Paul Doherty :: Spyware and Internet News

Spyware Information

(This page is no longer updated. See my blog for more recent postings

November 2007

BRUCE SCHNEIER, a respected expert on computer security, warned back in April about the Storm worm, and his doom-laden tone was picked up by the mainstream press. I still get a number of anxious calls about Storm, but have in fact seen little evidence of its spread since February this year. All the mainstream vendors now detect it sucessfully (although variants of it will no doubt continue to be released) and I don't at the moment see any particular cause for concern. Sophos (an anti-virus vendor) has an interesting article here about how they hope to detect future variants without studying each one, and the article has a graph showing how Storm infections seem to have dropped off.

"PHISHING" for bank details continues to be a problem, although many UK banks now seem – belatedly – to be making things harder for phishers. I continue to see a lot of spam with infectious attachments, and some of the infections change so frequently that anti-virus vendors have a hard time keeping up. Given the ease with which bad things can now be created (see here for an example) users should continue to be cautious about running programs – whether received by e-mail or downloaded from a website – which they know little or nothing about. I continue to be amazed by the number of peope who think that just because they are running anti-virus software they can click on anything with impunity. Just because you're wearing a seatbelt doesn't mean you should go around crashing into things!

I CONTINUE to see too many problems caused by Norton anti-virus (and, to a lesser extent, McAfee) and am continuing to urge my customers to use something better. Ironically, better products are cheaper (or free) but I sometimes have to work hard to persuade people that being a well-known name (or being pre-installed on your computer) is no guarantee of quality. In general, there are four types of program which used to be necessary in PC's running older versions of Windows but which I reckon almost no-one needs on a modern PC (that is, a PC running Windows XP at SP2 or later, or running Vista) but which I continue to see daily:

Norton or McAfee security products. These interfere with the built-in Windows firewall quite unnecessarily, and often seem to cause connectivity or performance problems. I much prefer AVG, either in its free or paid-for versions.
ZoneAlarm and similar. Everyone should use a router and the built-in Windows firewall.
Roxio and Sonic and similar. Windows can write data CDs and DVDs all by itself, and Windows Media Player can write audio CDs and DVDs. Most users don't need to do more than this.
Winzip and similar. Windows long ago got "zipping" and "unzipping" facilities built into it.

FINALLY, if you've ever wondered why there's so much spam around, look at this spam generator. With tools like this available, no wonder people think it's an easy way to make money. Maybe clever spammers do, but I receive spam sent by tools like this which the spammer hasn't even managed to configure properly. I wonder how many people pump out millions of items of spam only to find that they don't make any money at all (and end up having their broadband line shut down, and possibly being arrested); it was said that the people making money from the Californian gold rush were the people selling shovels, and perhaps this is the same. Luckily, spam filters are reasonably effective these days, so anyone plagued by spam should seek advice.

June 2006

THE BBC WARNS OF "an internet scam in which hackers hijack computer files and blackmail owners to get them back". In fact, this is not new (although it seems to be getting more common) and — so far at least — this seems to be less of a threat than losing all your files through a disk failure, say. The obvious message is: back up your files regularly, preferably to a write-only medium such as CD-R.

But Internet criminals do seem to be getting bolder, and are maybe moving towards a straightforward system of demanding money with menaces. I'd be very surprised if the "Internet pharmacy" mentioned in the report delivers anything — it seems like a simple ruse to get you to hand over your credit card details.

May 2006

BARCLAYS BANK HAS BOUGHT 1.6 MILLION LICENCES for F-Secure software to give away to its customers in an attempt to limit online fraud, much of which is now committed by criminals who steal people's bank details via so-called "phishing attacks" (see November's news, below).

Judging by the number of fake e-mails I see, Barclays is a prime target for phishing spam, and this news suggests to me that online fraud is an enormous problem, much bigger than the banks have admitted.

About 70 percent of all the PCs I see are infected with trojans, keyloggers or other types of spyware — all of which make it easy for Internet criminals to gather any passwords or security details you type on your PC. They can then raid your bank account at their leisure.

Your money is transferred to the account of another gullible victim, who turns it into cash which is sent untraceably to the criminals (see Fake Jobs, below). If you fall for this, it's not clear to me whether Barclays will give you your money back — its terms seem to hold you liable if you have allowed your PC to get infected.

I'm amazed this isn't seen as more of a problem: millions of pounds must be stolen this way each year.

BBC report.

January 2006

PCs Hijacked

THE BBC REPORTS THAT AN AMERICAN has pleaded guilty to hijacking half a million computers worldwide.

Many of these will have been home computers in the UK. Unknown to their owners they become part of a "botnet" used to send junk e-mail to people or launch "phishing attacks" (which try to get people to login to fake websites, thus revealing their banking passwords. See the next story.)

Such machines are infected after unknowingly running spyware which allows anonymous criminals — like the 20-year-old American — to use the victim's PC and broadband connection for his own purposes.

Such spyware also commonly records the owner's keystrokes (for example when doing online shopping or home banking) and relays logon information and credit card details back to the criminal.

Fake Jobs

I suspect the number of bank accounts compromised by spyware is rather high — in the last few months I have seen a lot of spam offering jobs as a financial controller and suchlike ("no experience necessary"). These are always attempts to get people to use their own bank accounts to launder money stolen from other accounts. For example, you may be asked to process "refunds", where your contact pays £10,000 into your account, you send him £9,000 in cash and keep £1,000 for your trouble. When the police come knocking, you'll find your "employer" has disappeared.

November 2005

I HAVE SEEN A GREAT MANY FAKE E-MAILS targeting Barclays online banking customers in the last week or two. Clicking the link in the e-mail takes you to a fake site in China which invites you to type in your security details.

The e-mails have a variety of plausible subjects (such as Barclays IBank: IMPORTANT NOTIFICATION) and seem to come from Barclays, but of course are attempting to get you to input your banking passwords to a fake site.

This is the body of the e-mail:

May 2005

THE DAILY TELEGRAPH WARNS OF A NEW TROJAN (although it calls it a virus):

If you bank over the internet, beware of a new virus, Troj/BankAsh-A, that can lie dormant on your computer until you try to log on to your bank's website.

At this point, the virus diverts users to fake websites where they may put in their personal account details. Lycos UK, a European communications portal, says it has seen a 10-fold increase in the virus over the last couple of months and claims to have stopped 3.3m incidents in April compared with about 40,000 in March.

Wessel van Rensburg, Lycos UK's head of e-mail, said: "The stolen details are used to hijack bank accounts and for identity theft. The method by which data is obtained is extremely sophisticated."

Netimperative has a longer quote:

"The stolen details are used to hi-jack bank accounts and for identity theft," says Lycos UK head of email, Wessel van Rensburg. "While these crimes are not new, the methods by which data is obtained is extremely sophisticated. This is a multi-billion pound industry and tens, if not hundreds, of thousands are being affected."

[Paul adds: this trojan also disables Microsoft's anti-spyware program.]

April 2005

BT ESTIMATES that 80,000 of its customers have been affected by Internet "rogue dialler" scams, at a cost of about Ł8 million, according to a Daily Telegraph report. That's an average of Ł100 per attack.

Moral: once you go to broadband, make sure you (or your installer) disconnect your old dial-up modem. If it's physically disconnected from the phone line, it can't be used to make phone calls.

If you're still using a dial-up connection to the Internet, consider getting broadband instead.

-o0o-

BT HAS REFUSED to waive the bills of customers who fall victims to Internet call scams, reports the Consumers' Association magazine Which? (April 2005, page 7).

Sam Cox had his dial-up Internet connection diverted to Tuvalu by a rogue dialler. BT alerted him to the calls to the South Pacific island – but only after a £346 bill was racked up.

Sam Cox said: 'Since then BT has verbally shrugged its shoulders. It says it's not its concern how customers run up bills.'

In a similar case BT has instructed debt collectors to claim £463 from Herefordshire couple Roger and Gill Walker for Internet calls to Chile they didn't make. Gill said: 'Every part of the telecoms industry we have talked to admits this is a problem, but they all say: "Nothing to do with me – talk to someone else".'

BT says it's not obliged to waive bills and blames Internet service providers (ISPs) for failing to protect users with software that warns of changes to dialler settings. BT said 'ISPs are happy for phone companies to take the flak.'

-o0o-

A MAN HAS BEEN SENTENCED to nine years in jail by a Virginia judge for sending millions of junk e-mails, or "spamming", reports the BBC.

Jeremy Jaynes, 30, is the first person in the US to get a prison term in a spam case. He is said to have been the world's eighth most prolific spammer. By selling sham products and services advertised in his messages, he earned up to $750,000 (Ł398,000) per month.

It is believed that 70% of all e-mails are spam.

March 2005

THE UK BANKING INDUSTRY REPORTS that "in 2004 total losses for online banking fraud were recorded for the first time and reached £12 million. These scams mainly involve phishing where customers are duped into disclosing personal security information, as well as trojans that capture security credentials through keystroke logging."

Moral: keep your PC clear of spyware, and check it regularly, especially if you do online banking.

10 February 2005

BT TODAY ANNOUNCED that it will increase the speed of its broadband services at no extra cost. AOL has been doing something similar for some time.

This does not necessarily make either BT or AOL good value, however. BT, for example, puts a usage limit on its connections, and you have to pay extra if you go over the limit. So, for some users, the speed increase will just mean they reach the limit sooner, and their bills will increase.

There are still reliable providers out there that offer a better service than either BT or AOL – my pages here give some suggestions on what to consider when choosing a broadband supplier, and name some good suppliers.

The BT announcement looks set to shake up the market, however, and we can expect to see a lot of price and product changes over the next few months. I'll be keeping my eye on things for my clients, and advising them where and how to get the best service at the lowest cost. I'll be keeping my various pages here updated as best I can, but if you're thinking of getting broadband for the first time, or are thinking of changing supplier, I'd suggest you contact me first. It could save you paying more for a worse service.

January 2005

MANY E-MAILS ARE DOING THE ROUNDS from well-meaning people trying to identify this boy, apparently lost in Phuket. In fact, this child was re-united with his Swedish father within days. It's never wise to send any request "to everyone in your address book", however well-meaning, as it has the same effect as a fast-breeding e-mail virus. More here and here.

There is an official Red Cross website to help locate missing people.