Useful information, interesting links, and much more.
You are visiting  
Please choose a

Use the menu to view your

Choose an article with these menus. To return to your last choices use your browser's BACK button.
Special Links
American Patriotism
Short Cut Menu
God Bless America
 
Home Page

Click Picks
Internet & Security
Loading

   • Enter search text below.
   • Press the "Search" button.
   • Click "X" to return here.

Emerging Threats

If you thought Trojan horses and spyware were problems, wait until you see what is coming down the pike.
Prior
 | Intro | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
Next


A number of new threats are emerging on the scene. Some of them are rather horrendous. We hate to be the bearers of bad tidings, but better to know now than to find out later.

Below is a list of oldies but goodies along with the new threats. Note that this list is by no means all-inclusive. More complete information may be found on our other pages.

Golden Oldies - Malware
 

Adware displays advertising on your computer. These ads may be stored on your hard drive or they may be carried by an on-line service. Some advertisers justify placing this software on your computer because it delivers information that they feel will be of interest to you, rather than random ads.

Spyware sends information back to a central location. Some spyware simply collects data that advertisers use to send you advertisements. Other spyware collects private information such as credit card and social security numbers. Spyware can make your computer slow to a crawl.

A hijack dialer diverts your dial-up connection. A hijack dialer will attempt to drop your dial-up connection and re-connect you to the Internet via an unregulated off-shore telephone number. The phone bills can be astronomical and the phone company cannot adjust the charges. Check your dial-up connections from time to time to see if you have any new entries, which will have an overseas access code. In the US that would be 011.

A Trojan horse allows an outsider to commandeer your computer. You computer may be used for whatever purpose someone else likes.

Keystroke loggers log all of your keystrokes. Whatever you type, including Web addresses, passwords, and other information, is sent to someone to be studied. This could be a private eye, a marketing company, or your boss.

Malware is usually placed on your computer without your knowledge. Much malware arrives through a drive-by download, i.e., when you click on a provocative ad or enter some Websites. It may come packaged with other programs, such as music sharing software, games, and updates to programs. It may come as an e-mail attachment. Many free programs such as tool bars and screen savers include malware and tell you so in the licensing agreement. Always read the license agreement before installing the software.

Phishing Scams
 

Phishing is a means of tricking people into giving up personal information they would not normally reveal. This is often accomplished with an e-mail that appears to come from a reputable company, one that catches the recipient off guard.

Older phishing scams were often crudely implemented, with open-ended requests for information and plenty of poor English. Newer scams are more sophisticated, taking the victim to a form overlaid onto a real Web page at the Website of a well-known company. This overlaid form sends personal data to another location.

If you suspect you are on a bogus page, click a link on the site and then try to go back to that page. If you can't get there, the page was probably bogus. Remember:

  • Reputable companies will never request your password or your PIN. Never. No how and no way.
  • Reputable companies do not request personal information they already have on file.
  • Reputable companies do not send software updates via e-mail.
Pharming Scams
 

Pharming re-directs users to a nefarious Web server in ways that are undetectable by the average user. On the bogus server you may find a copy of a company's real site. You will have no way of knowing you have been diverted. If the information presented seems odd, or if a request seems unusual or improper, trust your better judgment and don't furnish the information.

The rules governing the transfer of domain names from one domain registrar to another have been changed to facilitate timely transfers. In the past, a domain owner had to initiate a transfer and then furnish approval to the old registrar to release the domain. Now when a transfer is initiated, even if fraudulently, the transfer will be completed unless the domain owner learns of the transfer and then denies it. Pharmers love well-meaning legislators.

A more serious problem is the hijacking of the authoritative name servers used to direct Internet traffic to the correct servers. This is an attack on the infrastructure that holds the Internet together. If the name servers are compromised then thousands or millions of people may visit a bogus Website and give up personal information.

Rootkits
 

A rootkit is a means of infecting a computer with a virus, spyware, or other malicious code and then hiding its presence from the user. Rootkits use sophisticated means to hide themselves, such as altering the disk structure to report a different number of files from what is actually stored.

Rootkits come in many forms and their detection is not always possible. They are sneaky, insidious, dangerous, and a lot of other adjectives. They are also next to impossible to find. Some rootkit detection tools are now available but they do not correct problems; they only identify them.

In early December 2005 a security expert discovered that his computer was infected with a rootkit placed by a Sony CD that he played. It seems they had been doing this since around April 2005. This rootkit sent information back to Sony whenever he played the CD. It also caused problems for the computer.

So, rootkits and spyware are not necessarily the work of evil tinkerers laboring over Dr. Pepper and Oreos late at night. This package was placed on every Windows computer that played 52 CDs sold by Sony. Click here to learn more.

 

Telephone Phishing
 

As new technologies emerge the scammers find other tricks for plying trade. One area that seems to have attracted their attention is Voice over IP, or VoIP, which is used to make phone calls over the Internet.

We recently learned of a combined phishing and pharming scam in which the victim receives an e-mail message asking them to contact the bank by phone at a certain number. When they call they are taken through the phone tree to an extension that asks them to input their account number and PIN.

The problem is that the phone system is not located at the bank. It is a fake system that sounds like the real one at the bank. Since the call was made on a VoIP phone the account and password information can be captured. The results can be devastating.

While the method of delivery is new, the trick is not. The same methods for avoiding trouble apply with any such request:

Consider the source of the request.

  • It is not likely that your bank or credit card company needs to contact you.
  • If they do they will probably write.
  • It is unlikely that they would phone.
  • They will NOT contact you via e-mail.

Do NOT call any number requested in an e-mail.

  • Your bank or credit card company will NOT send an e-mail requesting you to call.
  • If you must call them then call someone you know at your local branch, or call the number on your monthly statement, or call the number on the back of your credit or ATM card.

Use care on the phone.

  • Caller ID guarantees nothing. It can be tricked to display any name and phone number
  • If you are called, NEVER enter an account number or PIN or password if asked to do so.
  • Your bank or credit card company will NOT ask for your account number and password. They have other ways to verify your identity.
  • You cannot be sure you have reached the bank unless you call a number known to you (see above).
  • If you initiated the call you may be asked for an account number but you will NEVER be asked for a password or PIN.

This phishing / pharming scheme is one of the first to hit the VoIP world. Don't let it, or others that may be more refined, take you by surprise. Any request by voice mail or e-mail asking you to contact someone else is suspicious. Any request for an account number, PIN, or password should not only raise a red flag, it should set off flares and skyrockets!

Prior
 | Intro | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
Next


05/12/05
07/16/06

   
www.Eagle-Wing.Net