November 17, 2009
In the last few weeks there has been a many fold increase in the number of serious malware infections. This latest increase is worrisome as the effects have been particularly malevolent.
Here are the worst of the worst:
There is a phony email that claims to be from UPS. It claims to have information for you about a missed delivery. It has an attachment that you are instructed to run if you wish to see more information about the missed delivery. If you run the attachment, the software will infect your PC. One frequent result of this infection is that it turns your PC into a spambot.
What is a “spambot”? Short version: It’s hard for spammers to send millions of emails a day. They will get blocked by Web monitoring services. So they write software that, when installed on your computer will use your computer to send spam for them. Aside from the obvious, this is bad because your Internet Service Provider will notice that you are suddenly sending lots of spam. Its automatic systems will then assume that you are a spammer and will block you from Internet Access. Worse, web monitoring services will notice that you are sending lots of spam and they will list you as a spammer. Then spam filters from all over the world will block your legitimate emails. It can take several days to clear this up.
There are also a few malwares that begin by showing you a pop up that says that your PC has been infected and that you should click on their link to download their software so that it can “fix” the problem. When this happens, close your open documents and email and shut off your PC using the power button on your PC. The damage done from the improper shut down will very likely be much easier to fix than the damage caused if you click on the malware’s popup.
To make matters worse, these malwares will typically download and install many additional virus and spyware. These additional downloads range from annoying to dreadfully bad. Some are just activity monitors that report on your browsing patterns, worse are the keyloggers that attempt to collect personal and financial information.
The very worse are a rare version that download porn into your temporary internet folders. It seems that this is done for no reason at all as far as I can divine. However, the ramifications for a PC at work is that the PC’s user could be fired based on inappropriate use of the Internet because it would appear as if they had been downloading porn. According to the AP there has been at least one case where, due to the nature of the porn, criminal charges where filed against the PC’s user. These charges where dismissed after 11 months, and some jail time, partly due to the time stamp on all of the photographs showing the exact same time.
During regular browsing, the time stamps for the files in the cache are slightly different as the pictures are downloaded a few at a time one after the other and not in batches of hundreds nearly simultaneously.
What can you do?
- Install and keep current antivirus and antispyware tools.
- When possible, give the end user minimal security rights to their desktop. For example, do not give them the right to install software. Do this because when malware tries to install it will have the same rights to the PC as the current user. Yes, you will need to log in as an Administrator every time you wish to install software. (Running installs as administrator on restricted accounts does not always work).
- Windows 7 has some excellent new security features that will warn the user of some suspicious web sites or some suspicious or unauthorized software installs
- Do not go to sites off the beaten path.
- Do not go to random sites when searching for news about current events. For example do not Google “election results”. Instead go to Newsday.com or cnn.com and search for election results there.
- Do not install any toolbars, especially the ones that will help you shop or add smileys to your emails.
- Do not run or download any attachment in email unless they are from a known user from whom you are expecting an attachment.
Sergeant Phil Esterhaus: “Hey, let's be careful out there.”