New Hampshire Real Estate & Consumer Resources
Archive for the ‘Internet & PC’ Category
Law enforcement has managed to round up 11 criminals who were behind the massive computer hacking scheme that resulted in the theft of millions of credit and debit card numbers as well as other personal information from retail giant TJX.
Back when I first learned about the scheme, I posted that TJX needed a good slap in the face. At this point I’d like to amend that statement by saying they should get a good kick in the… Well, use or imagination.
Ever since I heard about it, I have wondered how the crooks managed to pull it off. Having worked in the computer industry for many years, these kinds of things interest me, and now that arrests have been made, I managed to dig up the details that had previously eluded me.
Here’s how this whole thing went down: The hackers made use of a technique
called "war driving," something that has been going on for years. In involves driving around with a laptop computer that is configured to detect wireless networks. In this case, the hackers were said to have used a directional antenna which can greatly increase the range from which you can access a wireless network.
Believe it or not, there are plans on the internet that involve the construction of a rudimentary directional antenna for war driving purposes using a Pringles can!
In this particular case, the hackers parked outside a Marshall’s store near St. Paul, Minnesota sometime during July of 2005, and commenced their efforts to penetrate the stores wireless network. With wireless hand-held price checkers in use in the store, and probably other wireless devices as well, there was plenty of data in the air for the hackers to capture on their laptop. This kind of activity could also be referred to as "sniffing" since the hackers are simply gathering the data that is being transmitted between various store devices via the wireless network.
Some of this data that the hackers captures contained usernames and passwords for TJX’s main computer systems in Framingham, Mass. Those were the gems that the hackers were looking for. They had hit the jackpot.
You may be wondering why it was so easy for the hackers to penetrate the store’s wireless network and begin sniffing all the traffic. It was so easy because the store was using an outdated version of the encryption scheme that was used to protect the data. They were using an encryption scheme known as WEP or Wired Equivalent Privacy, which had been "cracked" as early as 2001, meaning that weaknesses in the encryption scheme were discovered, and resulted in the creation of readily available programs that allowed hackers to compromise a WEP-encrypted wireless network in minutes. For the hackers, it was likely equivalent to child’s play.
TJX, a $17 billion dollar retail empire, failed to upgrade their wireless network to a new scheme called WPA, which corrected the problems with the WEP scheme. An auditor later discovered that TJX had also failed to install network firewalls and data encryption protection on many of its computers connected to the wireless network, and didn’t properly install another layer of security software it had obtained. Maybe they just bought the extra software because it came in a pretty box!
When queried about these failures the company declined to comment on its security measures. Perhaps the $17 billion dollar company could not afford to hire qualified personnel to implement the protective measures. As they used to say on Saturday Night Live, "Yeah, that’s the ticket."
Once the hackers has access to the companies main computer systems in Framingham, they boldly created their own user accounts to access the systems, and even went as far as using the company’s network to exchange encrypted messages with one another to avoid duplicating their efforts and copy files that has already been copied.
The hackers collected TJX retail customer information from the TJX systems and copied it to other systems they had access to in the U.S. and Eastern Europe. They sold some of the data to other criminal elements, and used some it themselves.
Some of the data even included Social Security numbers, drivers licence numbers and military ID numbers, exposing over 450,000 customers to the threat of identity theft. Naturally, the company apologized for the incident and has improved their security, but I guess that’s a bit like closing the barn door after the horse has escaped. Once that data is out there, it’s out there and who knows how many criminals have access to it.
The whole nasty scheme started coming to light during the aftermath of Hurricane Katrina when some customers of Fidelity Homestead, a Louisiana savings bank, began to notice strange transactions on their credit card statements. Hey, just what you need after enduring the worst hurricane in recent history! Some low-life using your credit card info to go on a spending spree.
Meanwhile, the hackers were still having their way with the TJX systems and managed to go unnoticed by the geniuses in the TJX IT department for 18 months. That’s got to be some strict set of security guidelines they had in place in their data center, wouldn’t you say? But, hell, who needs to protect things like customer Social Security numbers and other personal information as well as debit and credit card numbers? Just let the usernames and passwords for those systems fly around the airwaves inside stores on a wireless network that was well known for it’s easy accessibility. Brilliant!
Apparently, various criminals around the world had a field day with the data and used it to make purchases and do whatever else they could with it to profit. Criminals are often able to obtain equipment that can be used to create credit cards that are copies of the originals once they have collected the required info they need to print on the cards and encode onto the card’s magnetic strip.
It was during the fall of 2006 when a group of morons on Florida decided to go on a spending spree that set about the events that started to put pieces of the puzzle together. A Wal-Mart clerk became suspicious of people buying large quantities of gift cards and alerted police.
With the help of store surveillance tapes, the police managed to track down and arrest the idiots, who were said to have "covered a lot of territory in a relatively short period of time," according to a special agent with the Florida Department of Law Enforcement. That’s what happens when stupid criminals allow themselves to get too greedy.
As the crooks in Florida were enjoying an early Christmas at someone else’s expense, an auditor at TJX warned the company regarding its poor security, and that the company wasn’t complying with many of the requirements imposed by Visa and MasterCard, according to someone who was familiar with the auditor’s report. The report noted the outdated WEP wireless encryption, as well as missing software patches and network firewall protection.
It took until December of 2006 before TJX finally began to realize what had been going on right under their noses for months. They hired computer forensics experts and notified the Secret Service. I can’t help but think that TJX could have spared itself a lot of grief, and more importantly, risk to their customer’s financial well being if they had hired some in-house experts to keep an eye on things, or at least some system administrators who were better trained in matters related to security.
As someone who worked as a system administrator for many years myself, it’s hard to imagine how newly-created, unauthorized access accounts were created on a system without being noticed for 18 months!
There were attempts to catch the hackers in the act but they managed to elude their pursuers by using publicly-available internet connections like those found in coffee houses and using internet addresses belonging to private individuals who had no idea what was going on.
The good news is that this whole fiasco could end up costing TJX $1 billion or more. A punishment that is richly-deserved in this consumer’s opinion.
Personally, I never plan to step foot in a TJX-owned retail establishment again. What can you find in any of their stores that you cannot find online anyway? I just love shopping online since I don’t care much for driving anyway, and I don’t care much for crowds or waiting in check-out lines.
The other good news is that the main figures responsible for this crime have been indicted by federal prosecutors and will probably face a nice hefty stretch of time in a federal prison if convicted. I am a bit concerned that the 11 crooks are spread among five different counties, so I suppose one can expect delays and complications as a result of extradition treaties and other bureaucratic red tape.
I hope this entire episode serves as a warning to big companies that deal with personal data belonging to customers, as well as the hackers who think they are clever enough to out-smart the authorities. What criminals like this don’t seem to realize is that no matter how clever they are (and I will admit they were likely pretty smart when it comes to hacking systems), there are people just as clever on the other side of the law who will be looking for them.
News has been coming out on some of the big media sites (see CNN) about a serious flaw that allows hackers to control how traffic is routed on the internet.
I’m not sure what took the media so long to catch this story, but this is something that has been known for a while, and I recall reading about it in a trade magazine some months ago.
The first thing the average computer user needs to realize is that there is no action needed on their part. The potential problem only targets DNS servers, which are the computers that route traffic on the internet.
DNS servers are usually owned and operated by big internet service providers
like Comcast or Verizon. These DNS systems help internet users reach various destinations on the internet by allowing them to use simple names like www.homesfornh.com instead of the actual internet address which might look something like: 192.168.0.1 or 74.100.33.14.
Imagine how difficult it would be to use the internet if you had to type those kinds of numbers in for each website you wanted to reach! That is where the DNS servers come to the rescue.
Every computer that is connected to the internet has to know the address of the DNS server it will use to translate names like www.homesfornh.com into the actual internet address which is needed to reach that destination. Most of this stuff all happens behind the scenes and most users are not aware that their computer is even using the services of a DNS server, since it happens automatically for the most part, when the user brings their computer online.
What some clever hacker has figured out is a way to access the cache inside a DNS server and modify it to his liking. Think of "cache" as a kind of temporary storage area that a computer keeps in its memory to allow fast access to data that resides there. Retrieving information from a hard disk is slower than from memory, so cache provides an efficient way to access information that tends to be accessed a lot. Instead of pulling the data from the hard disk every time, the data can be snatched quickly from the cache as needed.
In this case, the data in the cache on the DNS servers contains information that is needed to translate the simple names I mentioned earlier into the actual internet address, which was that sting of numbers and dots that’s hard to remember. Since the typical DNS server can have hundreds or thousands of other computers asking it to translate names into numbers on a non-stop basis, the performance of the DNS server benefits greatly by using cache.
Lord knows how hackers figure this stuff out, but there certainly seems to be too many people out there with too much time on their hands which is obviously accompanied by a lack of morals.
Anyway, what the hackers manage to do is exploit some kind of program flaw on a DNS system which allows them to access the cache and modify it. This is known as "DNS cache poisoning."
Let’s say for example, that your bank is called "Big Fat Bank" and you can access your bank account online by visiting www.bigfatbank.com. Whenever you want to visit www.bigfatbank.com, an accommodating DNS server translates that name, www.bigfatbank.com , into the internet address that is needed to route your request to your bank’s website. Let’s say that your bank’s actual internet address is 192.168.37.1 in this case.
Well, when a hacker decides to "poison" the DNS cache on the DNS server that your computer uses to route you to the website you want to visit, he can modify the cache so that www.bigfatbank.com directs you not to 192.168.37.1 where your bank website actually resides, but to another address where he has set up a website of his own.
More-than-likely, the website that the hacker has created will look exactly like your bank’s website, and when customers try to log in to the fake bank site, guess what happens? The hacker records the customer’s account number and password and can then visit the bank’s real website and access the customer’s account.
The customer who attempts to log into the fake bank site that the poisoned DNS cache has directed him to will probably just see a message that says the site is temporarily down for maintenance or something when he tries to log in, and will probably just wait until some later point in time before he tries accessing his account online again.
Meanwhile, the hacker may be accessing the customer’s account and transferring money to one of his own accounts.
All of the major internet providers have been aware of this problem for a while and have probably applied the required fix to their DNS servers, so there is probably not too much to worry about at this point. In fact, I’d be shocked if a single major internet service provider has not implemented the required fix on all of their DNS servers.
However, always be suspicious of anything that seems unusual with any of your online bank accounts, and don’t hesitate to contact your bank or other financial institution if you think someone has gained access to your account or has discovered your account number and password.
You never know when the next flaw will be discovered that will open a new door for the hackers to exploit, so it pays to be alert and on the lookout for anything that does not seem quite right.
How many times have you clicked on a link to a news story and then ended up at the brick wall that is the “Register” page? It happens to me all the time.
I’m a regular reader of the Drudge Report, and as most Internet users know, that site contains many links to various news stories all around the net. It seems to be less frequent than it once was, but I still end up getting a registration page thrown in my face when I click on a link to a story.
This is because of the short-sided nitwits that are running some of these news sites. What they don’t seem to realize is that when I hit one of these registration pages, the last thing I am going to do it register on their site. And it really doesn’t have anything to do with privacy issues.
I visit the Drudge Report because I want a quick rundown of the day’s news stories on one page so I can scan it quickly and see what stories interest me. I am not going to stop my surfing to fill out my name and address or name and zip code or whatever on some site that puts a wall around their content and only allows registered users to access it.
What these registration tyrants don’t seem to realize is that the same news stories are available on about a million other sites that do not require registration at all.
When I run into one of these registration brick walls when trying to access a news story I simply bring up Google, click on “News” and then type in some keywords for the story. You know, something like “dog bounty hunter racist” (I’ll use that one only because I think that guy is such a jackass).
Google News will present me with than more than enough links to satisfy my appetite for that particular news story, and then some.
News sites make their money from the advertisements that appear when you visit their sites, but registration tyrants don’t seem to realize that demanding registration from their readers is reducing the number of eyeballs on their pages. People like me very quickly seek their news elsewhere and some other news site benefits from the extra eyeballs on their pages.
Smarten up and ditch the registration nonsense already. It’s so 1990′s.
When high-speed Internet was introduced in my area about 6 years ago, I was thrilled to finally dump my slow dial-up service. There was one thing, however, that I really missed about my old dial-up service.
I was getting my dial-up service from Earthlink (formerly Mindspring) back then and they had a very nice spam filter which literally stopped all spam from reaching my in-box. That particular filter is also known as a white list, and just like it sounds, it is the opposite of a black list.
With white list filtering you are able to configure your e-mail account so that it rejects every e-mail message except those coming from the e-mail addresses that are on your white list. It is the absolute best way to stop spam.
My new high-speed Internet access was provided by Adelphia when I first got it and unfortunately, they did not offer white list filtering. The spam filter they offered was reasonably good, but spam would sneak through every so often.
When Adelphia went bankrupt a while back (the company was run by crooks) the service in our area was taken over by Comcast. Although I am no big fan of Comcast, I was very happy to discover that they offered white list filtering for e-mail accounts.
One of the first things I did was to set up white list filtering on my main Comcast e-mail account. I have never received a single spam e-mail message on that account as a result. Until a few days ago that is.
Imagine my surprise when I received a spam e-mail message from some Canadian pharmacy outfit that was pushing, what else, Viagra! I stared at the message in disbelief. How could they have gotten around my white list filter?
It did not take too long to figure it out. When the spammers sent the message, they put my e-mail address in the “From:” field. In other words, it looked like a message that I sent to myself.
It’s quite trivial to send an e-mail message with a phony “From:” field and spammers have been doing it for a long time. In fact, it happened back when I had my Earthlink account because I had put my own e-mail address on the white list in case I wanted to forward something to myself for some reason.
With the Earthlink account, it was a simple matter to just remove my e-mail address from the white list and that was the end of the spam for good.
With Comcast, this is not the case. Apparently, the Comcast white list filter includes your own e-mail address by default and I could find no way to remove it. In fact, it does not even show up on the list!
I wish I could say I am surprised. It looks like Comcast has found yet another way to prove that they suck.
I’m not sure I am going to even take the time to report this to them as a problem since I don’t usually get a satisfactory answer from them when I have taken the time to report something to them.
Most of the the Comcast customer service people I have talked to so far have been utterly clueless and spend most of their time trying to convince me that whatever problem I am having is the fault of Microsoft or the company that made my PC. Apparently, the one training class they require their customer service people to attend is called “Passing the Buck.”
Unless Comcast closes this white list loophole, more spammers are going to exploit it and the white list filter will become useless. Nice going, Comcast! I’d really love to see you spend more time fixing your problems and less time passing the buck.
I got an e-mail yesterday that was obviously an attempt to infect my PC with something. A few years ago that something would very likely be a run-of-the-mill virus.
These days however, it is more likely to be some kind of trojan program that would allow some hacker somewhere to turn my PC into a spam generating zombie or something like that.
As you can see, the message is an attempt to make me believe that my system is infected with a worm program. At that point I suppose I am supposed to panic and believe that the attachment the sender of the e-mail has thoughtfully attached will rid my PC of the worm and all will be well.
It’s fairly obvious that English is not the native language of whoever it was that authored this literary masterpiece, and that’s a very revealing clue that tells us what this character is really up to.
Looking at the details of the header information that arrives with every e-mail message sent on the internet, I could see that this message originated on a server in Saudi Arabia.
That does not mean the sender of the message was someone from that region however. It’s possible that it could be some cyber-based al-Qaeda wannabe’s or something, but could also be hackers from just about anywhere simply using a compromised mail server that happens to be located in Saudi Arabia.
If you ever receive an e-mail message like this, the one and only thing you want to do with it is to delete it. No reputable company will be sending updates to you as an e-mail attachment. Instead, they would direct you to their web site where you could download the updates yourself.
If I can find the time I might attempt to analyze the attachment and try to figure out what it actually is. If I do, I will report back here with the results.
Update: The nasty bit of programming attached to this e-mail message included something known as “I-Worm/Stration,” which apparently harvests e-mail address from the PC’s it manages to infect. I suspect the addresses are then used for spamming. The program may also have the capability to download other nasty programs from the internet and install them on your PC. How charming.
Maybe you have not noticed an increase in e-mail spam over the last week or two because you get so much of it under normal circumstances, but I can tell you that there has been a virtual storm of e-mail spam going on.
I can always tell when this happens because a few spam messages manage to reach my e-mail in-box, which is unusual. My ISP actually does a very good job filtering spam and I don’t get much of it at all. Maybe one every few days under normal circumstances, but lately I have been getting about 10 per day and that tells me something is going on.
Sure enough, I just read an article that confirms my suspicions. A major spam-sending operation was launched by Russian hackers recently and unless you are using white-listing (more on that later) or just happen to be very fortunate, you have been on the receiving end of some of this penny stock or “male enhancement” spam.
I was simply amazed to read some of the details of this effort that has been uncovered by researchers. The spam “industry” is huge and they are using the very latest techniques to defeat anti-spam filters and get their messages into millions of e-mail in-boxes around the world.
What makes these spammers so effective is their use of bot nets. These bot nets are groups of computers from all over the world that have been hijacked by these spam-sending hackers.
Bot nets are created when internet users manage to somehow download a program that has a hidden payload in it that installs special remote-control software on their computer. This software runs quietly in the background whenever the user turns on their computer and allows the hackers to make all the infected computers carry out specific tasks while the computer’s owners remain blissfully aware of what’s going on.
You can probably guess what these hackers are doing with all the computers in their bot nets that they have control of. Yes, sending billions of spam messages for one thing!
Some of the numbers I read about in this article were just amazing. It claims that the hackers have control of about 70,000 computers that are members of their various bot nets. Most, or all, of these compromised computers are PC’s that have Microsoft Windows installed.
Amazingly, some of the remote control software that is downloaded by unsuspecting computer users comes with it’s own anti-virus program which it uses to remove other nasty programs that might compete with it!
Most of the spam I have been receiving lately is of the “male enhancement” variety, although I did see at least one penny stock spam message as well. What’s interesting about this is another technique these sophisticated hackers are using to harvest names for their mailing lists.
They have managed to break into a number of web sites that host information and forums related to investing. Once they break in, they steal lists of users with e-mail addresses and then use those e-mail addresses as targets for their penny stock spam messages! They are actually doing market “research” in order to better target the people they want to reach!
And here’s the part that really set off the light bulb above my rather dense noggin: The bot net remote control software also scours the contents of every PC it is installed on and ferrets out e-mail addresses to send back to the hackers that control the bot net!
I’ve just recently begun to suspect that there is virtually no way to avoid spam and this confirms it! You can have the most closely-guarded e-mail address in the world and never enter it in on any website anywhere, ever. However, all you need to do is have a contact out there somewhere who knows your e-mail address and ends up with a nasty program on their PC and there goes your e-mail address into the hands of the spammers!
This kind of thing has actually happened to me. I have created e-mail addresses with the idea of keeping them spam-free. Even when I use the address sparingly to communicate with just a few people and never enter it on any web site anywhere, I always end up getting spam sent to it after a while. It never fails and it was driving me crazy trying to figure out how it happened. Now I know.
OK, you may have noticed that I said that there was “virtually” no way to avoid spam. I left a little loophole there because there actually is a way to avoid it with almost 100% certainty. It’s called “white-listing,” and it is a method I will be returning to very soon.
When I had an account with Mindsping (now called EarthLink) back in the dial-up days, the e-mail accounts that they provided included a white-listing feature and it worked fabulously and was never defeated by the spammers. Ever.
A white list is a list of e-mail addresses that you are willing to accept e-mail messages from. When an e-mail message arrives in your in-box it is compared to your white-list and if that address is not on your white list, it is rejected and you never see it. I simply loved it because it meant no spam.
It is a bit of a pain to have to add the e-mail address of everyone you ever want to receive e-mail from to your list, but for me it is worth it. That’s how much I hate spam.
I have not used white-listing for a while now since my ISP has not offered it and I have not taken the time to look for alternative solutions. With my ISP now being taken over by another one, I may have the opportunity to use white-listing once again since I have heard that it is a feature that my new ISP offers to their customers.
The biggest problem I see with white-listing is when I visit a web site and want to make a purchase or sign up for a newsletter or something. Since you usually don’t know the e-mail address of the sender, you will not be able to white list their address in order to receive any messages from them.
Here’s how I plan to handle it: I will set up a “dummy” e-mail account for use when I purchase something from a web site or want to sign up for a newsletter. When I receive the first e-mail message in my dummy account, I will then know the e-mail address of the sender which I will add the the white list of my “real” e-mail account.
I will then log into the web site where I purchased something or signed up for a newsletter and change my e-mail address to reflect my real e-mail address that is protected by the white list.
When my dummy account receives it’s very first spam message, it gets deleted and I then create a brand-new dummy account to use.
Yeah, sounds like it might be a pain, but for me it will be worth it. If only for the feeling I get from truly defeating the spammers! Did I mention that I really hate spam?
These bot nets are the weapons that are allowing the spammers to be so effective these days and somebody must figure out a way to stop them from building these bot nets. It’s got to me something Microsoft is working on. Let’s hope so anyway!
Is your PC a slave in a bot net? Unless you are quite computer savvy and know exactly what’s running on your PC at all times, the answer could very well be “yes.”
Here are a few tips to avoid having your PC become part of a bot net:
Get the latest anti-virus and firewall software and install it.
Don’t download software from sites you don’t trust. A lot of this stuff gets onto people’s PC’s when they download free programs that are offered on various web sites. Things like free screen savers, free backgrounds and free games.
Make sure your PC has all the latest updates from Microsoft installed.
The last thing I want to do here is make people afraid to use the internet. Especially when it comes to buying stuff online. Heck, I have a site or two where I sell things and I sure don’t want to make people think they cannot purchase things online!
You are certainly not going to get any nasty software by making a purchase on Amazon.com or any other well-known site. Trust your gut. If a site seems suspicious, stay away.
There are new services popping up on the net now that monitor various web sites for nasty stuff. You can go to these sites and type in the name of the site you want to check out for a report on whether or not the site seems harmful or not. Here is one you might want to check out (it’s free to use):
More resources like this should be popping up on the net as the fight against spammers and hackers continues. Please do what you can to prevent becoming a victim of these scumbags and follow the tips I provided above. If we all do our part, maybe we can prevent the low-life from ruining the internet for the rest of us.
It’s been a while since I have posted any information regarding e-mail scams. Frankly, I just got a bit sick of the same old scams arriving in my inbox all the time and I shut off the e-mail account that was attracting most of it.
Just today one of my other e-mail accounts picked up a scam message of the type I have not seen that often. This one is from someone claiming to be representing “A.H.A. International.” Here is the message I received:
From: A.H.A INTERNATIONAL CO., LTD [aha005@rediffmail.com]
To: Undisclosed-Recipient:;
Subject: CAN YOU WORK FOR A.H.A INT’L?30 OCTOBER, 2006.
Dear sir/madam
We hereby introduce A.H.A INTERNATIONAL CO.,LTD,an international export/import company deals principally on Pharmaceuticals & Medical Products,Rubber and Plastic Products,Electrical Products Light Industrial Products,Hardware,Metals and Mineral Products,Textile and Garments,Auto Parts & Accessories and export into the Canada/America and Europe,Its turnover in 2004 reached US$192,000,000
We are searching for agents who can help us establish a medium of getting to our customers in the Canada/America and other nearby countries as well as making payments through you to us. You do not have to leave your present job for this one because this job offer will be on a part time basis as it comes once in a while and remuneration is on a percentage basis of 10% of the total amount you receive from our customers at any time on our behalf.
A.H.A has built up business relationships with more than 56 countries and regions around the world, forming both a global network of information, distribution and services and a pattern of diversified marketing across the five continents. Protected by laws, the insignia of A.H.A and trademarks of the products related have been registered in a great number of countries and regions.
Please contact us for more information,Subject to your satisfaction you will be given the opportunity to negotiate your mode of which we will pay for your services as our representative in Canada/America and Europe. Now we already have customers who are ready to remit cash to us.
Please to facilitate the conclusion of this transaction if accepted,do send us promptly the following information below:
FULL_NAME:
COMPANY_NAME:
AGE_:
GENDER_:
MAILING_ADDRESS:
STATE_CITY_ZIP:
CONTACT_PHONE:
CONTACT_FAX:
CONTACT_EMAIL:
OCCUPATION_:
SUBMIT_:Thanks In advance.
ziu cheng
Managing Director.
A.H.A INTERNATIONAL CO.,LTD.
Sha Tin, New Territories
Hong Kong
Tele\Fax:+852-301-59699
From what I have heard regarding messages like this is that they are simply scammers who try to fool you with bad checks. Or, in some cases, it is possible that they might actually be offering you a real job. Don’t get too excited, I’ll elaborate on that in a minute!
In the first type of scam, the scammers try to get you to believe that you will simply be transferring money for them. They will claim that due to the circumstances of their business, they need people in your country to simply accept money and then transfer it to others while keeping a percentage for yourself as your compensation.
The next phase of the scam begins when they send you a phoney check to deposit in your bank account and then transfer the amount of the check to someone else while keeping your percentage.
The problem arises when the bank discovers that the check is a phoney and if they don’t catch it before the check is cleared and you have sent the money to fulfill your part of the agreement, you are in serious trouble.
The other possibility with scams of this nature is that it may be a real job you are being offered. However, and this is a big however, you are being hired by a criminal enterprise, and as such, I suspect you could find yourself in a lot of trouble in the long run.
There are various overseas criminal organizations that make money in this country through illegal means. One of their big problems is getting their illegal profits out of this country and into their hands.
One of their solutions was to work out various schemes which involve hiring people here in the U.S. to transfer this money overseas to the criminals. Definitely something you don’t want to be involved with!
The best policy is to simply delete any e-mail messages you get that talk about any kind of job that involves the transfer of money. These types of messages are extraordinarily likely to be scams or criminals looking to hire people for illegal purposes.
If you think about it, what are the odds that some random person overseas is going to send you an e-mail message with the offer of an actual, legitimate job opportunity? About the same as some stranger handing you a $100 bill when you are walking down the street, I suspect.
Since I have eliminated most of my e-mail addresses that were receiving lots of spam, I was a bit surprised to see a new scam e-mail show up at one of my e-mail addresses.
I have heard about these lottery scams before and have even received a few of them in the past, but this one was a bit more clever than the others I have seen to date.
This one is coming from someone claiming to be “Darryn Clarke (Mrs),” who for all I know, may be an actual lottery official whose name these scammers have decided to use to add credibility to their scam.
As expected, the e-mail claims that I have won a substantial amount of money in the U.K. Lottery, and then goes on to explain that my e-mail address was selected randomly from various web sites.
That, apparently is their effort to overcome the first objection that would come to mind for most recipients of a message like this. That, of course, would be: “I didn’t enter the U.K. Lottery!”
It then goes on to make the claim that this drawing is part of the country’s effort to raise money for the Olympic Games in 2012.
The problem with that is that organizations that are trying to raise money are not in the habit of giving it away free to random individuals around the world.
A lottery manages to collect the money that is paid out to winners buy selling tickets to those who wish to participate. The key word here is selling. Without money coming in from the sale of lottery tickets, a lottery has no money to distribute to the winners. Pretty simple concept.
Despite their failed attempts to explain away a free lottery, I did find one of their tactics quite clever.
After providing me with my winning number, they provide me with a web site address so I can go there and verify that my number is indeed among the winners.
The site they directed me to appears to be a legitimate lottery web site and sure enough, my number was on the list as a winner! Imagine my excitement! Yeah, right.
I thought this was a rather clever innovation, but like most of these scams, you can see through it pretty easily when you pay attention to detail.
Beside each winning number it indicates where the winning ticket was purchased. For my winning number, it indicated that the ticket was purchased in the “Stoke-on-Trent” area, which I did not bother to look up, but is probably some region or town in the United Kingdom.
The problem is that I have never in my life visited “Stoke-on-Trent,” or any other area of the U.K. Makes it a but difficult to imagine that the unclaimed winning ticket in question is mine.
For the sake of making it easier for people to find this post, I should also mention that the e-mail address they provided to me for contact was info@national-lotto9.2-cool.co.uk, and is likely some domain that the scammers set up to appear as close to possible as a legitimate domain belonging to the U.K. Lottery.
For your amusement, here is the e-mail message as I received it (click image for larger view):
Despite all the precautions I take here to remain free of the various nasty things roaming around the net, occasionally I end up having to deal with this crap.
This time one of my kids ended up infecting his PC with a ton of ad-ware. It was placing icons on his desktop and popping up various advertisements on his screen. Since he is not the type of kid that loves tinkering with computers, he ended up telling me about it and I had to deal with the mess.
One thing that baffles the hell out of me is that how this kind of stuff could ever make a dime for any of the scumbags out there that must be profiting from this crap. What kind of moron would someone have to be to end up being bombarded with pop-up ads on their PC and actually buy something as a result? That’s the kind of stupidity I cannot even begin to comprehend, but it must be happening because these scumbags would not be doing it if they were not making money from it.
Anyway, I hauled my less-than-enthusiastic self up to my son’s room and sat down in front of his PC. A quick look confirmed that a lot of ad-ware crap had invaded his PC. He probably downloaded a free program from some website that was infected, but since he visits so many sites, he could not recall which one it may have been. Since I was interested in getting the machine cleaned up as quickly as possible, I did not care to spend a lot of time trying to figure out where he got it. These adventures consume too much time as it is.
The first thing I did was to download the latest copy of the Ultimate Boot CD and burn it to a CD. The best way to approach something like this is to use a bootable CD like this one. It’s a fabulous resource and I highly recommend it.
What makes the bootable CD so useful is that the ad-ware is not able to touch the CD. Ad-ware and other nasty programs can often spread and re-install themselves on your PC even as you are attempting to remove them. Since it is physically impossible for the PC to write to the CD, there is no way that the CD can be infected by any of the programs you are trying to remove. This gives you a “clean” environment to work from.
The Ultimate Boot CD has many useful programs included on it, including several anti-virus and anti-spyware programs which I was able to use to clean much of the ad-ware off the PC.
One key thing to remember when cleaning nasty programs off your PC is that you want to try to use as many different programs as possible. Not every program can remove every type of infection and this was certainly the case with this infection as some programs missed other problems that were picked up by others.
Something else that was confirmed for me this time was the usefulness of firewall programs. During the course of my efforts to remove all the ad-ware from my son’s PC, it was very easy for me to see that there were still infections there that none of the anti-virus or anti-spyware programs could find. Each time I would clean up some of the ad-ware and re-start the PC, the firewall would alert me about a program with a strange name that was trying to connect to another system out on the internet.
I tried quite a few of the popular and well-known tools to remove all the crap from the PC but this one program seemed quite difficult to get rid of. It seemed to be using filenames that were hidden from most normal efforts to locate it, but the firewall program would alert each and every time it tried to connect to the internet.
For those that are not familiar with firewall programs, they are similar to anti-virus programs in the way they sit quietly in the background and wait for something to happen. In this case, attempts to connect to the internet from your PC, or, from systems on the internet attempting to connect to your PC.
Most firewall programs have a “learning” function built it that allows you to tell the firewall which programs are allowed to access the internet. You simply install the firewall program and then wait for it to start alerting you to programs that are trying to communicate via the internet. Once you have informed the firewall program about all the programs on your PC that are allowed to use the internet, you should not normally see alerts from the firewall unless a new program, that it does not know about, tries to communicate via the net.
This is what makes the firewall an invaluable tool in the battle against the makers of ad-ware and other nasty programs. Another thing I should point out is that some nasty programs that are particularly nasty have functionality built into them that allows them to bypass the firewall program or actually locate the firewall program running on you PC and terminate it! Talk about scum-ware!
I have my own answer to clever programs like that which involves using an older firewall program that has not been available for quite a while. Although it is certainly not foolproof by any means, my logic is to assume that most sophisticated scum-ware that is able to bypass or terminate a firewall program is probably programmed to recognize only up-to-date, or at least fairly recent, firewall programs. It would take a massive effort to track down every firewall program from the past few years and include functionality to identify them all as part of the scum-ware program.
I’m not going to say what firewall program I am using except to reveal that it is probably at least 5 years old, is no longer available and still works just fine on the PCs in my house.
The firewall also helped my find an effective and very unexpected solution to the problem of removing the last nasty program from my son’s PC. I probably could have used one of the advanced file management programs from the Ultimate Boot CD to locate and delete the hidden program, but what I discovered with the help of the firewall program saved me a lot of time and trouble.
When the firewall program produces an alert about a program trying to communicate via the internet it provides the name and location of the program that is trying to access the internet as well as the internet IP address of the computer that the program is trying to communicate with.
Most of the time these scum-ware programs are trying to contact other computers on the internet in order to send data back to them about the web surfing habits of the PC’s owner or to grab more scum-ware programs to install.
This appeared to be the case with my son’s PC since it had at least 10 different ad-ware and trojan programs installed on it. Apparently, some of them are designed to go grab more scum-ware off the internet and install it as fast as it can.
When the firewall program alerted me to the IP address of the computer that the scum-ware program was trying to reach, I decided I would type that address into a web browser and see if I could get a site to come up. That might help me figure out who was behind this and how to get rid of it.
Sure enough, a website appeared on the screen for some low-life advertising outfit whose name escapes me now. That was not too much of a surprise, but what was surprising was a link on their page that was labeled “Uninstall.”
Hmmmmm, could this actually be a way to rid my son’s PC of the scum-ware in question? I clicked on the “Uninstall” link and was shown some instructions on how to download the uninstall program and run it to remove the scum-ware program.
I download the uninstall program and ran it on my son’s PC. It informed me that the program had been removed. I wondered if this was too good to be true. Not being too willing to trust a scum-ware purveyor, I had wondered if the “uninstall” program instead infected my son’s PC with even more scum-ware!
I re-started his PC and was surprised to see that the firewall alerts were not longer coming up on the screen. As amazing as it seemed, the scum-ware makers actually provided a way to uninstall their program. After a little investigation, I found the same to be true for one of the other scum-ware programs whose IP address I had written down a little earlier in the process.
The bottom line is that you should get yourself a firewall program and use it, if you are not doing so already. There are a few good firewall programs you can download and use for free. Just search for “free firewall” on Google or Yahoo to find one you want to try.
If you are not terribly computer-savvy, the idea of using a firewall may seem intimidating at first, but give it a try. The protection you get from it is worth learning enough about it to keep it running on your PC at all times so you will know what kinds of things may be going on behind the scenes that you might otherwise never know about.
I’ll have to give credit to the spammers and other varieties of internet-dwelling lowlife for one thing: They are a damn creative bunch! They have come up with some absolutely ingenious schemes to keep the money coming in.
It used to be that a virus or worm or other nasty bit of software was released primarily for “recreational” purposes. The writer was trying to prove how good a hacker he was or was competing with other hackers to come up with the nastiest creation. I suppose others were just mentally deranged or something.
In recent years, I have been hearing a lot about a change in the motivation behind the creation of what has be come known collectively as malware.
Today, the motivation, as you might suspect, is money, and many accomplished hackers are now plying their trade for a paycheck instead of the fame and admiration of fellow hackers.
Although the primary focus of this post is regarding zombie networks, it is worth mentioning that things like the computer virus, phishing sites and adware are still a big problem that do not appear to be going away any time soon.
A zombie network is a group of computers that are controlled by someone else who has somehow managed to get a program or group of programs installed on computers that do not belong to them.
The person who controls the zombie network has total control over all the zombie computers in that network and can make them do anything his heart desires. Unlike a virus, the zombie programs that are installed are designed to work quietly in the background and never do anything to reveal their presence.
It’s not about causing difficulty for the owner of the computer that has been infected, although that is very likely to happen if the victim’s ISP (Internet Service Provider) figures out that the computer has been recruited as part of a zombie network. It’s about the money.
Laws against spam that have been passed in the last few years have driven the spammers further underground than ever. Many of them send their spam e-mail messages from computers located overseas to avoid trouble with authorities here in the U.S.
Others hire hackers who have their own zombie networks that can be used to send spam. Some zombie networks can consist of hundreds or even thousands of computers, all standing ready to follow whatever instructions the zombie master sends out.
Here’s a fictional story to demonstrate how some innocent internet user may end up with a computer that is part of a zombie network.
Joe Surfer stumbles upon a web site while doing some searching for information on the internet and notices an advertisement for a free screen saver or some other free software that sounds useful.
Joe clicks on the ad and is taken to another web site that is probably going to do one of two things. It may offer the software as a free download so Joe can grab a copy and install it on his PC.
It also might use some known security flaw in Joe’s web browser to go ahead and install the zombie program right then and there and leave poor Joe with no idea he has been infected just by visiting the site.
Whether he is infected when he visits the site or when he installs the software he has downloaded, his PC is now part of a zombie network.
Although Joe has no idea anything is going on, the zombie program connects to an IRC or “Internet Relay Chat” channel and sends a message to the zombie master who is monitoring the chat channel to let him know he has a new recruit in his network.
The zombie master can then communicate with the new zombie PC by sending instructions back to it via the chat channel. The zombie program is configured to start up and inform the zombie master of its availability each and every time the victim turns his PC on.
As mentioned previously, the zombie master can instruct all of the PC’s in his network to do anything he wants them to do. Most often they are used to send spam or to launch “denial of service” attacks on other computers that the zombie master or his employers want to take off the internet for some reason. The Blue Frog story is an excellent example of how this can come about.
Unless you have some type of security software installed on your computer, you may never find out that it is part of a zombie network. Although you may find out the hard way when your ISP discovers the infection and shuts off your internet access.
This actually happened to me once. My wife and kids had discovered the “surf the internet and get paid” stories that were going around a few years back and signed up with some of these sites so they could get paid just for checking out certain sites.
(If you’re thinking about getting involved in anything like this, don’t bother! I have never heard of a single “surf to get paid” deal that was not a scam.)
Anyway, a week or two later our internet service just died one day and did not seem to be coming back. I called our ISP and was informed that a flood of spam was being sent out from one of the computers in my house. I was told to let them know when the malware was removed and they would restore our internet access.
You can imagine how ticked off I was and how fast that particular malware was identified and removed from my wife’s PC! So much for “surfing to get paid.”
Figuring that all of my wife’s surfing would be to well-known, safe sites, I let my guard down and did not have the full compliment of security software installed on her PC. It was a lesson I learned the hard way, although I cannot be sure the malware would have been identified by anti-virus software I was using at the time. It is likely that a properly-configured firewall would have drawn attention to it however.
To this day I am not certain if my wife’s PC had been part of a zombie network or not since the information I was able to dig up about the malware that had been installed was not terribly extensive.
I was glad that I was able to download a free anti-virus program to eliminate it, but I wish I had been able to find out more about exactly what it was.
Unfortunately, the bad guys are developing more sophisticated malware programs that are harder to detect and even using rootkits to further mask the presence of their nasty little programs and keep victims in the dark.
There are things you can do to minimize the likelihood of your PC being infected with malware. There are numerous free anti-virus programs you can download and install. I also highly recommend a firewall program.
A firewall program installed on your PC can alert you to any other programs that are attempting to access the internet in the background. There are free firewall programs you can download. Just do a search for “free antivirus” or “free firewall” on Google and you should find what you need.
Using a firewall program can be a bit intimidating if you are not technically savvy, but it really is worth it to take some time to learn as much as you can and make use of a firewall program.
No solution is 100% effective against malware, but using anti-virus and firewall programs will give you a much better chance of detecting malware that has been installed on your computer without your knowledge.
It also appears that there is a new generation of anti-malware software coming on the scene. I heard about a program called CyberHawk and since it was free, I decided to download it and give it a try.
Although the program looked interesting and appears to have some promise, I don’t think it is quite ready for prime time. After noticing a number of occasions when my PC would slow to a crawl and nearly hang for no apparent reason, I traced the problem to CyberHawk and when I removed the program, the problems went away.
I am going to give it another try once they refine it a little more and you may want to check it out in a little while as well. It looks like it has the makings of a good program but has not had the bugs worked out of it yet.
Make no mistake. There are people out there who want to take control of your computer and do things with it that are not lawful so they can make a profit. Connecting your computer to the internet these days without as much protection as you can get is just plain crazy.
[tags]zombie networks, malware, firewall[/tags]