Is it just me? I seem to be experiencing a considerable uptick in unsolicited emails from unknown sources. I am also receiving more email reject notifications than the number of emails I am sending out. Ditto for confirmations of passwords and registrations. All of these emails have attachments. If there is a company name in the sending email header, I check the web to see if it's a new EDA company or organization I might not have heard of. I am somewhat paranoid about the possibility that these attachments may contain computer viruses, so I just delete them.
I was once a victim of a computer virus; not a pleasant experience trying to recreate everything. This was not quite as bad as when I had my computer stolen out of my hotel room while on a consulting assignment in Budapest, Hungary.
I don't understand the mindset of those who create and spread viruses. It is beyond belief that someone who knows how to do this has no comprehension of the damage that can be done. There is no economic incentive for unleashing a conventional virus. Since those impacted by a virus are random people, there is no personal motive as from a disgruntled present or former employee. For conventional viruses there is little technical challenge and therefore there can be little sense of accomplishment.
Unfortunately the terms computer virus, worm, Trojan horse, spam, phishing and so forth are all too familiar. While some incidents of their use may be relatively benign and only mildly annoying, many are malicious leading them to be referred to as 'malware'. These may slow down or crash a computer, delete or corrupt files, steal confidential information, setup backdoors for future access or otherwise inflict harm. Worms are self-replicating programs that spread with no human intervention after they are started. A worm can spread by initiating telecommunications by itself. It can search email address books for new victims. Viruses are also self-replicating programs, but usually require some action on the part of the user to spread inadvertently to other programs or systems. The name Trojan horse comes from the Homeric story of a gift by the Greeks to the Trojans of a large horse concealing soldiers later emerged to open up the city gates. Recipients of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source.
Malware can be received via email, downloads (shareware, screensavers, ), file sharing across a network, peer-to-peer computing, media (CDs, DVDs, floppies, memory sticks, ), instant messaging and so forth. Many enter a computer as a separate executable attachment, while others are embedded as macros in word processing files, spreadsheets and the like. Hackers may also target a website or network by exploiting vulnerabilities in the operating system or communication system.
There are now more than 100,000 known viruses. Some of the better known computer worms of the last two years are
Sobig, mass-mailing worm, appeared in January 2003. The Sobig family became known as the fastest-spreading and the most financially damaging virus in the history of computers. It reportedly caused $36.1 billion in damages. When it arrived via email, the worm poses as a .pif or .scr file. The sender's address was spoofed. The worm also had updating capabilities and attempted to download updated versions when certain conditions were met.
MyDoom was a computer worm that appeared in January 2004. Initially it was thought that the primary purpose of MyDoom was to launch a distributed denial-of-service attack against SCO Group, the company that is trying to claim rights to parts of Linux. Mydoom is primarily transmitted via email which contains an attachement, which if executed resends the worm to email address found on the infected computer.
The Sasser worm appeared in April 2004. It exploits a buffer overflow component in the Windows' Local Security Subsystem Service (LSASS). Microsoft had actually relased a patch to fix this before the worm was launched but many if not most users had yet to instll the patch. It has been learned that this worm was written by an 18 yearold computer science student in Rotenberg, Germany. The same student was responsible for several Netsky variants.
Spamming is the use of any electronic communications medium to send unsolicited messages in bulk. The term spam is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM luncheon meat.
Some see spam as the electronic equivalent of junk mail. The differece is that the cost of sending millions of spam emails is almost nothing while the cost of junk mail even with bulk mail rates would be considerable. Further, spammers sometime use worms to take over computers (you, mine) as a base from which to send out spam.
According to industry vendor Sophos 'phishing' is a hackers' term that comes from the scam's parallels with fishing, with the fake emails and website acting as the “bait”, and the victims' accounts as the netted “phish”. Phishing is done by spamming out authentic-looking emails that claim to come from a well-known financial or e-commerce institution such as Citibank, PayPal, e-Bay or America Online. Usually the recipient is asked to click on a link, taking them to what appears to be a legitimate website. In fact, the website is a clever forgery, often virtually indistinguishable from the real thing. Even if only a tiny percentage are duped, the phishers can make a significant amount of money while the site is up and running - most phishing sites last only a few days before being shut down. Depending on the type of account which has been compromised, phishers can commit further fraud or gain unauthorized access to other computers or networks.
“Pharming” is like phishing, in that it aims to steal confidential account information. Unlike phishing, however, this method does not rely on phony emails to lure unsuspecting victims. Pharming uses Trojan horse viruses that change the behavior of web browsers. User attempts to access an online banking site or one of the other target sites actually trigger the browser to redirect to a fraudulent site. Once a machine is infected, a user can type the correct URL and still end up at the fraudulent site.
Industry analysts believe that more than 2/3rds of all PCs are infected with spyware, software that gathers and reports information about a computer user without the user's knowledge or cosent. The symptoms of spyware include:
Unauthorized pop-up advertisements, even when not browsing the Web
A change to the browser home page or default search engine without user consent, which often resists attempts to change it back
A new and unwanted toolbar on the browser, which often resists attempts to remove it
A sudden and dramatic slowdown in PC performance
Increased crashing of operating systems, Web browsers, and other common application
What is being done to counteract the growing numbers, increasing sophistication and greater maliciousness of these elements? How have the government, private organizations, Microsoft and vendors of anti-virus tools responded?