Computer News No. 123  Sep.-Oct. 2006

From the Help Desk... Beware of Spyware and Phishing Email

    1. Internet crime using spyware
    2. Your computer can be exploited as a phishing site or a member of a botnet
    3. Preventive measures against spyware

1. Internet crime using spyware

Spyware is a software that covertly gathers user information through an Internet connection without the user's knowledge, and feeds the information to the spyware author or to someone else. Spyware has the ability to monitor keystrokes (for passwords, bank account numbers, credit card numbers, etc.), scan files on the hard drive, snoop other applications, install other malicious programs, change the default home page on the Web browser, etc. ... The captured information may be sold to other parties for advertising or marketing purposes or used in computer crimes. 

A common way to become a victim of spyware is to download certain peer-to-peer file swapping programs available on the Internet. 

Another common way to contract a spyware is when users receive a phishing email telling them to visit a certain website and click a certain hyperlink.  Lately, thousands of people have reportedly fallen prey to a phishing attack that uses ecards as bait. The cards appear to come from a secret admirer.  When the recipient clicks on the provided hyperlink, the computer is directed to a malicious site that attempts to download a keystroke logger, the card is then displayed.

A more deceptive phishing email is to fake the sender email address with some administrative accounts of your email server, such as abuse@hku.hk or admin@hku.hk.  The following is a sample malicious email which spreads recently.  Note that though the web address shown in the malicious email looks like real and from a central server, it actually is not (there is no server called 'www.cc.hku.hk') and clicking on the hyperlink will download a malicious program, e.g. a computer virus or a spyware.

 
--------- begin of a malicious mail ----------------
From: abuse@hku.hk [mailto:abuse@hku.hk]
Sent: Wednesday, October 25, 2006 xx:xx PM
To: username@hku.hk
Subject: Account Alert

Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail
by the following link, or your account will be suspended for security
reasons.

http://www.cc.hku.hk/confirm.php?account=username@hku.hk
<Note: actually clicking this link will lead to downloading a malicious program 
 from http://www.xxx.yyy/Confirmation_Sheet.pif>

After following the instructions in the sheet, your account will not be
interrupted and will continue as normal.

Thanks for your attention to this request. We apologize for any
inconvenience.

Sincerely, Cc Abuse Department

--------- end of a malicious mail ----------------

2. Your computer can be exploited as a phishing site or a member of a botnet

Once the spyware is installed on your computer, it not only captures your information, your computer may also be exploited to become a phishing website without your knowledge. 

Because spyware is using memory and system resources of the infected computer, when many computers are infected by spyware and launching attacks to other computers on the network, the network response can be slow and the computers being attacked may not respond at all.  Such group of infected computers is often called a botnet.

3. Preventive measures against spyware

We reiterate our usual advice for our users to increase the security of their computer systems as follows.

1. Perform Windows Update or other brand of operating system on your computer whenever a critical update is released.  Applying patches to your operating system and/or system software is the first line of defense for closing up the loopholes through which spyware can come in your computer.

2. Install anti-virus and anti-spyware programs on your PC.

Often the anti-virus software cannot detect a spyware.  For Windows users, you can install the Microsoft Defender or the Spybot on your PC.  See instructions under Q7B at http://www.hku.hk/cc/faq/virus.htm

3. Install a firewall in your computer (the Windows XP SP2 has a firewall as a default).  The firewall prevents unauthorized access to or from your computer through some network connection port numbers.

4. Do not open any suspicious attachments before scanning them for virus.

5. Do not visit any suspicious web site especially those telling you to update or change your personal or financial information.

6. Do not install peer-to-peer file sharing software.  

The new version of the browser Internet Explorer 7 (IE7) has a Phishing Filter which helps users detect phishing web sites. Please see the related article in this issue of the Computer News.