Say “Yes” on the Internet and Malware’s Gotcha!

It's not my fault Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

image

image

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is full of sites (including this one), dedicated to educating computer users on computer security, including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Here’s a perfect example why there’s a critical need for you to take personal responsibility for your Internet security. Just this morning (May 11, 2010), I posted the following link to an article from ZDNet’s, Adrian Kingsley-HughesUPDATE – New attack bypasses EVERY Windows security product.

Those Internet users who become aware of this highly significant change in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that the majority of users will not hear of this. So, we’ll be faced with a new crop of cybercriminal victims.

As we have pointed out many times on this site, the instinctive human response to say “yes”, poses one of the biggest risks to online safety and security.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Just a quick little aside here:

Earlier this year, I spent some time at my local hospital, and while I was there, I couldn’t help but notice Nurses logging on to Facebook. I was astonished to see, that this was happening on the the same system on which my personal medical records were stored.

Just as if it was ordained, the entire system suffered a virus infection while I was there. A little investigating showed that this was not the only malware attack, on that system, in the recent past. A dictionary definition of negligence, in my view.

Arguably, we’re facing a systemic problem – primarily a problem of computer users (both corporate and home users), lacking the necessary skills to protect against cybercrime.

But back to the topic at hand.

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

24 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Security Alerts, Windows Tips and Tools

24 responses to “Say “Yes” on the Internet and Malware’s Gotcha!

  1. Dave

    And more often than not, once I get in to the infected computer I usually find either no security software or software that has expired some months ago.

    • Bill Mullins

      Hey Dave,

      I hear what you’re saying.

      I’ve often been curious as to how often you come into contact with machines where the trial security software has expired, and not been replaced. You’re on the front lines, and I’m thinking you must see this frequently.

      Bill

  2. Dave

    More often than not it’s the case. Take today for example, a laptop, infected with vundo, koobface, gamevance, zlob, DNSchanger, and other junk. Once I got the thing to even be able to boot into Windows I find an expired 30 day trial of NIS 2009 that was installed in december, so basically no AV protection since February.

    • Bill Mullins

      Hey Dave,

      This trialware BS can be really harmful, and your example from today, goes a long way to showing just how harmful.

      Your laptop customer really got a bellyful – vundo, koobface, zlob. What a mess!

      Thanks for this – much appreciated.

      Bill

  3. Dave

    And I forgot to mention the rogue AV application, antivrus 2010 I believe it was. After talking to the customer it all started after he was told he needed to install a video codec to view a video someone sent him on facebook, no big surprise there.

    • Bill Mullins

      Hey Dave,

      I wonder sometimes, if regular readers get tired of reading “Downloading that media player codec to play a porno clip, which still wont play, but your computer is now infected.” You can substitute Facebook, or any other social site, if you like. Or, “Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.”

      Then, a professional Computer Technician, often it’s you, confirms one more time that users need to be reminded.

      Thanks for confirming this important point.

      Antivrus 2010? Damn! Mark Schneider recently did a guest post here, illustrating just how hard it is to remove Antivrus 2010

      Best,

      Bill

  4. Liam O' Moulain

    Bill,

    Keep on reminding me.

    I don’t mind one bit – I need reminding from time to time.

    Liam

  5. Pingback: Tweets that mention Say “Yes” on the Internet and Malware’s Gotcha! « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com

  6. John

    Hi Bill,

    A very timely reminder that we can never be too careful when it comes to clicking on that word “Yes”.

    Sorry have not posted lately, I have been on assignment in the never never for the last few weeks, and now that I’m back home it has taken me a few days to catch up on your blogs!

    Cheers
    John

  7. Bill,
    Great article, we all need as much of this type of information as we can get. There’s a real problem today in that too many people are ignorant of the kind of problems you point out, and when they get infected, it usually affects their friends and contacts too. It seems to me that part or maybe most of the problem is that there is no organized way, except in blogs like yours and others, mine included, to conduct meaningful security awareness programs. It’s hard for most folks to get motivated to learn about security issues on their own, even if it is available. It usually takes personally experiencing a harmful incident to get their attention. Well, whatever it takes, we must keep up the good work of communicating about IT security in any way we can.
    Paul

    • Bill Mullins

      Hi Paul,

      I agree – “It’s hard for most folks to get motivated to learn about security issues on their own, even if it is available.” Part of the issue is; it’s a problem of perception.

      What I mean by that is – most computer users, particularly younger users, are convinced they are part of the so called “tech savvy generation”, And so, many believe they don’t need to become educated with respect to current Internet realities. The facts however, counter this perception rather eloquently. Younger users (below 35), are considerably more likely to become infected than those that are older. Recent Facebook fiasco’s, one piled on the other, are good examples. But only one example – there’s an endless list.

      It’s no accident that younger people consider themselves “tech savvy”; a misnomer consistently reinforced by mainstream media, who consider “thumb texting”, the height of tech saviness. Lord help us!

      Is it any wonder cybercrime is a 100 BILLION dollar industry?

      Bill

      *A quick note to readers:* Paul is today’s guest author and he has written a very perceptive article here – Internet: The Good, The Bad, And The Ugly. Check it out.

  8. Mal

    Hey Bill,

    That illustration of rogue security software tells me the bad guys can’t even spell. The use the word “pervent” lol. But seriously, I had a look at the article written by Adrian Kingsley-Hughes, scary stuff. Thank God I use the layered security strategy, I wonder if that is even enough though.

    Those examples posted by Dave, they remind me of some machines I have encountered over the years. You have to wonder how people can be so stupid, honestly. I mean, even when you boot up a brand new computer, it tells you if you have antivirus running or not, there’s enough warnings out there about the need to run them.

    Anyway, enough of my babble, good article.

    Cheers

    • Bill Mullins

      Hey Mal,

      I like your babble – so keep babbling. lol

      I know that this is a complex issue, but you raise a good question “You have to wonder how people can be so stupid”.

      Dave is the most astute Professional Tech I know, and I never fail to be amazed by the sheer amount of malware he regularly finds on a single user’s machine. I don’t know how he keeps his civility with these people. Doing so, would be outside my capabilities. There’s a good reason why I won’t do this kind of favor for friends, and that’s it. It just tries my patience to the breaking point.

      You’re a high level user, so I wouldn’t be too concerned by Adrian’s article. You’ve been through this before, more than once, I expect.

      Best,

      Bill

  9. This is just why every new computer user should pass a basic course first on internet safety and security!

    • Bill Mullins

      Hey Pochp,

      There are many people who feel just as you do. It will never happen, unfortunately.

      On the Hospital thing – there’s no point in reporting. As I said to Adrian, Internet usage is allowed. This is not unusual in enterprise settings. Sad – but true.

      Bill

  10. Adrian

    I’m still suprised that cybercrime is not reported on the local news.

    @Your experience in the hospital: Why don’t you report those nurses?

    • Bill Mullins

      Hey Adrian,

      Like many companies, this Hospital has few restrictions concerning Internet usage.

      Bill

  11. Ranjan

    Everyday i go to internet, it feels as if i’m going on a war.. One wrong step, your gone…
    Btw, guys, do you know about a new rogue named similar as “Microsoft Security Essentials?”
    I’m suprised that how openly they’re using the names of big companies…

    • Bill Mullins

      Hey Ranjan,

      Yes, I heard about the phony MSE and I wasn’t surprised – very frustrating.

      Bill

  12. I agree Bill.
    I have a computer-to-first in my life for almost 15 months, but I noticed that a lot of people who have computers for years and know less than me about safety.
    Such curiosity.
    Greetings.

    • Bill Mullins

      Hey Robert,

      You had a need and the desire to educate yourself. Unfortunately, this is not always typical of new computer users.

      Best,

      Bill

  13. poch

    Hey Bill,
    I was thinking of reporting those nurses who network OTJ. That’s dangerous!
    I can do that if you want me to. Just give me the name of the hospital.