useful application, but it is actually a simple form of malware. In this case, the Trojan claimed to be an update to Adobe Flash, a common plug-in for multimedia content. A video played and she assumed all was well. Yet, what really was happening was a distraction. As she watched the video my client’s computer was being infected.
The fake Flash update installed at least two viruses: a rootkit and a replicating worm. Together, a rootkit and a worm can do a lot of damage. Criminals use rootkits to turn computers into “zombies.” Hackers use zombie computers remotely to cause other trouble. For example, it is common to use zombies to launch attacks on the computer networks of major companies or governments. You can use your computer remotely, and so can a hacker.
The phishing redirect was part of the complex attack on my client’s system. A redirect means that when you type one Web address, you are “redirected” to another. No matter how many times my client tried to access her favorite search engines, she was taken to a “hijack” site.
Hijackers make money by registering as “affiliates” with legitimate online retailers and search engines. The results you receive from a hijacked site might be genuine, and the hijacker receives income from the ad links displayed. Companies like Google and Amazon do all they can to stop hijackers, but it is a never-ending battle.
Poor security practices contributed to the infections. No matter which operating system you use, which mail program and which browser, there are always risks. There are some precautions that you can and should take.
If you use Windows, you should have an anti-virus suite installed. A suite should scan mail, block malicious Web pages and scan files as they are opened or downloaded from the Internet. Not all security software is equal, either. Visit AV Comparatives (av-comparatives.org) or AV Test (av-test.org) for independent test results before installing a security suite.
The best security suites, according to independent tests, are Bitdefender Total Security and Kaspersky Universal Security. Both suites are available for Windows and OS X. Unfortunately, some popular suites are ineffective. Last year, Trend Micro requested that independent labs and reviewers stop testing their software and publishing the results. As expected, various independent tests found that Trend’s suite failed to detect, prevent and remove many common viruses.
While I have never had a virus on an Apple computer with OS X, I recall the frequent attacks targeting earlier Macintosh operating systems. Though I’ve never had a Mac infected, I scan files shared with other people because I don’t want to pass along an infection. I’ve removed macro viruses from many files received from my students and colleagues.
Most browsers include anti-phishing tools. Google’s Chrome browser alerts you to possible address errors. If you type “Aamozon” or “Amzon” in the address bar, Chrome asks if you meant to type “Amazon.” Apple’s Safari offers a preference to “Warn when visiting a fraudulent site.” That’s simply another description for phishing sites: fraudulent. Internet Explorer offers similar features.
I advise clients to avoid Flash, Java, Acrobat and other browser plug-ins if possible. If you are asked to install anything when you visit a site, click “No” or “Cancel” and leave the site. Don’t trust links to photos, videos or other content. Be cautious, especially if you start receiving e-mails that are oddly worded and try too hard to get you to click a link.
As for my client’s worry about her data, there were some challenges. While she had copies of her data, the backup drives were also infected. If a virus isn’t stopped immediately, you end up archiving the infection. I needed three different anti-virus tools to repair the files, a process that took several hours. A good security suite would have stopped the Trojan. A secure browser would have prevented her visit to a fake YouTube page.
People imagine hacking and phishing require extreme skill. In reality, criminals rely on people making simple mistakes. If you install a security suite, check your browser options and don’t trust requests to install software, you can reduce the risk of infection significantly.
February 4, 2013 Deadline
March 2013 Issue
Infection Prevention: Phishing, Trojans, Viruses and Malware
Shock. Horror. Anger.
Informing a small business owner that her computer had 4912 infected files, four rootkit viruses and a phishing redirect affecting her Web browser, I witnessed a range of emotions that understandably concluded with anger.
A simple mistake led to a panicked early morning phone call to me.
“I clicked on a link I thought was to a YouTube video. The message was from a friend, I thought,” my client explained. “And now, I can’t get anything done. Am I going to lose all my data?”
Her situation demonstrates a chain of events that is all too common. Tracing the events will help others avoid this same experience.
The series of events began when a friend of my client accidentally give away her e-mail password to an evil “phishing” bot. This was not a skilled hacking effort, but a simple ruse. Phishing requires bait. Criminals register Web domains that are close to those of popular Web destinations. Type an incorrect address and you end up at a phishing site. Some fake e-mails also link to phishing sites.
A phishing site appears identical to the authentic, trusted site. As more browsers hide the full addresses of sites, it is easy to assume you are viewing the real site. You enter your user name and password as you usually would, giving these valuable bits of information to the criminals.
Instantly, software uses the information you have mistakenly given away to access your online address book and any files stored online. If you use Google Apps or Microsoft Live for work, being phished has catastrophic results. People use Google for spreadsheets, business reports, contact lists, calendars and more. A simple typing mistake leads to serious trouble.
Stealing information after phishing for passwords is called “harvesting” data. After my client’s friend had an account harvested, the criminals then had software send e-mails to all the contacts in her address book. These e-mails seemed legitimate, with a paragraph about a YouTube video and a link that seemed to connect to YouTube.
My client, who enjoys funny pet videos as much as I do, clicked the link. This led to a “Trojan horse.” A Trojan appears to be a useful application, but it is actually a simple form of malware. In this case, the Trojan claimed to be an update to Adobe Flash, a common plug-in for multimedia content. A video played and she assumed all was well. Yet, what really was happening was a distraction. As she watched the video my client’s computer was being infected.
The fake Flash update installed at least two viruses: a rootkit and a replicating worm. Together, a rootkit and a worm can do a lot of damage. Criminals use rootkits to turn computers into “zombies.” Hackers use zombie computers remotely to cause other trouble. For example, it is common to use zombies to launch attacks on the computer networks of major companies or governments. You can use your computer remotely, and so can a hacker.
The phishing redirect was part of the complex attack on my client’s system. A redirect means that when you type one Web address, you are “redirected” to another. No matter how many times my client tried to access her favorite search engines, she was taken to a “hijack” site.
Hijackers make money by registering as “affiliates” with legitimate online retailers and search engines. The results you receive from a hijacked site might be genuine, and the hijacker receives income from the ad links displayed. Companies like Google and Amazon do all they can to stop hijackers, but it is a never-ending battle.
Poor security practices contributed to the infections. No matter which operating system you use, which mail program and which browser, there are always risks. There are some precautions that you can and should take.
If you use Windows, you should have an anti-virus suite installed. A suite should scan mail, block malicious Web pages and scan files as they are opened or downloaded from the Internet. Not all security software is equal, either. Visit AV Comparatives (av-comparatives.org) or AV Test (av-test.org) for independent test results before installing a security suite.
The best security suites, according to independent tests, are Bitdefender Total Security and Kaspersky Universal Security. Both suites are available for Windows and OS X. Unfortunately, some popular suites are ineffective. Last year, Trend Micro requested that independent labs and reviewers stop testing their software and publishing the results. As expected, various independent tests found that Trend’s suite failed to detect, prevent and remove many common viruses.
While I have never had a virus on an Apple computer with OS X, I recall the frequent attacks targeting earlier Macintosh operating systems. Though I’ve never had a Mac infected, I scan files shared with other people because I don’t want to pass along an infection. I’ve removed macro viruses from many files received from my students and colleagues.
Most browsers include anti-phishing tools. Google’s Chrome browser alerts you to possible address errors. If you type “Aamozon” or “Amzon” in the address bar, Chrome asks if you meant to type “Amazon.” Apple’s Safari offers a preference to “Warn when visiting a fraudulent site.” That’s simply another description for phishing sites: fraudulent. Internet Explorer offers similar features.
I advise clients to avoid Flash, Java, Acrobat and other browser plug-ins if possible. If you are asked to install anything when you visit a site, click “No” or “Cancel” and leave the site. Don’t trust links to photos, videos or other content. Be cautious, especially if you start receiving e-mails that are oddly worded and try too hard to get you to click a link.
As for my client’s worry about her data, there were some challenges. While she had copies of her data, the backup drives were also infected. If a virus isn’t stopped immediately, you end up archiving the infection. I needed three different anti-virus tools to repair the files, a process that took several hours. A good security suite would have stopped the Trojan. A secure browser would have prevented her visit to a fake YouTube page.
People imagine hacking and phishing require extreme skill. In reality, criminals rely on people making simple mistakes. If you install a security suite, check your browser options and don’t trust requests to install software, you can reduce the risk of infection significantly.
Comments
Post a Comment