|Frugal Café Site Search:|
How to Fight Botnets and Trojans: Cyber-crime Attacks Could Cost You Money, Your Identity, Computer Data, and Credit Card InformationBy Vicki McClure Davidson
We've all gotten them: offers to get rich quick, buy prescription medications (especially Viagra) for dirt-cheap prices, invitations to work from home to earn high wages, sultry offers to meet other singles, queries from obscure banks, announcements that you've won foreign lotteries, any number of courier parcel or income tax refund scams... the list of spam topics goes on and on.
There are so many junk e-mails that land in our electronic inboxes (or spam boxes) weekly, promising the moon in obscene profits or killer deals, but are actually delivering good old-fashioned rip-off or destruction to your computer. With the rise in economic instability and unemployment numbers growing, more cyber-crime is coming our way. And, just one attack on you or your computer can wipe out much of your precious frugal savings
One of the most notorious attacks, masquerading as a CNN News item about the fighting in Gaza, was launched via e-mail in January 2009. The fake news report's link was to a phishing site and its pop-up video featured a malicious trojan downloader. Breeches in security at Facebook.com and other online social networks have scammed untold amounts of money from friends of account holders.
It's a growing crime-ridden industry, believed to be 85 percent of all e-mails sent worldwide.
And the likelihood that you will be a victim of cyber-crime is undeniably high.
Botnets and Trojans: A Nightmare for Internet Users
What in the world are botnets?, you may be thinking. No, they aren't fictional B-rated outer space aliens in a 1950s sci-fi flick. Botnets are indeed real, and despite their semi-cute name, very dangerous and destructive.
They are a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software, but it can also refer to the network of computers using distributed computing software. They are becoming more insidious and difficult to block from infiltrating servers and PCs to corrupt or steal computer data. A botnet refers to a type of bot running on an IRC network that has been created with a trojan (also called Trojan horse).
In geek-speak, a trojan is a destructive program that masquerades as a friendly or harmless application. Remember the gigantic wooden horse during the Trojan War that had its belly secretly filled with Greek soldiers? The horse masqueraded as a peace offering from the Greeks, but it was definitely no gift. Not by a long shot. The giant horse was wheeled inside the city's huge protective walls, and in the dead of night while the Trojans slept, the Greeks sneaked out of the horse, brutally killing the Trojans and ultimately burning down the city of Troy. Same kind of thing here with these computer attacks.
Computer Trojan horses are not like viruses because they don't replicate themselves, but they are equally destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses, but instead, introduces viruses onto your computer (just like the Trojan horse being a peace gift, right?). When an infected computer is connected to the Internet, the bot can then start up an IRC client and connect to an IRC server. The trojan will also have been coded to make the bot join a certain chat room once it has connected. Multiple bots can then join in one channel and the person who has made them can now spam IRC chat rooms, launch huge numbers of Denial of Service attacks against the IRC servers, causing them to crash.
Night of the Zombie PCs
Botnets use "zombie PCs" (these are computers taken over by hackers and are used to distribute spam and malware) that form a botnet (like a collective) that is designed to bombard systems with spam and harmful malware. These attacks are becoming more sophisticated and are becoming more and more difficult for online companies and banks to block. On December 2, 2008, the cyber-criminals who breached the CheckFree bill paying service, one of the largest online bill processors in the US, used a combination attack that may be almost impossible to stop, say some computer experts.
One huge computer attack that is brewing, the resurgence of the McColo virus, will not only steal your passwords, compromise your personal data (like identity theft, stealing your banking account number and other private information), but to also embed itself and hide out on unsecured websites. These "gypsy viruses" will grab onto you and then infiltrate your system after just one website visit. McColo was was taken offline last fall, but is believed to be gearing up again, but this time will launch a meaner, more aggressive attack. McColo’s clients included cyber-criminal groups that ran some of the largest spam-generating and malware-spreading botnets in the world. McColo hosts the botnet command-and-control servers (Rustock, Srizbi, Pushdo/Cutwail, Ozdok/Mega-D and Gheg), as well as other systems that ran malware distribution points and criminal payment services.
One type of anticipated computer attack will be a blended threat, where links are embedded in e-mails. E-mails used in this kind of attack will look like a credit offering or a get-rich-quick scheme or a news item, according to Adam Swidler, who handles Google's business-to-business e-mail security offerings. He has predicted in interviews that more attacks will be launched to grow botnets and that there will soon be a sharp increase in Web-based attacks. Businesses have to make sure they focus on heightened security.
One of the most high profile victims of such password-stealing trojans was NASA's International Space Station. "In 2009, attackers will use more and more password-stealing trojans and these will be looking for e-mail account and Web site credentials," said Chenette.
It is anticipated that there will be an increase in SQL injection attacks and greater use of crafty, targeted phishing attacks. These targeted phishing attacks will provide attackers the necessary credentials to alter a Web site's content and redirect unsuspecting users of some of the largest, most reputable and most trusted Web sites to their own sites.
The problem is difficult to solve because it involves user education, according to Stephan Chenette, manager of security research at Web filtering solution provider Websense. During his interview, he firmly stated, "Our research shows users aren't patching their operating systems, browsers, or applications as quickly as they should," he explained. "There are multiple exploits out there which are over two years old and that are still highly successful.""
Not all e-mails have embedded viruses. Many are spam that are designed to look like legitimate sales or banking tools with links to a website to purchase various goods. However, it's all a heinous sham and scam. The real intent is to steal people's credit card numbers when they go to the site to place an order. After the day of delivery has passed (weeks later), people rarely report not receiving the so-called merchandise (it never existed) because they either don't know where the "vendor" is located, are too embarrassed to report it as an Internet rip-off crime (Viagra purchasers are good examples of people who won't report being scammed), or some simply forget about that order because the dollar amount was low. However, the ultimate cost to you could be staggering, well beyond the purchase price of the item you paid for but never received.
Protection of Your Identity and Computer Data
It is believed that many cyber-attacks may be originating from terrorists from overseas, testing affluent countries' data security systems before launching a large attack in the near future. Such an attack, if large enough, could negatively impact the US economy far worse than the loss of data experienced after the 9/11 attacks did in 2002.
Ira Winkler and the Chilling World of Spies, Hackers, and TerroristsAccording to Ira Winkler, author of the books Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day and Zen and the Art of Information Security (both books are recommended reading) the anticipated cyber-attacks will use similar strategy as was used during WWII by the Japanese. The bombing of Pearl Harbor crippled our military and made us vulnerable to attacks elsewhere. Botnets will use a similar high-tech attack inspired by Pearl Harbor, intended to steal from or cripple or weaken our business investments and national security. Winkler, a former intelligence analyst with the NSA, is President of the Internet Security Advisors Group. He was a columnist for ComputerWorld.com and was recently elected Vice President of the Information Systems Security Association. Winkler is considered one of the world's most influential security professionals, and has been nicknamed a "Modern Day James Bond" by the media.
Bio Page Summary: Ira Winkler states that Social Engineering has recently been listed as the most common threat to business. While people most commonly use the term to describe non-technical ways to circumvent computer security, he believes that Social Engineering is used much more widely than that, costing businesses even more than what they believe. Winkler received training in Human Elicitation from the Intelligence Community, and looks at Social Engineering as a world of science populated by computer hackers. According to Winkler, spies are unstoppable geniuses who can steal any information they want. You are at their mercy. Then there are the spy wannabes such as criminals, hackers, and even your employees, all with similar diabolical reputations. However, as good as spies are in stealing your information, they are as good as protecting their information. After all, people know who the spies are and target them back. While some spy cases hit the newspapers, they are rare when compared with all the people out to get them. The fact is that they know the underlying ways to compromise information, so they know best how to protect immense amounts of information. On a brighter note, his theory offers an extreme reversal in evaluation; if Social Engineering is indeed a science, it can be prevented, despite the supposed "expertise" of the perpetrators, whether they are supposed world-class hackers or foreign intelligence operatives. Winkler, in his books and lectures, presents his own cases of Social Engineering and Human Intelligence collection to show how he took over banks and compromised some of the largest companies in the world. In his books and lectures, he discusses in detail how to protect your business from social engineering, not just your computers.
Computer warfare and piracy, using the Web, is imminent. We need to be prepared to thwart these attacks. Awareness and prevention are imperative, because once the damage is done, recovery will be slow and painful; we never fully recover if it achieves the scale of destruction that is feared.
Protection Focus Needs to Shift to Web Exploits
How bad is it out there? One serious problem, according to experts, is that many desktop anti-virus vendors are still focusing on viruses and malware, and not so much on Web exploits, like cyber-attacks. Web exploits are more difficult to pinpoint, require newer training/software programming, and present a different focus than that of anti-virus programming. The challenge created by this askew focus can be turned around and met face on, but at present, it is one of the main reasons for our vulnerability. The bad guys are still winning, even with website security companies working feverishly to keep pace with the virus writers. Computer owners can protect their PCs from malicious content by regularly updating their anti-virus programs, browsers, and browser plugins.
Identity Theft: The Face Off with Facebook.com & Other Social Network Sites
Identity theft is on the rise using social network sites. Based off an old scam—the "Nigerian," or "419," ploy—criminals hack into other sites or use bogus e-mails to steal login passwords. Since most people use the same login password for many accounts (extremely unwise), these cyber-thieves, once they have a password, try it out on Facebook or another social network. In many cases, this works like a charm. Once they've entered the account, they will steal the account holder's identity, change entries on the network page (and change the login password so the true account holder can't get in to resolve or dispute it), then fabricate and post a dire financial problem, like being robbed or needing help to pay for an emergency operation. The posting begs for money be sent, as much as possible, as do the subsequent e-mails sent out to dozens of friends of the account holder's. The posting thanks them in advance for their help and the promise that all money will be repaid. These friends are prime for the picking, since their contact information is prominently listed on the networking account.
These Facebook scams were initially reported in November 2008. They're part of a new trend in the criminal computer underground. Rather than e-mailing millions of spam messages in the hopes of luring and trapping a fraction of targeted recipients, Web criminals are getting more personal in their attacks, using social networking sites and other databases to make their story lines much more believable. And they've been extremely successful.
One man who was targeted could not get Facebook to respond to his pleas to shut down his account until the damage was done: concerned friends who believed he had been robbed at gunpoint sent thousands of dollars to the thieves. It was a nightmare for him to close the account and warn his friends, since much of the functionality of his account had been changed or disabled. There have been many more reports of this kind of identity theft.
In situations like this (and they're becoming more prevalent), the social networks won't reimburse the victims of any lost money. Additionally, while they are trying to beef up their own security, it has not been successful in blocking all identity theft. They will also not disclose to the victimized account holders which friends were contacted without a court order.
Facebook's security team recommends use of an anti-phishing filter to weed out Facebook phish. Security members also recommend that users scrutinize the page each time they log on, to make sure they've landed on the authentic Facebook or other social network site. Some cyber-thieves have created professional-looking counterfeit (mirror) sites that look almost like the real thing. These fake sites are intended to collect passwords and usernames.
With this kind of scam (and others soon to pop up), no amount of software protection will prevent these crimes from happening, because no malware or trojans are used. Instead, crafty, convincing methods for stealing passwords and other login information are all that the cyber-thugs need.
In January 2009, CNN anchor Rick Sanchez was the victim of a hacking on Twitter.com, the popular microblogging service. A fake version of his main page, written by a hacker, bore the title: "i am high on cocaine right now not coming into work"( click here to read the CNET news account). While this was an easily resolved incident of malicious fun for a hacker, the potential for real damage to reputations, security, trade secrets, software, hardware, and more is obvious.
It's a Brave, New World
So, in the meantime, what can YOU do? Can you beat the odds and not become a victim in this ever-growing cesspool of Internet theft and destruction? In this "brave new world" of cyberspace connection, are there safety nets? Yes, you can better protect yourself by adhering to the following, but be aware that nothing is foolproof:
- Be fanatical and faithful about updating your firewall, security, and virus protection programs on your PC. Download and run free cleanser programs to purge/quarantine spyware and viruses, such as AdAware (which has a free version, as well as several advanced-level, low-cost versions, from its creators at LavaSource), Trend Micro's CWShredder, or Spybot Search and Destroy (also called Spybot-S&D) often. These programs are the most commonly used to safely and efficiently rid your computer of unwanted and malicious junk. And, they're free.
- Be extremely careful of the websites that you browse. Reputable website providers are slaving to keep their security defenses up to date to defeat the newest bots and viruses, but smaller websites may be on under-secured or unsecured sites; some have outdated protection (or have no protection at all). Porn sites and those "I made $10,000 in my first month with this business" sites are notorious for being lax about protecting their visitors from viruses and hitch-hiking malware programs.
- Don't buy things will-nilly over the Internet from unsolicited e-mails. Don't even open these e-mails. Better to be safe than sorry.
- Don't keep your private information on your PC's hard drive. It can be stolen in a blink of an eye.
- Find out what kind of data security programs are in place on your shopping website before you type in your credit card number or login password.
- Be suspicious of anyone—even friends—who ask for money. Verify their circumstances independently, preferably by direct telephone contact.
- Don't use the same password for all Web accounts, something many Web users do. Also, change your password several times a year. To quote computer expert and astronomer Cliff Stoll, "Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months." Stoll was instrumental in the capture of KGB spy and computer hacker Markus Hess in the 1980s.
- Because Facebook.com is so popular (more than 150 million users worldwide), criminals who manage to steal any user's password from another source will likely try it on Facebook.com to see if they can gain account access.
- Have more than one contact e-mail address for your social network account, should one become compromised.
- Back up all your important files on disks monthly or subscribe to a reliable automatic PC backup service, such as Carbonite, which is offering a free 15-day trial. If trojans or malware corrupt your PC's data (or if your hardware locks up or crashes), you will lose important financial records, family photographs, research data, and much more.
- Uploading private or sensitive information to a social network site is unwise and will some day come back to haunt you. Not only is your information now subject to being hacked or stolen, it can also be viewed by the entire world. Security devices blocking access except to designated friends have been proven to not always work. Thieves and hackers can easily change your account's settings.
- If you're a parent, educate your children (especially teenagers) and their friends about these dangers on the Web. In fact, sit with them to read this article and others available on the Internet.
- Be aware that mobile devices or lap top computers may have no protection at all, and if their contents are transferred or downloaded to another PC, the trojan or malware may also be transferred. Check out what security software are on these and update just as often as your home or work PC.
Be Smart about Your E-mailsHere is the single, most important, and simplest thing you can (and must) do to gird yourself and your computer from e-mail attacks or infestation: When in doubt, DELETE the e-mail. Don't open it, don't click it, don't look at it.
If something seems too good to be true and it came to you from a stranger via e-mail, well, yep, Sherlock, it IS too good to be true. Banks don't e-mail their customers asking for personal information; they already have it. PayPal and eBay don't e-mail asking for confirmation of an account that has been in use for ages. Use your head and don't open ANYTHING that has the slightest whiff of scam, sham, or spam.
With one or two hapless clicks, people are losing thousands of dollars or compromising and crippling their personal and operating data. Obviously, a lot of gullible people are opening these infected e-mails because the online scamming, identity stealing, and trojan downloading are becoming bigger problems with each passing year.
Word to the Wise: Instant messaging (IM) is also becoming a victim to dangerous spam and cellphones may be targeted for attack soon (if they haven't been already). No matter where you turn, anything associated with the Internet will be fair game to cyber-criminals.
Also, be aware that fake Flash player downloads have become a very effective method for hackers to spread malware. And don't kid yourself that it's just geeky teenage kids messing around with harmless hacking. This current and upcoming wave of attacks are beyond pranks, becoming an issue of national security. It's anticipated to be the beginning of attacks meant to cripple and ultimately destroy our nation's economy... using complicated botnets designed by cyber-thugs and terrorists.
Protection starts at home. Be extremely critical and cynical to safety guard your identity.
The potential loss of hundreds or thousands of dollars, for each PC owner in the world, is very real. And very scary.
8 of Our Favorite Freeware & Shareware Websites (You'll Like Them, Too)
Budget-Friendly Home Security Tips
Save Money by Paying Your Bills Online
Tremendously Useful Websites That Are Still Free to Access
Color Me Frugal: Hex Color Chart for Websites
Help Your Favorite Charity for Free: Search-Engine Clicking Earns Money for Charities
Free Government-Funded Language Course on the Internet: Online English Instruction Classes for Adults (but Only if You Speak Spanish)
AdAware website, (http://www.lavasoft.com/products/ad_aware_free.php).
Beck, Glenn, KTAR-FM, Phoenix, AZ, "Interview with Ira Winkler," radio show broadcast (syndicated), January 26, 2009.
Carbonite website, (http://www.carbonite.com/ads/rush/banner1.aspx?SourceTag=RushSite&cmpid=RA_Rush_1_Banner).
McCarthy, Caroline, CNET, "Oops! Twitter Hack Snares CNN Anchor, (http://news.cnet.com/8301-13577_3-10131251-36.html?subj=news&tag=2547-1_3-0-20&part=sphere), Janaury 5, 2009.
McMillan, Robert, CSO Security and Risk Data Protection website, CheckFree Warns 5 Million Customers After Hack, IDG News Service, San Francisco Bureau, (http://www.csoonline.com/article/474365/CheckFree_Warns_Million_Customers_After_Hack), Janaury 7, 2009.
MX Lab blog, "Spam Drops after McColo Corp Taken Offline," (http://blog.mxlab.be/2008/11/13/spam-drops-after-mccolo-corp-taken-offline/), November 13, 2008.
Raywood, Dan, SC Magazine for IT Security Professionals website, Fake CNN Gaza News Report Contains Trojan, (http://www.scmagazineuk.com/Fake-CNN-Gaza-news-report-contains-Trojan/article/123756/), January 9, 2009.
Rogers, Jack, SC Magazine for IT Security Professionals website, Storm Botnet Used to Mount Phishing Attacks on Banks, (http://www.scmagazineus.com/Storm-botnet-used-to-mount-phishing-attacks-on-banks/article/100506/), January 8, 2008.
Roiter, Neil, Senior Technology Editor, Information Security magazine, "2009 Spam Outlook: After McColo, Attackers Exploit Alternative Methods," (SearchSecurity.com), (http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1345186,00.html), January 16, 2008.
Sullivan, Bob, MSNBC website, Facebook ID Theft Targets 'Friends,' (http://redtape.msnbc.com/2009/01/post-1.html#posts), January 30, 2009.
Wilson, Tim, Dark Reading Security website, "New Trojan Attack Masquerades As CNN News Report on Gaza: Pop-up Offering Updated Video Codec Actually Installs Password-Stealing Trojan," (http://darkreading.com/security/attacks/showArticle.jhtml?articleID=212701441), January 8, 2009.
Wikipedia.org, "Botnets," (http://enwiki/Botnet).
Wikipedia.org, "Clifford Stoll," (http://en.wikipedia.org/wiki/Clifford_Stoll).
Winkler, Ira, Bio Page (http://www.aeispeakers.com/print.php?SpeakerID=1253).