Most everyone has heard about computer viruses and most may have heard the terms, “worm” or “phishing” or “trojan” when it comes to computers but I’ll venture that most do not really know what these things mean and how they can threaten not only your computer but also you, your bank account and your privacy! Not to mention how they threaten organizations (computer networks).
The following article about all these threats is so good, I have shamelessly copied it from the place I found it – http://www.internet-story.com/dangers.htm – and re-posted it here. Thank you to the original author – to whom I would gladly give credit – had she/he taken credit for compiling this piece in the first place.
In general spam can be defined as any unsolicited e-mail, usually in the form of advertising for a product or service. Spam wastes an enormous amount of people’s time. Even though you may think an e-mail is spam, you often have to read the first sentence to be sure before deleting it. If you get dozens a day, the time wasted rapidly mounts up. Unfortunately there seem to enough people falling for the offers to make sending spam worthwhile.
In addition to lost time, spam also uses up considerable bandwidth on the Internet. Despite bans, because the Internet is public it’s almost impossible to prevent spam. There are organisations which try to fight spam using various techniques, and filters are available which recognize some spam algorithmically, for example by the subject line or sender. But spammers know all the tricks and are often ahead of the game.
The story goes that the word spam comes from the Monty Python song: “Spam spam spam spam, spam spam spam spam, lovely spam, wonderful spam…” A sort of endless nonsense, which continually repeats itself. The song featured in a skit in a restaurant, in which every dish included some spam, a trade name for luncheon meat.
Wherever the word came from, spam is invasive – you don’t want it, but you get it anyway. And the worst thing you can do is click on the button saying you don’t want it, or send an e-mail complaint back. Then they, whoever “they” are, know that their spam is reaching you. And you will get more…
This is a general term meaning malicious software such as viruses, worms, Trojans, spyware, adware, etc.
In the early 1980s, experiments were carried out on computer security and 1983 saw the emergence of the first virus. Fred Cohen, at that time a student at the University of Southern California, had the idea of introducing self-reproducing software, which could spread by infiltrating existing programmes, thus attacking the security of multi-user computing systems. Len Adleman, Cohen’s thesis adviser suggested that this was similar to a biological virus, which uses the resources of the cell it attacks to reproduce itself. The term “computer virus” was born.
So what is a virus? A virus is a programme with the ability to reproduce and spread rapidly. It is often difficult to eliminate. A virus infiltrates a file and is spread as that file is copied and forwarded to other computers. At the very least a virus can cause problems by taking up storage capacity and memory and slowing general computer performance. However some viruses can destroy files, reformat hard drives or cause other damage.
At one time viruses were spread mainly through the interchange of floppy disks but the Internet now provides a much better and quicker distribution system. Viruses attached to today’s essential business tool – e-mail – can spread a virus throughout a company like wildfire and cost many millions in lost data, lost productivity and high fees for re-establishing crashed computer systems. Tens of thousands of viruses have already been identified and it is estimated that about 400 new viruses are created every month. Anyone with basic programming knowledge and a desire to cause computer damage can create a virus. A non-damaging virus will spread and “just” take up storage space. With damaging viruses, the spread usually takes place over a long period before the virus is actually activated. The activation may be tied to a particular date or particular computer command. Once a virus is discovered, details are sent to the ICSA (International Computer Security Association) in Washington, D.C. They in turn distribute details to anti-virus software developers who modify their software to detect the new virus. Depending on the virus, this can take months. As new software is installed and updates made, the virus threat is finally reduced to a level where it is no longer a major threat.
Normally spread through e-mails, a virus hoax is usually a false warning of a non-existent computer virus. As such, they cause no harm to computer systems other than slowing mail servers down if spread in large numbers. In addition to the hoax itself, unsuspecting recipients then send out e-mails to all their contacts warning them of the supposed virus threat, creating even more network traffic. However, some hoaxes go further, with a message giving directions to remove specific files from your system to get rid of the virus. This form is then no longer a hoax but is in itself a virus, because it leads you to remove some vital file which may cause your computer to malfunction. Before reacting to any virus warning, even ones that appear genuine, check with one of the online anti-virus programme providers who list hoaxes and real viruses.
Worms differ from viruses in that they don’t reproduce by infiltrating files but by infiltrating systems. For example, a network worm spreads by reproducing itself throughout a network system. An Internet worm sends copies of itself through the Internet system via poorly protected computers. An e-mail worm sends copies of itself via the e-mail system.
The name is derived from the Trojan Horse of Helen of Troy fame. It is a particular type of malware used to infiltrate a computer without the user’s knowledge. Trojans may install a so-called “keystroke logger”, which can record all the keystrokes entered on a computer keyboard. This provides information on all computer activity including passwords used. This information is then passed on to fraudsters via the Internet. A typical method used is to send out random e-mails which appear genuine, encouraging computer users to click on a link from the e-mail to enter a malicious website, which in turn exploits a web browsers vulnerability to install a Trojan.
Another form of Trojan allows infected computers to be targeted for a “denial of service” attack. The aim is to deny the victim access to a particular service. Such an attack can effectively disable your computer or network – with possible disastrous consequences depending on the type of organization. Unlike viruses, Trojans cannot reproduce.
First identified in 1996, phishing is the practice whereby fraudsters acting as legitimate organisations such as banks, online payment services etc., send misleading e-mails requesting personal and financial details from unsuspecting recipients. In other words – fishing for information useful to the fraudster in order to transfer money into the fraudster’s account or make online purchases on someone else’s account. Typically, a message requests the recipient to “update” or “validate” his account information by clicking on a link with the threat that failure to do may lead to suspension of the user’s account, etc. To avoid having his account suspended, the user follows the e-mail instructions and the trap is sprung. The link to which the unsuspecting victims are directed opens a “copycat” website of the institution named in the e-mail and looks official. Thousands of such e-mails are sent out in the hope of catching out a few of the unwary. The information “phished” for includes numbers for bank accounts, credit cards, security codes, social security and phone numbers, login names and passwords and names and addresses.
Adware and Spyware
Short for advertising-supported software, adware is a software application in which advertising is displayed while the programme is running. This may take the form of pop-ups or banners which appear on the computer monitor. Advertisers pay for the service and help to recover some of the costs of software development, thus keeping the price low or even free, whilst the programmer still makes a profit. Adware may run on a computer without the users knowledge, having been included in shareware or freeware downloaded from the Internet. Most adware affects the various Windows operating systems and may be noticeable by the presence of more pop-ups on the web browser and a possible reduction in computer performance.
Some adware programmes include codes used for tracking and collecting information about users, their computers, websites visited and so on. This is then called Spyware.
Combating Adware and Spyware is fairly easy with programmes such as Ad-Aware or Spybot, which can be downloaded free of charge from the Internet and regularly updated. There are also commercial packages for sale.
- Treat all unsolicited e-mails with suspicion and never click on links on these e-mails to enter unknown websites.
- Never, ever answer unsolicited e-mails. You’ll just end up with even more spam.
- Ensure that you are using the latest version of anti-virus software. Most will automatically provide updates. [ed- use the programs that come with your OS as a first line of protection, companies like Microsoft have a vested interest in keeping your computer running smoothly and virus free. Often even the name brand a-v software can slow your computer down and cannot catch it all.]
- Download security updates or so-called patches from the Windows Update site, depending on your system.
- Install a firewall to help keep hackers at bay and make you invisible on the Internet. [ed- use the one that came with your OS.]
- Ignore all requests for personal details. Legitimate companies never request personal information via the Internet.
- Never forget that e-mail is not a secure method of transmitting personal information.
- Thoroughly check all credit card and bank statements to ensure that there are no unauthorized charges. If a statement is not received on time, check with the institution concerned to confirm your address.
- Be cautious about opening any e-mail attachment, even from known sources. Before opening it, drag and drop the attachment onto your desktop and scan it for viruses.
When we think of identity theft, we usually think of credit card details. However, ID thieves are also interested in other information, including credit reports, social insurance numbers, driving license numbers, phone cards, mortgage details, birth dates, passwords and PINs, addresses and phone numbers. ID loss is not just about money.
ID loss may mean losing much more. Credit rating may be lost and until this is restored, you may find difficulty in getting a job, a mortgage or even a passport.
Today’s cunning bank robbers only rob databanks. Computer criminals have realized the potential of the power of information and computer crime is the fastest growing form of crime. If operating remotely, ID thieves run little risk of being caught and even if they themselves don’t use the information, it can be sold on to fraudsters who use it to impersonate others. How is this done?
- Using credit cards to charge an existing account or create a new one.
- Opening a new telephone account using a stolen identity.
- Fraudulent electronic bank transfer to draw from a bank account using stolen identity.
- Using a stolen identity to get a job.
- Using ID cards or driving licenses for tax or benefits fraud.
- Using a stolen identity to obtain a loan or mortgage.
- Using a stolen identity for frauds of various kinds or when caught committing a crime.
As individuals, most of us have become accustomed to caution, to being extra careful with credit card and personal information. But criminals go where information is collected. Regrettably not all companies protect your records adequately in their databank. Some institutions hold records of millions of people and big break-ins can lead to loss of our personal secrets. One U.S. security firm discovered that passwords from 50 banks, eBay and PayPal login details and also credit card numbers had been stolen from a server by a Trojan virus. Another discovered that hackers had accessed a credit card system holding 40 million various credit card numbers. And data has been lost in far simpler ways: in the U.S., a shipment of bank customer data tapes disappeared in transit. In Singapore, bank customers records disappeared during shipment between two offices. A Japanese bank inadvertently threw out CDs containing copies of the financial records of its customers. And there was the Australian bank manager who, by using clients IDs, stole $17 million to feed his gambling addiction.
Figures published in 2005, showed that in the U.S. alone about 53 billion US$ per year is lost through ID theft. 90% is paid by retailers and businesses – ultimately of course at the expense of the consumer.
Some simple safeguards:
- Make a spare copy of all credit card, investment and bank details. [ed-store this securely]
- Contact your credit card company if new cards don’t arrive on time.
- Never use names, dates or consecutive numbers or letters for passwords or PINs.
- Never give passwords or PINs to anyone. Either by e-mail or personally.
- Check all credit card statements thoroughly. [ed- look for small recurring charges, usually less than $10]
- Shred your information before disposing of it.
- Install a firewall and anti-virus program on your computer. [ed- use your OS provided a-v and firewall programs as a first line of protection, see above comment.]
- Remove all data before disposing of a computer
And never think “It can’t happen to me!” It can!
ed- In the immortal words of Sgt. Phil Esterhaus – “Let’s be careful out there.”
From the far side of Bangkok – Vic