Sarah Graham, a technical writer in Washington, DC, had just returned from getting a cup of coffee when she saw the first sign of trouble.
There, on her notebook monitor, was a new browser window, displaying an unsettling message.
”It said my Windows XP system had been analysed. Everything was working correctly, except there was a possibly damaging security leak,” Graham said.
”I clicked on a link in the message that promised to help me solve the problem, but I soon learned that someone was just trying to sell me some security software that I didn’t need,” Graham added.
”Since that time, it seems like I get these messages every day, sometimes more than once.”
She’s not alone. Such messages are just the latest salvo being fired by increasingly aggressive online marketers and scam artists.
They get to you by e-mail. They get to you by opening browser windows against your will. And they get to you even through instant messaging. But there are ways to fight back.
The deceptive advertisements that are appearing via browser windows these days are utilising a ”service” in recent versions of Microsoft Windows, including Windows 2000 and Windows XP, that advertisers have learned how to exploit to hawk their wares. It’s called Messenger Service, and the good news is; you can do without
it.
Disabling the Messenger Service will help you get rid of these messages once and for all. Click the windows Start button, and select Run. In the Run dialogue box, type ”services.msc,” without the quotation marks, and press Enter.
A Services dialogueue box opens, containing a long list of events that are started behind the scenes when you log on to Microsoft Windows. Scroll down the list until you find the one entitled Messenger.
Right-click Messenger and then select Properties from the pop-up menu. Within the Properties dialogue box, first click the Stop button, and then from the Startup Type drop-down list box, select Disabled. Click Apply, and then exit out of all dialogue boxes. From this point on, you should no longer receive unexpected messages displayed in browser windows on your screen while you’re connected
to the internet.
There’s an even more potentially dangerous scam that is being perpetrated via e-mail these days. In the United States, customers of BestBuy.com were the latest victims, but anyone who has ever shopped online is potentially at risk.
Here’s how it works. You check your inbox one day, and find an e-mail message purportedly from the store or online service that you have given out personal information to, such as credit card or address. The e-mail seems to come from the store or online service itself, perhaps, as in the case of the recent BestBuy scam, from the company’s supposed ”fraud department”.
Such e-mail messages will always tell you that your account information needs to be updated, and a link will be provided that will take you to a web page, looking very much like the web pages of the company in question, so that you can provide personal information, including credit card and mailing address.
”Beware”, say experts. E-mail messages that request that you provide personal information that you have already provided to the company are almost always fraudulent.
”Never give personal information such as your date of birth, bank account, or credit card numbers in response to an e-mail,” says Maryland Attorney General Joseph Curran, Jr. If an e-mail message makes you at all suspicious, he urges, call the company in question. If you’re dealing with an online company that cannot be called, consider severing relations.
And it was probably only a matter of time before instant messaging –the wildly popular form of communicating in real-time using programmes such as AOL Instant Messenger, Yahoo Instant Messenger and MSN Messenger — became the target of online advertisers.
Increasingly, users of instant messaging are receiving unasked for and unwanted instant messages from people not on their ”buddy” lists. The quickest solution to getting rid of such annoyances is to upgrade to the latest version of whatever instant messaging programme you’re using.
The major instant messaging programmes now have built-in spam blockers. These work by prohibiting anyone who is not on your buddy list from contacting you. Unfortunately, this could limit you from getting instant messages from people you might like to chat with, but that’s the price, at least for now, that we have to pay to rid ourselves of obnoxious and pernicious scams.
Further internet schemes are on the rise though, with solutions out of the hands of the average user, whom they target.
More than 2 000 home internet users have had their computers hijacked and redirected to pornographic websites, in a scheme that has security experts perplexed.
Experts believe they have traced the attack to Russian operatives of other Internet scams, and suspect it is part of a money-making scam, but remain baffled about the technique used to infiltrate PCs.
Richard Smith, a Massachusetts-based security consultant who has tabulated the number of infected machines, said the perpetrators of the attack appear to be from the same location as those responsible for a recent scheme involving the Paypal internet payment system.
Smith said this attack, known as a trojan, seems to be a new twist that blends hacker attacks and spam, and that it is a new type of money-making scheme.
”In terms of home computers, this is one of the first times someone has tried to make money off of hacking a home computer,” Smith said.
”It is not known at the present time how the trojan gets installed on people’s computers. My theory is that the Sobig.e virus might be involved, but the evidence is not strong at the moment.”
Joe Stewart, a specialist at the internet security firm LURHQ, was among the first to analyse the new trojan and trace its likely origins to Russia.
The hackers may get revenue for every time a porn page pops up, similar to the commissions from advertising ”clicks,” and may get additional money by sending out spam from the infected computers.
Stewart dubbed the trojan ”migmaf”, short for ”migrating mafia”, and noted that the method of attack — shifting from one computer to another every 10 minutes — makes it harder to track.
”Migmaf is particularly disturbing because it represents a new escalation in malware weaponry,” said Jim Kollegger, president of BBX Technologies, a security firm.
”Hackers and unscrupulous business owners are now leveraging malware such as Migmaf to hijack other computers to carry out illicit purposes, such as anonymously hosting porn pages, acting as spam relays, or acting as intermediaries for financial scams. This new form of malware can turn virtually any computer user into an unsuspecting accomplice of crime, making it especially difficult for authorities to shut down the networks.”
According to Smith, the location of the attacks has been traced to the same location as a recent Paypal scam in which bogus e-mails were sent out to users, directing them to an imitation of the real Paypal site, in an effort to obtain confidential bank or credit card information.
Experts warn that there could be other nefarious impacts from the hijacking. It is possible, for example, that a virus could be implanted that steals passwords or other confidential information from hijacked PCs.
”Some of the same computers hosting websites for pornographic sites are also receiving stolen credit card information,” Smith said.
However, Smith said it may be possible to track the attackers through their money trail, from advertisers, possibly in the United States.
David Wray of the US Department of Homeland Security [DHS] said the agency’s cyber security division was aware of the situation but was not issuing any new warning.
”We’re aware of it, and DHS will monitor the situation,” Wray said.
”It’s based on known vulnerabilities, so if people keep patches and virus software up to date, that should mitigate some of the ill effect.” ‒ Sapa-AFP, Sapa-DPA