Lizzz's Computer & Support Website
Home
I Need A Service Call
Things You Need To Know
Help

Get Equifax Credit Watch

AVG Technologies

The Changing Threats on the Internet

updated 07/29/2010

Overview

There are over 16 million different threats on the internet, and that number is growing at an alarming rate. Not opening email attachments is not enough to protect you anymore.

Did you know that you can get a virus from just surfing? Did you know that your machine could be controlled by somebody else? Many websites are infected and will infect your computer.

Read more Warning: The Number of Infected Websites Has Exploded!

In a research paper done by Google in 2007 entitled, "Ghost in the Browser", it was stated that "At peak performance, the system finds approximately ten to thirty thousand malicious URLs each day that are responsible for installing malware."

Here is a more recent (9/16/2009) update 671% increase of malicious Web sites.

Is Malware Overwhelming the Internet?

If you want to protect yourself and do something about this growing threat, you must start by learning about the different types of threats and then by properly protecting your computer.

Cybersecurity starts at home and in the office

Threats Sampler

Phishing

Phishing is the term that is used when an email or webpage tries to trick you to get your personal information.

Do NOT click on links in emails that say they are from banks, financial institutions, Microsoft, Paypal, the IRS, the Census Bureau, etc. The forms look absolutely genuine, but they often are not.

Government warns of stimulus Internet Scams

Latest tax spam scam leads to data theft

Bogus e-mails from FDIC link computer users to viruses, says computer forensics expert

If you're unemployed or looking for a new job, BEWARE Fake Jobs: Job Search Scams are on the Rise in the Recession. Criminals are using your need for work as a way to steal your identity.

I almost fell for one of these scams. I was bidding on an auction item on ebay. At the last moment, I lost the item to another bidder.

A little while later, I received an email that said I had won the item, pay now. It looked legitimate. It had the item that I had been bidding on and the last price that I had entered. The email was exactly like the email that I normally get from ebay.

I was confused, so I went back to the auction site and the other bidder was still the winner. I contacted ebay to ask them what was going on. That is when I found out it was a sophisticated phishing scam.

The general steps for protection are:

  • Use the phone to verify
  • Type the web page address in yourself instead of clicking on a link

Here is an excellent article from the Securities and Exchange Commission "Phishing" Fraud: How to Avoid Getting Fried by Phony Phishermen

An article from CNN about The World's Most Poisonous Phish

Auction Site Scams

According to the Internet Crime Complaint Center (IC3), "internet auction fraud accounted for 25.5% of referred complaints" in 2008.

eBay Guides - eBay Scams - 14 things you MUST know

Try to Stay Clear of Craigslist scams

Pharming

Pharming is when you are taken to a fake website when you type in a real website name. Examples of fake websites are shown in Scareware.

Scareware

There has been an explosion of scareware over the past year.

A window will suddenly open while you are working and it will often have a Microsoft Logo and tell you that you are infected. No matter what you do, it won't go away.

Here is an example:

Example of a virus claiming to be an antivirus or antispyware program

There are many variations to this scheme.

It's not really from Microsoft or any other legitimate company. It's there until you pay.

The bottom line is extorting your money.

When this virus first surfaced, it cost $34.95. Now, it's around $89.95.

It's the ultimate insult--paying to download a virus.

Here is an example from an actual computer that was infected with a scareware virus.

I typed www.AVG.com in the address bar. This is name of the real website, but the computer was infected. (This could be any antivirus program website. I'm just using this as an example.)

Instead of going to AVG.com, it brought up this fake Microsoft Windows Live search screen with avg.com results.

Microsoft Windows Live Search Results

It is not unusual for Microsoft Windows Live (or any search engine) to do this, and I thought nothing of it. I did not know it was fake.

So I clicked on the link going to AVG.com.

What I got was this fake website:

Fake AVG Screen

Click here to see the REAL web page.

Note: If you click and see the same image as the fake AVG image, you're infected.

ANY WEBSITE CAN BE FAKED!

Because any website can be faked, be extremely cautious about banking or trading stocks online.

If you shop online, use a credit card with a low credit limit and internet fraud protection.

Ransomware

Ransomware is a form of virus that encrypts your files and demands a ransom for you to access them.

Ransomware Encrypts Victim's Files With 1024-bit Key

Spyware

Spyware is any program that collects information from your computer without your knowledge or consent and sends this information to another computer.

There are so many forms of spyware.

The way to combat spyware is to use a spyware scanner.

The Rule of ONLY ONE

In the fight against spyware and viruses, only use ONE program towards this end.

If you use multiple programs, they will cause conflicts and could even allow spyware to ultimately slip through.

Adware

One common form of spyware is adware. These are programs that covertly gather your personal information, so they can target their advertising to you. One common way that adware gets on your computer is by downloading freeware.

For example, Spybot requires you to allow their advertising robot as a condition of using their program.

Trojans or Trojan Horses

These are bad programs that usually arrive hidden in or with a downloaded file. They can cause considerable system damage, and they often open the door for many more viruses to come on in.

A typical source of Trojans is from the music file-sharing sites.

Typical examples of music file-sharing sites are Kazaa, Limewire, Frostwire, AG Satellite, Morpheus, BitTorrent, BearShare, and Napster. There are many more File-Sharing Sites

File-Sharing Software

File-sharing programs can also automatically share everything on your computer. Many young people use their parent's or caregriver's computers to download their music. When they do this, they are often opening up everything on that computer for search and access by anyone in the world. It does not even require any advanced skills to get that access. And, what is even worse is that some CD burning software automatically enables peer-to-peer file sharing along with CD burning and does not even notify you that it is doing this.

File-sharing software reveals user's private info

Internet Pirates

There are people selling and sharing illegal copies of software and music and other copyrighted items on the internet. These people are called pirates. If you download and/or buy and use illegal copies of copyrighted materials, you could be liable for up to $150,000 per violation. It pays to be very careful about what you are sharing or downloading or buying.

Piracy Frequently Asked Questions

Worms

These are programs that make copies of themselves and infect other computer systems. Worms are generally used for Denial of Service attacks, such as the recent attacks on the White House and other government agencies.

They don't usually harm systems. They just clog the system so that it grinds to a halt.

This can happen on an individual computer. I once repaired a computer that was hit by a worm. It made over 320,000 copies of itself and filled up the hard drive to maximum capacity.

I had to use the command prompt to remove the copies because this was too many files for Microsoft Windows to handle. It took 21 hours to delete those hundreds of thousands of files.

On the worldwide web level, worms make websites become available.

It's just a matter of timeThe Zombie Network

According to research by Trend Micro, around 100 million computers worldwide are secretly under the control of somebody else, and once they are controlled, compromised machines stay compromised Around 3 out of every 4 of these secretly controlled computers are in homes, while 1 in 4 are in businesses.

The computers that are being controlled are called BOTs, which is short for Robots.

Botnets (bot networks) exist on all operating systems, including Mac OS, Microsoft Windows, Solaris, and Linux.

The owners of these computers do not usually know that their computer is a bot. The computers function normally until they are put to work. When they are being used for tasks such as sending spam or launching denial of service attacks, all that is noticed is that the computer has really slowed down.

Criminals who take control of 1,000 bots are referred to as "Bot Herders."

When you put them all together, it's scary. The zombie network sends out millions of spam emails every day and are also used for other purposes, such as denial of service attacks. Did you ever wonder where all those male enhancement ads were coming from?

Some bot herders are members of organized crime in countries such as Russia and who knows where else. Some are script kiddies (people who know how to buy programs to control computers but don't know how to write programs).

Botnets Could Wipe Out Data on Infected PC's

Here's an article about the Net of the Living Dead

Mac BOTnet

Anderson Cooper's AC360 website was Attacked by the Zombie Network

Browse and Get Owned Warning

Attacks on Federal Computers

RUBOTTED is a free bot hunting program from Trend Micro for Microsoft Windows versions. (Note: it does not work for Windows 95, 98, or ME.)

Bot Hunter is a free bot hunting program for Mac OS X, Microsoft Windows, Unix (Note: This program is only for advanced users.)

Rootkits

There are more and more viruses that are able to run completely stealth on a system. These are called "rootkit" viruses. They make themselves part of or superior to the operating system. They can evade detection by antivirus programs and antispyware programs and the operating system itself.

The first time I found one years ago, I kept searching for it. It did not show up in running processes. It did not show up in directory listings. I knew there was a virus. The up-to-date antivirus program on that machine said it was clean. But it was there. I could feel it, I could smell it, but I could not locate it, no matter what I did.

I finally removed that hard drive and attached it to another computer to scan and view the files without allowing that drive to run any programs. A whole series of files magically appeared, and I finally found the programs that were the virus.

The implications of this one are VERY SERIOUS. There is no antivirus program that can guarantee your computer's safety anymore because of this method.

Rootkits exist on Microsoft Windows, Linux, Mac OS, and Solaris systems.

Wikipedia article about rootkits.

Because rootkits exist, be extremely cautious about banking or trading stocks online.

If you shop online, use a credit card with a low credit limit and internet fraud protection.

Trusteer reported that the Zeus online banking Trojan infects machines that are running up-to-date anti-virus programs up to 77 percent of the time.

Cambridge researchers show Chip and PIN system vulnerable to fraud

If you want further convincing, please read Zero Day Threat by Byron Acohido and Jon Swartz. They spent 4 years putting this book together.

In addition to rootkit viruses, the criminals can now also turn on webcams remotely and look in and listen in.

Don't you think they will turn on webcams when banking websites are being accessed?

Zero Day Threat

A zero day threat is when a criminal knows about a way to sneak into a system that the people who developed the system don't know about or have not yet been able to patch.

It's like having a master key.

Zero Day Defined

Protect Your Business From the Cybercrime Wave

Just when you thought there couldn't be more, there's more.

Man in the Middle (MITM) Attacks

Man in the middle attacks

MITM works by intercepting your request to go to a secure website. The person that intercepted it actually is the one that connects to the site. The site is then displayed on your screen, but everything you do is monitored by the man in the middle.

Secure Website Man-in-the-Middle Attack

Man-in-the-Browser Attack

New "Chat-in-the-Middle" Banking Attack

Banking Trojan steals money from under your nose

Because MITM attacks exist, be extremely cautious about banking or trading stocks online.

If you shop online, use a credit card with a low credit limit and internet fraud protection.

Passwords, Secret Questions, and Social Security Numbers

Even though it is a very bad practice, people often use one or two passwords for everything. The reason this is a bad practice is that if your password gets stolen from one website, the thieves will then turn around and try it on a bunch of other website logins, especially financial websites. In fact, they can use programs to automate logging in to other websites, so thousands of logins can be attempted in a very short period of time. Your money can disappear in a click, and then it can take months or years to recover from the loss.

Cyberattack on Google Said to Hit Password System

Thousands of Hotmail/MSN/Live email username and password details posted online at pastebin.com

Password Cracking

Secret questions that leave your accounts vulnerable:

Guessing social security numbers turns out to be easy

Hackers

There are many thousands of people who do nothing all day long other than try to get into your computer. They are there to steal anything they can get, including all your intellectual property. You would not believe what is stolen.

In a case so bizarre, a Missouri family's Christmas picture showed up on billboards in Czechoslovakia.

In another equally bizarre case, a Massachusetts woman finds her son's picture used in an online adoption scam (video--do not click this if you have dial-up)

Many organizations use a special security chip inside of computers called "Trusted Platform Module." It is used to protect really valuable data such as military secrets and trade secrets. Unfortunately, Security chip that does encryption in PCs hacked

Researchers find weakness in RSA authentication - common digital security system

The truth is that the only true security for computers is physical security--a computer that is not accessible is the only way to completely secure data.

Social Networking

There are many social networking sites. These include MySpace, Facebook, Linkdln, and Twitter.

These sites are constantly under attack by criminals.

Here is a video from AVG that shows how Alicia Keys MySpace page was hacked and infected (do not click if you have dial-up)

I've had many parents tell me that they allow their children on MySpace and Facebook.

They are under the illusion that access to their children can be controlled.

A simple search on Google (or your favorite search engine) for How to Hack MySpace Accounts ought to clear up that illusion.

Social networking sites are simply vulnerable.

Fake Adobe Flash Updater on facebook

Phony Work-At-Home Scams

Even Twitter gets attacked.

Check Your Facebook Privacy Settings. Now!

TAGGED.COM Don't go there:

Facebook Reposible for a Fifth of Divorces

Gangster used Facebook to intimidate enemies from cell

Scientists Warn About Social Networking

If you must use social networking, read this.

Data Miners

Data miners want you to put everything about yourself on the internet so that they can collect, use, and sell your information. It's just like handing them money.

Twitter Signs Data Mining Deal with Microsoft and Google

Augmented Identity: A new app makes it possible to identify people and learn about them just by pointing your phone.

What Data is Google Collecting on You?

If you are or someone you know is on a social networking site, see data mining for profit in action by typing a name into 123 People

On Sale Now. Buy 5000 friends on facebook for only $654.30

Everyone has a profile being built, even if they do not have a computer.

Profiles are initially built and then updated by what are called web crawlers (some people call them spiders, bots, or ants).

Web Crawlers are programs that continuously go through each and every website on the internet to gather information. That is how search engines such as Google, Yahoo, Microsoft Windows Live, Lycos, and all the others collect the information that is needed for their search engines to work quickly and effectively. (They build quick access look-up tables. If they did not do this, it would take forever to search for anything.)

Read more about Web Crawlers

Spammers are using web crawlers, too. They use web crawlers to collect email addresses out of web pages. If your email address is coded in your web page, your address will be collected, and you will get spam.

Criminals are using web crawlers to speed up the process of finding their next victim. One of their favorite targets is the elderly.

You can find out more about why the elderly are targeted and how to help keep them from being victims from the Federal Bureau of Investigation Fraud Target: Senior Citizens

The criminals often start with obituaries. People are always more vulnerable after the death of a loved one. Obituaries often give the name and general location of relatives.

You can find a person's age, address, and phone number with ease on the internet.

You can find out who has money by looking at charitable donation records. (Many charitable donation records are online.)

In a recent case, a woman who had never used a computer in her whole life was targeted by a theft ring that used web crawlers. They did the typical. They started with the obituaries. Her sister had just died. They found that she had made charitable donations. They found out she was 94. They found out she was a widow.

Playing on her grief, her age, and her widowed status, they telephoned her identifying themselves as FBI agents investigating the theft of her identity in a sophisticated scam that continued over several months.

They stole $70,000 from her, which was almost everything she had. And, even though these particular thieves were caught and arrested, the money was never recovered.

Another woman in her 90s in an assisted living facility was targeted by similar scammers claiming to have kidnapped her grandson.

Adding insult to injury, once a person has succumbed to a scam, his or her name and contact information is then sold to other scammers.

What's Coming

Right now, there is a new generation of signs that identify you.(video--do not click if you have dial-up)

It is only a short matter of time before your profile is matched up to you as you walk up by use of RFID (see Spy Chips), and then you will really be bombarded with advertisements and become the target of selective pricing.

Camera Viruses

There are viruses that can turn on your camera, if you have one. They've actually been around for quite a while.

Web eyes turn into Net Spies

There is no way of knowing who is looking in.

Camera virus on facebook

On a related note, Woman Says Dell Remotely Accessed Her Webcam

Lawsuit: U.S. school spied on students via laptops

Official: FBI probing Pa. school webcam spy case

If you have a camera, you can simply cover the lens when you are not using it. For desktop cameras, you can put a cup or a sock over it.

For laptop cameras, a small adhesive bandage works great.

I have found that many laptop owners do not even know that their laptop has a camera.

You can tell by looking at the top rim of the laptop screen and looking for a small glass hole right in the middle.

Please, please, please, if you have children, do not let them have computers and cameras in their rooms. Keep the computers in common areas such as the living room and dining room, and keep an eye on what they are doing.

The Justin Berry Story

Cameras are the tool of choice for pedophiles.

U.S. 'asleep at the wheel' on child porn

Dialers

These programs dial your modem without your knowledge or consent. These programs often call 900 numbers or international numbers and rack up massive phone bills. I've had customers with phone bills well over $500 from these dialers. If you are using high speed internet, disconnect the phone cord from back or side of your computer--you don't need it. These programs turn off the sound on your modem so that you don't know your modem is dialing. If you use a modem for your regular internet activity, you might want to consider disconnecting the phone cord when you are not using email or the internet.

Keyloggers

A keystroke logger tracks everything you type. The virus form of this keyloggers is commonly used to steal user names and passwords. It is also used to steal intellectual property. There are also a legitimate types of keyloggers. For example, there are programs that parents can put on a computer to track their children's activities. Keylogging is one of the features of these programs.

There are even hardware keyloggers--a keyboard that has a secret built-in recorder. It is virtually undetectable--there are no programs involved.

Keyboard with built-in keylogger

Because keyloggers exist, be extremely cautious about banking or trading stocks online.

If you shop online, use a credit card with a low credit limit and internet fraud protection.

Pranks and Hoaxes

There are endless pranksters, hoaxters, and rumor mongers on the internet.

When you get an email warning, an Amber alert email, or just an informational email, go to snopes.com to look it up.

Can you believe that there are fake Amber alerts? The false information even spills over into poetry. There is a poem circulating in emails attributed to Maya Angelou that was actually written by Pamela Redmond Satran.

Go to Snopes for Rumor Control.

Psychological Virus

It comes in the form of an email message that says "Warning: Look for a file named "something" on your machine, and it always ensures you that this is a verified warning from important sources. If you find the file, delete it immediately.

Of course, you just actually deleted a system file.

One that I've seen make the rounds every few years is for the system file named SULFNBK.DLL. This dynamic link library is actually the Microsoft Windows long file name handler. There are always plenty of people who delete their system files.

VoIP (Voice over Internet Protocol) Viruses

A virus has been found that is recording internet phone calls.

Wiretapping Skype calls: virus eavesdrops on VoIP

Free Online Training for Criminals

A simple online search for How to steal says it all.

Cybersquatting

Cybersquatting is when somebody registers a domain name with the intent of profiting from somebody else's good name.

It's illegal, but it happens more than you would imagine.

Further, cases of this nature require taking it to the World Intellectual Properties Organization (WIPO) for trial. It's complicated and expensive to pursue.

For example, a Texas real estate agent registered "thejaylenoshow.com," to get people to his real estate website.

Domain Theft

For years, hackers have been breaking into websites and stealing them.

Finally, for the first time ever, a hacker has been arrested and charged for this in August of 2009.

Mark Madsen, P2P.com & the 1st Domain Theft Arrest

Add-On Devices Such as Cameras, Phones, and More

If a device has digital storage, it can give and receive viruses.

Never plug in a new device unless your virus protection is running and up-to-date.

Children's Camera Comes with a Virus

Known Browser Vulnerabilities:

All internet browsers have vulnerabilities. The software vendors work as hard as they can to get these vulnerabilities patched, but it is a ongoing battle. New vulnerabilities are being found all the time.

New IE hole exploited in attacks on U.S. firms

Microsoft Internet Explorer

Apple Safari

Opera

Mozilla Firefox

Google Chrome

Email

Things you need to know about email

Identity Theft and Fraud

The internet is being used by criminals for identity theft and fraud.

According to the nonprofit Identity Theft Resource Center (ITRC), "confirmed breaches in the United States in 2009 resulted in 222,477,043 records containing personally identifiable information being exposed to potential identity theft. " Read the whole article

When you consider this number in light of the current population of the United States, what do you think the chances are that somebody has your personal information and could use it to steal your identity?

The U.S. Department of Justice has an excellent website that contains the things you need to know about these crimes--prevention, what to do if you are a victim, and much more.

U.S. Department of Justice: Identity Theft and Fraud

Identities For Sales

Wardriving/Warbiking/Warwalking/Warjogging/Warkitting

Believe it or not, there are people driving around, biking around, walking around, jogging around with their laptops or other portable devices looking for wireless access. Many wireless devices are not secure. Sometimes they are just hoping to connect to the internet using your wireless, but sometimes their intention is to get into your system, and it is even possible for them to leave a virus for you.

Read about Wardriving

Man Accused of disabling 100 cars over the internet

Flashing Items on Web Pages Can Induce Seizures in Some People

In a particularly cruel stunt, Hackers Assault Epilepsy Patients Via Computer

Software tool helps Web developers identify seizure-causing content

Computer Addictions

Many people have become addicted to their computers and the internet.

These addictions shatter lives and families.

There are a variety of addictions. These include cybersex, the internet in general, obsessive gaming, compulsive gambling, internet auctions, and others.

How Computer Addiction Works

You or someone you love can find out if you are dealing with an addiction so that you can get treatment before it is too late.

Are you addicted to the Internet? Take the Test!

If You Are Targeted

If you are a target of internet phishing, crimes, scams or if you know about an unreported vulnerability, please go to the National Cyber Security Website and report it.

National Cyber Security Website

The Bottom Line

Fighting these threats is expensive and time-consuming.

Pentagon Spends $100 million in last 6 months on cyber security

back to top