Dealing With Invaders: Bad Programs & Spam

Back to "The Basics"

Click on the hyperlinks below to jump instantly to the section of your choice.

  6. Teachers' Increasing Concern - Cheating
  7. Hate Sites
  8. Final Word

doctorDealing With Viruses / Trojans / Worms

These are programs that are designed to do damage to your computer.

  • Computer viruses act much like medical viruses do. They keep your computer’s resources busy doing counter-productive things at the expense of what it should be doing until the life of the whole computer could be compromised. virus cartoon
  • Trojans are called by this name because these are programs that appear to be doing something useful or desirable (like the Greek “gift” of a horse to ancient Troy); in reality it is doing bad things to your computer.
  • Worms spread without user intervention. They typically start by exploiting a software vulnerability (a flaw that allows the software's intended security policy to be violated), then once the victim computer has been infected, the worm will attempt to find and infect other computers. Similar to viruses, worms can spread via email, web sites, or network-based software. The automated self-propagation of worms distinguishes them from viruses.

To deal with these, you need to have an up-to-date anti-virus program installed on your machine, and you need to update it by downloading the latest DAT files that the company will send out (as often as every 2 or 3 days sometimes) to keep up with the constantly changing viruses out there.

If you wish to get the latest data about all things malicious on the Internet, go to WindowsSecrets.com and read the Windows Secrets Newsletter, which I highly recommend. Subscription is free, and it keeps you up to date about all things Windows and the Net.

There are a number of good, reliable commercial anti virus packages available. Most of them can be purchased on-line for a modest price. A few good brands are:
Trend Micro PC-Cillan or Norton Anti Virus or McAfee VirusScan.

Some virus software manufacturers actually make their software available free for personal use (on-line registration may be required). These are fully functional anti-virus software packages that have all the necessary features needed to protect your system from malicious code. Examples of free anti virus software that are known to be rock-solid performers are: Avira, AVG Anti Virus and Avast Software, along with ClamWin, and Comodo. Make certain that the software is configured to receive new virus definition updates (DAT Files) on a regular basis.

Disclaimer: I am not promoting these companies, or claiming that they guarantee you a virus-proof existence. There are other products that may prove just as helpful to you, if not more so.

It is very much like medical science trying to keep up with mutating viruses in the medical field. In both cases, not to do so is to eventually be overwhelmed by disease.

You can help prevent the spread of these nasties by reading below in "e-mail & spam".

If you want more details about the world of viruses, you can check out some real world examples from someone who teaches about this stuff here, at http://www.michaelhorowitz.com/bademails.html

Back to start

Hoaxes and Scams

Please be aware that much of the time, people are warned about viruses, or feel their machine has been infected, when, in reality, there is nothing wrong. These are hoaxes that people spread unwittingly (or deliberately). Hoaxes do as much to slow down the Internet as any virus ("Tell everyone on your mailing list that blah blah blah . . . ."). You can always check out whether or not the warning about the virus (or other rumors) are true by going to a site like http://www.snopes.com/snopes.asp or to http://www.scambusters.org/. Symantec keeps track of virus hoaxes at http://www.symantec.com/avcenter/hoax.html.

Also, be aware when you are offered "free" ringtones or other such goodies from the Net. Spywear often is packaged with the freebies. Just remember the old saying: nothing is really free - someone, somewhere, will be paying for it. Just don't let it be you.

Back to start

E-Mail and Spam

E-mail is a great boon to people, allowing them to keep in touch over great distances almost instantaneously. The down side of this is that there are people who will use this technology to spread not only viruses and worms, but “spam” as well.

Spam is unwanted junk mail, and just as you find that junk mail in your physical mailbox is a waste of your time and a waste of the post office’s resources, so it is that e-mail junk taxes the resources of computer systems all over the world. It is estimated that about 70% of all e-mail is spam of one sort or another.

How do they get your address to send you this stuff? And why does this stuff continue to grow when much of it (eg. “male enhancement”) can’t be appealing to all that many people . . . . can it?

One way your address is harvested is when you visit a site to use a “free” service. When you are invited to send free e-mail using pre made cards or animation, for example, you give away your e-mail address and at least one other's --- the recipient's. You can also give your address away by filling out information at web sites which may be sharing that information with other organizations.

stop spam banner

The only way people can try to avoid spam is to try to protect your e-mail address and private information in general. One should avoid clicking on ads that promise things too good to be true. Spam is so cheap to send, one paying customer covers the advertiser's cost for millions of emails. If we could just get everyone to ignore it, and not buy anything from the spammers, it really would go away. As soon as it is not profitable, it will cease to exist.

Remember:

  • You DO NOT wish to receive information about cheap home mortgage loans.
  • You DO NOT wish to receive information about transferring your life savings to exiled former Nigerian royalty. You would sign on to this racket only because your greed outweighed common sense.
  • You DO NOT want to give your credit card number to a total stranger without knowing something about that person..

Among spammers there's trends and fads, and I'm not getting so many offers toCoalition Against Unsolicited Commercial Email enlarge my body parts these days, but I am getting more and more offers for cheap software - especially Microsoft Office and Symantec products. Even if you did get something in the mail for your money, it's certain to be an illegal copy. More likely your money would disappear into someone's pockets, never to be seen again.

You could be pro-active and join an organization like the Coalition Against Unsolicited Commercial Email as well. Just click on their logo to go to their web page.

About 60% of all spam is now sent via zombie-infected machines, according to Spamhaus.org, a respected antispam service. Besides using their bot networks to send spam, spammers last year started directing their zombie armies to flood and disable the servers used by antispam groups.

What are "zombie" machines? In early 2003 spammers, crackers and virus writers joined forces to launch the first known spam virus, W32.SoBig.E, a Trojan designed to infect computers worldwide to create an arsenal of proxies/zombies through which spammers could send billions of spams anonymously. I know . . . it's scary out there.

If you want more details about the world of spam, you can check out some real world examples from someone who teaches about this stuff here, at http://www.michaelhorowitz.com/bademails.html

There is lots of spam going around with funny subjects like "Mike Tyson to Fight Michael Jackson" or "Afghanistan to be 51st US State", or other equally absurd lines designed to hook unwary recipients into clicking the URL in the spam. Unfortunately, the results of following that link are not at all funny. The victim's computer can be infected with a Trojan horse, it will become part of a spam, malware and DDoS (denial of service) botnet (jargon for a collection of software robots), and all the user's personal data may be compromised.

Back to start

Adware & Spyware

These programs often will change your homepage, deluge you with constant pop-ups and new Explorer windows, monitor your on-line spending habits, and transmit that information to a second party. These programs might also drastically slow down the speed of your computer.keyboard with an extra key

Both adware and spyware programs are often installed by the computer user when he or she downloads free programs or shareware. These downloads often specify in their license agreements that the adware or spyware programs are included in the download and when the user agrees to the license agreement, they accept these programs. Most people don't actually read these agreement because they can be very long and in legalese. The reason these companies do this is because the SpyWare developers pay for every installation of the SpyWare onto a users computer.

Do yourself a favor and avoid downloading programs from Claria (formerly Gator, which said in the summer of 2006 it was leaving the adware business) and DoubleClick, which are well known as providers of spyware. File sharing (aka "P2P", or "peer to peer") programs that may give you trouble are Grokster and Kazaa. Download managers that are infected with spyware or adware include Download Accelerator Plus, Gozilla, and NetAnts.

What, you thought that the music that you downloaded was really free?

Other forms of adware and spyware are downloaded if you click on the pop-up dialog boxes that so often appear while you're on-line. In surveys, 74% of users whose PCs are running adware from Claria (formerly Gator) said they had no knowledge of it being installed.

So, how do you get rid of these invaders? Manual removal of them is difficult: most adware hides itself very well. Even if you delete the program you think contained the adware, there's no guarantee that you have deleted the adware or spyware program. So, you need to fight these programs with another program. Many of the reputable, anti-virus program manufacturers are beginning to include adware and spyware scanning into their software. You could contact your anti-virus program's technical help and ask them for assistance. There are also third-party programs available that specifically detect and remove spyware, such as Ad-aware, or Spybot, Search and Destroy, both of which can be downloaded for free, and are excellent programs. More recently, SpywearBlaster and Microsoft's own Defender, both also free, have impressed many people. It is a good idea to install more than one of these programs; what one doesn't get of the malware, the others just might. Spamfighter has been tested by Consumer Reports and has been found to be effective against spam as well.

Of course, there are scam artists who are prepared to take advantage of people's insecurity over this. Many computer users are understandably fearful of online threats and click OK to cleanup offers, without first questioning the source of the "alert." This is one more thing to guard against on the Web. Go to this site to see a comprehensive (and growing) list of websites & programs pushing bogus or dangerous programs that people are being frightened into loading onto their machines. In many cases, rogue programs actually install browser home-page hijackers and open a back door to install other software.

Some legitimate security companies also offer online scans to detect malware on PCs. Although these companies mean well, any remote scan is subject to false positives. In other words, the scan might detect something on a PC and incorrectly label it malware.

Disclaimer: I am not promoting these companies, or saying they are better than others in getting rid of spyware. I've used these programs, and have found them effective, but there are others that might suit you better, or work just as well.

Many women have been abused by their intimate partners; such abuse is often preceded by stalking, which is increasingly taking electronic form. Activities can be monitored by spyware known as a key logger, which records a victim's keystrocks and sends images of the computer's screen to whoever installed the spywear. Such software is easy to find.

Back to start

Phishing / BASIC RULES of Internet Life:

  • Never, never never, never open an attachment (a file that comes with an e-mail) if you aren't expecting one.
    If someone sends you an attachment, ask them if they did send it before opening it. This is one of the basic tricks used to send people spam, spyware, or viruses. Viruses often come in a message that appears to be from someone you know, with an innocuous subject line like "test" or "error." Your friend's address may have been captured by a spammer, and s/he did not send the mail.
  • Do not respond to spam mail asking to be taken off their mailing list.
    The provided link to "take me off the mailing list" is usually just a ploy to confirm that your mailing address actually works. When you reply, you are targeted even more.
  • Never, never, never, never respond to an e-mail that claims to be from Microsoft, or your bank which in any way asks you for any kind of private information. This is never legitimate. Real banks will contact you in some other way. These kinds of e-mails are examples of a "phishing" scam (identity theft) designed to get information about your bank accounts. And don't be impressed if the URL (Uniform Resource Locator, or the web address) of the bank, or its logo, appears in the mail. These are being "spoofed" all the time by people who wish to appear legitimate, but are not. It's hard to tell legitimate messages from banks and other institutions from these fakes. The links they give look correct and use all sorts of tricks to fool you. Phishing attacks are growing at an alarming rate.

frustrated person killing her computerSee an example here of a phishing scam that was sent to me Nov.28, 2004. It is in PDF form (just to make sure you don't actually use the links provided). Just click the back button on your browser to return here. Looks pretty real, doesn't it? All the links work as they should except the one they want you to use, which went to a site that looks like E-Bay, but was actually at "kyunginart.co.kr" which is somewhere in South Korea. The only obvious clue that might tip you off is the slight mis-use of English in the first sentence, where it says "This email is a reminder that your eBay account information suspended" without the verb.

The following is part of a warning posted (as of Sept.,2006) at E-Bay:

Warning Signs of a Spoof Email

A. Sender's Email Address
Spoof email may include a forged email address in the "From" line - Some may actually be real email addresses that have been forged. (From: billing@ebay.com; From: eBayAcctMaintenance@eBay.com; From: support@ebay.com).
B. Email Greeting
Many spoof emails will begin with a general greeting such as "Welcome eBay User."
C. Urgency
Spoof emails may claim that eBay is updating its files or accounts. Don't worry, it is highly unlikely that eBay will lose your account information.
D. Account Status Threat
Most spoof emails try to deceive you with the threat that your account is in jeopardy and you will not be able to buy or sell on eBay if you do not update it immediately.
E. Links in an Email
While many emails have links included, just remember that these links can be forged too.
F. Requests Personal Information
Requests that you enter sensitive personal information such as a User ID, password or bank account number by clicking on a link or completing a form within the email are a clear indicator of a spoof email.

Please note that Microsoft itself has posted a very detailed warning (and example) about this kind of scam here,

Pharming, a new and special kind of scam in which a trusted website is faked, is discussed here. "Spear phishing" targets e-mail addresses stolen from a company or organization with a spoofed message purporting to be from "human resources" or a collegue.

You don’t have to be stupid to get caught.

So what do you do?

If you do get a message from your bank or other company that looks legitimate, DON’T follow the links given in the email message. Go to the web site yourself using you own favorites or hand-typed links. The same information or details that are in the email message should be on the web site you navigate to.
If there’s no mention of the offer or problem at the site you go to then contact the bank directly to see if it’s a legitimate message or a scam.

According to an article in the March, 2005 issue of PC World, even this method of avoiding bad links has been beaten by spammers because they can run a tiny Javascript applet when you open the e-mail that modifies a file so that when you type in your bank's web address, you still go to to a site controlled by the fraudsters.

  • Keep Your Machine "Patched".
    Every so often, computer distributors will come up with improvements to their operating system which helps your machine avoid some of the crud on the Net. You need to keep up with these "patches" for the good of your machine and anyone else with whom you correspond.
    Windows update window

Assuming you have a Windows machine, you select "Windows Update" using Internet Explorer every once in a while to have Microsoft check to see if you are in need of what they call a "critical update". If you are in need, they will tell you, and you need to download it and install it.

Do NOT click on a pop up ad - especially one that says your computer is "insecure". You could be transported to a spywear site or, worse, have malware automatically downlo9aded to your computer.

Back to start

Cheating

Please note the promo below:

Cheat site on the Net

'Nuf said.

Although teachers counter these "services" with tools of their own, unless teachers closely monitor what their students are producing step-by-step, the determination of what constitutes a student's own work can become increasingly difficult.

Back to start

Hate Sites

Right now, there are over eight thousand websites, portals, chat groups, games, and message board pstings that raise red flags for experts in online hate and terrorism. These numbers are growing every day.

You can report a hate posting by writing to iReport@weisenthal.com, and letting your appropriate government representatives know how you feel about the posting(s).

Back to start

Final Word

If you want to enjoy the benefits of computer technology without making the effort to use it responsibly, people are going to get really upset with you.

Running an unprotected PC (personal computer) is a form of negligence analogous to driving a car with bad brakes. You're going to get yourself into trouble, and also make things worse for everyone around you.

Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and must regard computer security as a necessary social responsibility.

Back to "The Basics"