Police Your PC
Reproduced from Sunday Times, Doors, August 7 2005. Author: Nigel Powell
You would not leave your front door open overnight, but every day, people browse the internet's wild frontiers with virtually no locks on their computers. The recent electronic attempt to rob the Japanese bank Sumitomo Mitsui of £220m shows that even the experts are vulnerable to security attacks. What hope is there for the rest of us?
The bank-job hackers tried to break into the system using key-logging software to relay passwords from employees' computers to the perpetrators, who could then access accounts to transfer money overseas. Police foiled this online heist, but they won't be there to protect your • home computer.
In laboratory tests carried out on an unprotected machine, researchers recently found that it took, on average, only 17 minutes for a computer connected to the internet to become infected with viruses or spyware — in effect, wide open to a total stranger. So you have to act as your own security guard against the growing army of digital villains who want to grab your cash, because they wield an evergrowing arsenal of weapons.
"Virus writers used to be kids out to gain a bit of notoriety, almost like graffiti artists," says Graham Cluley, senior consultant with the antivirus specialist Sophos. "Nowadays, we're seeing many more professional gangs who are after money. They're working with spammers and criminals who steal credit cards and are involved in other forms of identity theft. The whole business is changing."
More than 100,000 viruses, worms and Trojan horses — generically known as" malware — are currently circulating on the internet, industry experts estimate, and the numbers are growing by about 1,000 per month. In July alone, Sophos identified 1,380 new threats, mostly aimed at Windows computers.
The good news is that the past two years have seen more than 20 arrests of suspected malware developers, based all over the globe, from Belgium to Taiwan, including a 53-member crime ring in Brazil, which had stolen £17m from unwitting online-banking customers. The war is on in earnest, boosted by big rewards being offered by companies such as Microsoft and the SCO Group.
What all the experts agree on, however, is that the consumer must become his own spycatcher, helping to win the fight by adopting prudent online tactics.
"There are three main steps you can take to protect your computer," says Kevin Kean, director of the Microsoft Security Response Center in America.
- "Install an internet firewall.
- Keep your computer's operating system updated.
- Install up-to-date anti-virus software and keep it updated.
The worst attacks have less to do with technology and more with tricking the public into doing something they shouldn't, which is why we're trying to educate people on how to cope."
Here is the Doors guide to keeping your computer secure and safe from these malevolent 21st-century crooks.
THE VIRUS WRITER
Viruses, worms and Trojan horses are all malicious programs designed to infect and affect your computer, but they differ in significant ways. A virus travels from computer to computer through human action, such as clicking on an e-mail attachment. A worm can travel without assistance (eg, by sending itself automatically to the people in your e-mail address book). A Trojan horse cannot replicate or travel, but is often installed surreptitiously in order to take over a computer and make it do the bidding of a remote operator.
SYMPTOMS Computers may behave erratically, rebooting, running slowly or displaying strange messages or pop-ups. Trojans tend to leave little or no trace, and the only clue is increased activity on your net connection for no good reason.
FIX It's vital to keep your operating system, firewall and antivirus software switched on and updated. Out-of-date antivirus programs are useless, but the better ones, such as the free AVG www.grisoft.com, have excellent auto-update features. Perform an online scan if you suspect mischief - try Panda's version at www.tinyurl.com/455j. And install a good anti-Trojan package, such as Trojan Hunter www.misec.net/trojanhunter .
THE ROGUE DIALLER
A virus that secretly connects your computer to the net to rack up huge phone bills by calling premium-rate or international numbers from a dial-up modem. It is often transmitted in e-mails. People may also be fooled into downloading one while browsing malicious gambling or adult websites. The telecoms ombudsman, Otelo, says that the onus is on consumers to protect themselves from rogue diallers, as they must pay any resulting bill. BT recently launched www.bt.com/premiumrates to provide advice.
SYMPTOMS The first most people know of these nasties is a phone bill for hundreds, or even thousands, of pounds. You may notice that your computer dials the internet unexpectedly, or frequently disconnects and reconnects, or that the dialling sounds last longer than usual (reflecting longer international numbers).
FIX Disconnect the modem from the phone line when not in use (this includes broadband subscribers who have a stand-by dial-up account) and install a software guard, such as the free Modem Protection program from BT www.btmodemprotection.com or Reconnect Warning (£6 from www.reconnectwarning.com ). Block premium-rate and international calls on your phone by contacting your phone company. From September 15, a new regulation provides 30 days from the date a rogue call is made for consumers to alert the regulator ICSTIS (0800 500212) and your phone company. Also ask for monthly bills.
THE PHISHER
Fraudsters send out millions of e-mails purporting to come from banks and other financial institutions. Typically, they ask you to click on a website link, go to the site and update your account details, in some cases cheekily claiming that it is "to protect against fraud". Once you're on the fake site, the crooks will ask you to input account details and passwords, at which point your account becomes toast. The latest figures from the security firm Symantec suggest that one in every 250 e-mails is a phishing attack. What's consoling is that, while the Association of Payment and Clearing Services reports that UK banks lost £12m through such online fraud in 2004, that total is small when compared with the £504m lost last year to credit-card fraud.
SYMPTOMS A lavishly designed e-mail message with bank letterhead and logo. One of the immediate giveaways may be bad English, poor grammar or misspelling, but the more sophisticated mails are perfect in every detail.
FIX No bank, building society or online service such as PayPal or eBay will ever send an e-mail asking you to supply account details, so even if it looks impressively official, neither click on it nor reply to it. If you believe that you have become a victim, contact the financial institution immediately.
Rich Kaplan, a corporate vice-president at Microsoft, says: "There are three main vulnerabilities in general — e-mail, web browsers and computer ports. Nobody is immune. Even my son got caught the other day, when he inadvertently allowed his eBay account details to be hijacked."
THE PHARMER
Pharming is a sophisticated form of attack that uses the net's complex addressing system, called DNS, to redirect people from legitimate sites to bogus addresses. So, for instance, you enter www.ebay.com in your address bar and are unaware that you have landed at a lookalike site. As yet, these attacks are rare, but they have the potential for serious mischief if perfected. Symantec claims that, along with phishing, pharming attacks have trebled in the past six months.
SYMPTOMS Examine your browser's address bar, where you may notice that the plausible website name is not exactly what you typed (www.eebay.com, for example) or has an @ sign in the middle.
FIX Install and run a specialised browser such as Deepnet Explorer ( www.deepnetexplorer.com ) or an antidote tool such as SpoofStick ( www.corestreet.com/spoofstick ). This software displays the real web address you are visiting outside the address box itself, so you know exactly where you are.
THE HACKER
Hacking — or, more properly, cracking — is a generic term that means breaking into a computer, either remotely or on site. Cracks may include defacing web-sites or installing software to reveal passwords and sensitive personal details, or logging each keypress made on the keyboard. Last year saw a 36% increase in attacks on web servers — with nearly 400,000 attacks logged around the world by the security firm Zone-h.
SYMPTOMS Unfortunately, well-written cracks are almost invisible until it's too late, so always be conscious of security. Graeme Pinkney, head of European threat intelligence at Symantec, says: "Modern computer attackers have moved into stealth mode. They want to keep your computer running as if nothing is wrong, so they can use it to launch zombie attacks on selected targets."
FIX Never give out passwords and sensitive account details, or allow strangers to remain in your computer room for long periods without supervision. If you think you have been hacked, run antivirus programs or specialist tools such as Advanced And Keylogger Lite
( www.spydex.com/advanced-anti-keylogger.html ) or the free Ewido suite ( www.ewido.net/en/features ) and see if they detect intruders.
SPYWARE
Software designed to surreptitiously collect and report information about your surfing habits is called spyware (explored in detail in Doors on April 10, at www.timesonline.co.uk/doorscampaign ). The security firm Computer Associates recently claimed that most computers have about 80 or 90 pieces of potentially malicious code on them, with an average of four pieces of serious spyware. These programs are installed on computers when people download certain software or visit dubious websites.
SYMPTOMS Most spyware, by definition, operates silently in the background, so is difficult to spot. However, be suspicious if you notice your browser running slowly or Internet Explorer crashing unusually frequently.
FIX Most ad-supported freeware and free toolbars or search bars are funded by trackers, so stay away from this type of software unless it comes from reputable companies such as Opera, Yahoo! or Google. To locate and remove, download Ad-Aware from www.lavasoftusa.com (note the correct web address, as there are similarly named fakes). Microsoft has released similar anti-spyware protection, described at www.tinyurl.com/47cus . Remember to set your virtual policeman to perform a scan automatically and regularly. The price of security is eternal vigilance.