No, that’s not a blurb for a bad sci-fi movie—it’s a description of
what’s happening on any desktop containing an Internet-connected PC.
Before the month is even done, April has set a record for virus
e-mails, thanks to a virulent and successful malware called the Storm Virus, Adam Swidler, a manager at Postini Inc., a spam filter service in San Carlos, CA, told LiveScience.
A Storm Virus e-mail carries alarming news blurbs (originally concerning bad weather—hence the name) in its subject line. Clicking on the attached file causes a Trojan to download, installing botnet software that turns your PC into a zombie, placing it under someone else’s remote control.
Security software vendor Symantec Inc. recently reported detecting
63,912 zombies on an average day, and that during the last half of 2006
it detected 6,049,594 separate zombies—29 percent more than during the
first half of 2006. (More than a quarter were in China, where computer
security is a relatively new topic.)
How it works
In the background, when you may not notice, your computer will begin following the orders of its distant master.
Some zombies get rented out for denial of service attacks, but most
send out bulk loads of spam. Some of the spam will contain copies of
the virus that enslaved it. (Yes, it’s reproducing.) These days,
however, the spam is as likely to tout a particular company, announcing
extravagant news that, if true, is certain to drive the stock price of
that firm through the roof.
Unfortunately, the news is fiction—the botmaster has picked out a
thinly-traded penny stock and has bought a block of shares, sometimes
through hijacked online trading accounts. After the barrage of spam
goes out, enough gullible people
buy shares of the stock to cause its price to move upwards—and the
botmaster sells at a profit. The price then crashes, burning those who
bought it.
“There’s evidence that some of the people who buy the stock know
exactly what’s going on, but figure they can ride the stock price as it
goes up and get out when the spammer does,” Swidler said. “But they
never can.”
Spam 2.0
This "pump-and-dump" process is a hallmark of what’s also called “Spam 2.0.”
Unlike first-generation spam, which tries to sell something and
therefore can be traced to its perpetrator, Spam 2.0 has no obvious
link to the source of its funding, making it even more insidious and
harder to stop.
In response, the Securities and Exchange Commission
has tried temporarily freezing the trading of stocks touted in spam.
“But the spammers don’t seem discouraged at all by the SEC’s actions,”
observed Swidler. “We have not seen any impact.”
Self-protection, therefore, is paramount. Experts agree on several approaches:
- Don’t open files that are attached to spam, or to any e-mail whose source you are not sure about.
- If your Internet service provider offers spam filtering, use it, or get your own spam filtering software.
- Acquire anti-virus and anti-adware software and keep them updated.
- Use a firewall.
- Since most malware takes advantage of security flaws in the
operating system, make sure you have acquired the latest patches.
Current versions of Microsoft Windows can do so automatically if
there’s a network connection.
And finally, “Don’t respond to any unsolicited offers on the Internet, stock or otherwise,” Swidler urged.
|
PhoneCasting Global News
Main Categories
Visitor's Comments !
