The Norman Transcript

June 14, 2008

Stop helping the bad guys, Part 3


Ah, the early days of home computing. Back in the ’80s, and for much of the ’90s, few computer users gave much thought to Internet security. We weren’t worried about electronic vandals or criminals damaging machines, and the only medicine for viruses came from the family doctor.

The world we now live in is dramatically different, and Internet security has become the responsibility of the end user. What used to be like a walk in the park is now more like a midnight stroll down a dark alley. In the same way that the police won’t check to make sure your car is locked, no one but you can make sure that the bad guys are locked out of your computer.

Upwards of 200 new computer viruses, worms and trojans are released “into the wild” every day. Eighty-eight percent of computers have some kind of spyware installed, with an average of 25 spyware instances per machine. Despite the warnings from people like me, far too many computer users still do not take Internet security as seriously as they should. Yesterday, I removed 219 viruses from a client’s computer. Antivirus software was installed, but had expired long ago, and was not actively running. He had seen and ignored the warning signs for quite a while; as a result, the viruses had severely damaged his Windows operating system. This was a computer that was critical to his business. It took me a long time to make things right; it cost him a lot of money.

Internet fraud schemes also have experienced amazing growth, using spam “phishing” and “pharming” e-mails, fake Web sites, and the new darling of the bad guys, instant messaging. More than 90 percent of all e-mail traffic is spam, with millions of dangerous e-mails sent every day. Instant messaging networks have seen huge increases in fake instant messages, or “spim” attacks. Phishers steal millions of dollars every day. One survey shows that 70 percent of Internet users have visited a bogus Web site, with private data being given up by 15 percent.

Identity theft costs the U.S. economy billions of dollars every year. Thousands of otherwise legitimate Web sites have been secretly infiltrated with malicious software designed to infect visiting computers, stealing passwords and recording every keystroke.

The boldest crimes come from online extortioners. One tactic uses the PGPcoder virus, which infects a computer and then encrypts the contents of the machine’s hard drive, rendering the computer unusable by its owner. It then leaves behind a text message instructing the owner to send $400 to an offshore bank in exchange for the computer being restored to a usable state.

I have a client who has suffered this exact attack. Using what’s known as a distributed Denial of Service (DOS) attack, organized crime groups are using thousands of virus-infected “zombie” computers to extort huge sums from large companies. If the companies don’t pay, the zombies all begin downloading pages and files from the company’s Web site at the same time, and flooding e-mail servers with thousands of bogus e-mails per second. This eventually overloads the company’s network computers, causing them to crash, resulting in a “denial of service” to the company and its customers. Given the international nature of these attacks, and, knowing that law enforcement agencies have a slim chance of catching the perpetrators, most companies pay the ransom money.

Sadly, new computers that come off the shelves of your local retailer are not ready to safely face the Internet for an extended period of time.

Internet security is your responsibility; take it seriously.

Dave Moore has been repairing computers in Norman since 1984, when he borrowed $1,200 to buy a Commodore 64 system. He can be reached at 919-9901 or www.davemoorecomputers.com.