Alex Zaharov-Reutt
Tuesday, 21 August 2007 17:33
Opinion and Analysis
Page 1 of 4
Arriving in inboxes around the world now are the latest email phishing
attacks, socially engineered once again to appear legitimate to try and
capture users, experienced or not, off guard – how do you protect
yourself?
Over the past few months, e-card spam coupled with a phishing link has tried to entice users to click the link and visit a specially designed website which will try to silently install malicious software (malware) and recruit your computer into a botnet army by turning it into a ‘bot’.
The e-cards were supposedly sent by a neighbor, classmate, worshipper, friend, work colleague and others, with the email urging you to open and enjoy your “awesome card”.
The cards appeared addressed from real world greeting card companies such as Hallmark and e-card companies such as Bluemountain.com, but had a link that usually started with numbers, followed by more text and numbers.
If you’ve received one of these emails and clicked the link, and your computer wasn’t updated with the latest updates and patches, you could well have been infected by malware to turn your computer into a zombie (or bot), one of many in a “botnet” of tens of thousands of similarly infected computers.
Before the e-cards petered out, at least for now, the previously more general e-cards seemed to morph into birthday cards.
The strange numerical web address link should have raised alarm bells with users but clearly the email phishing attacks have been successful to some degree – the ‘bad guys’ wouldn’t keep on seeing how many computers they could catch on each phishing expedition if they weren’t catching any phish!
The danger of botnets is also becoming very apparent, with botnets used to send spam, whether for medical supplies or more email phishing attacks, and they’re used to conduct denial of service (DoS) attacks on websites for ‘fun’ or to extort money.
Botnets are also used to fight other teams of bad guys and their botnets in a cyberwar for supremacy. They can be used for whatever purpose their owners want, right down to copying all of the information from each compromised computer, or activating microphones and web cameras to spy into people’s lives.
Clearly, online crime is an area that has benefitted from the same technological advances that have powered software, computers and the Internet.
Now, on my computer at least, the e-cards seem to have stopped, and a new batch of socially engineered phishing emails have cropped up.
So, what are the new email phishing threats, and how can you protect yourself from the latest threats - known and unknown? Please read onto the next page to find out!
