Cyber Top Cops Articles: The Latest In Cyber Security

The Streetwise Guide To PC Security

2008-05-14T22:54:00.005+02:00

We are halfway through May already and speaking of which, we are almost halfway through the year already. But what progress have we made in terms of cyber security. Spam is on the rise, malware infections are on the rise, botnets are growing bigger and more Internet users are turning into advance fee con artists. Pretty grim picture isn't it? No, I do not want to sound pessimistic, but the reality is that no piece of computer security software can protect you completely against Internet based threats. What am I saying... throw away all your spam filters, firewalls and anti-malware applications? No, not at all, they play an integral part in our protection against cyber threats, but even the best tools in the world can fail dramatically if they are not used by streetwise cyber citizens.

I guess most of you are glaring at your screen right now, asking yourself, "what the hell is he talking about?" Lets take two persons and put them in a dangerous neighbourhood, the one person is a high profile celebrity dependant on his bodyguards to keep him safe and the other person is a normal guy who grew up on the streets and learned to take care of himself. Which one is the most likely to survive, all by himself, in this dangerous neighbourhood? The latter of course. Why? Because he is streetwise, he doesn't need fancy tools and bodyguards to take care of him, he knows how to think for himself and what to look for in order to stay out of the heat. Computer security is a lot like that, you don't need to be an Einstein to stay safe in the online world, it is no rocket science to be streetwise, you just need to how to stay on top of your game, you catch my drift? Right, enough street slang, so lets get to the point.

I stumbled across a very interesting article about PC security, published by BitDefender. A BitDefender employee told me that the article is quite old, but nevertheless, it is a generic set of PC security rules that are still very applicable to computer security these days. I have a lot of positive things to say about this article, but it is not without some criticism, so without any further ado, lets take an objective look at the list of rules called the Ten Commandments for Your Computer Sanity.

"1. Don't assume anything. Take some time to learn about securing your system."

Perhaps the single and most important rule of them all. If you are not sure, ask for advice and try to understand why it is important to take certain precautions, don't just assume that's the way things are done.

"2. Acquire and use a reliable anti virus program. Select an anti virus that has a consistent track record. Checkmark, AV-Test.org and TuV are among the most respected independent testers of anti virus software."

So many people go out and download the first anti-virus program that pops up on their screen. Malware infested products are marketed very aggressively, so these less known, but dangerous applications often occupy top spots in search engine results and online contextual advertising, so never trust a download just because it appeared in the search results of your favourite search engine. Visit Spyware Warrior for a comprehensive list of rogue anti-spyware products.

"3. Acquire and use a reliable firewall solution. Again, independent reviewers are your best bet for reasonable choices. Some operating systems come with a firewall, which only filters incoming traffic. Use a firewall that can control both incoming and outgoing Internet traffic."

Firewalls were once a thing for computer experts and large corporations only, it was uncommon to find a firewall installed on a normal end user's computer. Like mentioned in the rule, we even have firewalls built into our operating systems these days (not that it really helped the online community in any way when I come to think of one specific operating system). But the necessity of a firewall increased in the last couple of years and it is irresponsible and suicidal these days to browse the Internet without a proper firewall that provides bi-directional protection. You need to know what is transmitted to and from your PC. You don't want malicious code to infiltrate your system and you don't want confidential and sensitive information to leave your PC without your consent.

"4. Do not open e-mails coming from unknown or distrusted sources. Many viruses spread via e-mail messages so please ask for a confirmation from the sender if you are in any doubt."

If more people can adhere to the first part of this rule we will have a lot less virus breakouts and spam. Each time you open a 'harmless' spam e-mail you give the spammer reason to send more spam because you respond to his e-mails. I have discussed this topic a hundred times before so I'm not going into it once again. With regard to the latter part of this rule, it won't be wise to ask for a confirmation from the sender in my humble opinion, you are just looking for more spam by replying to an unknown source. With so much e-mail forgery happening these days, it is anyway a complete waste of time to respond, because the sender's e-mail address is most likely invalid or spoofed.

"5. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated anti virus program."

Once again, the first part of this rule is a piece of gold and can save you a lot of headaches if you stick to it, but I do not agree with the latter. It is almost like saying: "Don't shoot yourself with a 9mm, but if you want to, go ahead and take a peek down the barrel to make sure you are using blanks". If you get an e-mail with a suspicious or unexpected subject and on top of that some executable file, Word document, PDF, ZIP or any suspicious file attached to it, don't mess around with the bloody thing, delete it.

E-mail scanners have been with us for quite some time. The e-mail scanner of an anti-virus package uses the same database as the file scanner, so if an e-mail gets past your e-mail scanner, using the latest virus definition database available, what makes you think that the file scanner will do any better? Should you trust an attachment just because your anti-virus program told you the file is clean? A suspicious attachment from an unknown source has a 99.9% chance of being malicious, so why even bother scanning it? Many inexperienced users don't even know how to save an attachment and run it through an anti-virus scanner, so they walk a big risk of infecting themselves. My advice, if you don't know how to handle suspicious files properly, stick to the first part of this rule and ignore the latter.

"6. Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic."

Pure words of wisdom. Many people simply assume that friends and family enjoy receiving junk chain letters and unbelievable, ridiculous stories that you need to forward to everyone in your address book. Who needs spammers if you have friends like this? Apart from spamming all your friends and breaking anti-spam laws, it also comes down to bad e-mail etiquette. The fact that your friends are on your mailing list does not give you the right to send them anything you want. Take your recipients into consideration and think before forwarding jokes, petition lists, chain letters and other kinds of junk mail to them.

"7. Avoid installing services and applications which are not needed in day-by-day operations in a desktop role, such as file transfer and file sharing servers, remote desktop servers and the like. Such programs are potential hazards, and should not be installed if not absolutely necessary."

There is a lot of truth in this, but unfortunately this is easier said than done. The blame lies on the side of software developers and not the end user installing the software. Ordinary users simply install the software and use it whenever it is needed. Little do they know that the software is running 24/7 in the background eating up valuable system resources. These programs put themselves in the Windows Start-up without informing the user about it, or the option to load the software at Windows Start-up is often pre-checked during the installation, so the user has to opt-out to prevent this from happening. These pre-checked options are often missed, because the user simply rushes through the 'easy' installation process. There is a reason why certain developers make the installation procedures so easy.

When I analyse HijackThis logs of malware victims, I often see loads of auto-update managers, system tray utilities, P2P clients and all kinds of 'junkware' loaded in the Windows Start-up. These users are always stunned by the sheer performance of their computers after I removed all these useless applications from the Windows Start-up. Ask someone to check the Start-up section of your PC and remove all the redundant entries. You will be amazed to see what difference this can make in your PC's performance. Don't leave file-sharing software like LimeWire, Shareaza or KaZaa running in the background all the time, they create a weakness in your security setup and make it easier for hackers to gain access to your system. As the rule says, these programs should rather be avoided if possible.

"8. Update your system and applications as often as possible. Some operating systems and applications can be set to update automatically. Make full use of this facility. Failure to patch your system often enough may leave it vulnerable to threats for which fixes already exist."

Most people are guilty of not updating their system on a regular basis. But there is a reason why people are afraid of updating. Remember what happened when Service Pack 2 of Windows XP was released for the first time and if I am not mistaking, history repeated itself with Service Pack 1 of Windows Vista this year.

I know one should lead by example, but I am perhaps the worst of them all. I haven't updated several of my applications in years, because I am happy with the versions I am using at the moment and don't want some update to screw everything up. If you stick closely to rule number one you automatically take your computer security to the next level. If you pay attention, to which sites you visit, which files you download and which programs you install, you can easily skip this rule for years without any malware incidents at all. Still it is wise to update your software when you have the chance. It is better to fix a broken wall even if you are never bothered by the outside world. The problem is however, you never know when the outside world might start to bother you, so rather be prepared than sorry.

"9. Do not copy any file if you don't know or don't trust its source. Check the source (provenance) of files you download and make sure that an anti virus program has already verified the files at their source."

Will you use a box of aspirins, from an unknown source, left on your doorstep? Off course not, even if you are familiar with the specific brand of aspirins, you have no idea where they came from. How can you be absolutely sure that they are really aspirins? Well, the same goes for computer files. If you can't verify the reliability of the source of a specific file, how can you trust the contents of that file? You have no idea where the file has been and you have no idea whether the contents of the file is really what it should be.

"10. Make backups of important personal files (correspondence, documents, pictures and such) on a regular basis. Store these copies on removable media such as CD or DVD. Keep your archive in a different location than the one your computer is in."

Backups, ah the one thing that no one ever does. Have you ever thought about what you can loose if you suddenly got infected with malware? What if a cracker gains access to your PC and delete your favourite music collection? Backups play a very important role in PC security, especially when it comes to system recovery after a malware infection or system failure. Any proper security setup should have solid backup policy. Without backups you will never fully recover from a severe system crash. Backups are your insurance against data loss. So if you are not in a habit of backing up your most important documents and data on a regular basis, rather start doing it before it is too late. BitDefender's Total Security can be set to perform automatic backups for you.

We live in an age where we can't rely on software alone to protect us from online threats. You are responsible for your own safety online, software applications like firewalls and anti-virus programs are only tools to help us in situations where things are out of our hands. Your personal computer security depends on your willingness to stick to these rules, being vigilant and using common sense. Treat everything as a threat until you can prove otherwise, this is the safest approach in the digital Wild Wild West.

If you have anything to add to this list of rules, feel free to leave your comments.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

I Need a Proxy, Everybody Wants a Proxy!

2008-04-15T23:12:00.003+02:00

Do a search for the phrase "I need a proxy" and you'll see what I'm talking about. Requests for the latest proxies are normally encountered on Q&A communities like Yahoo! Answers, WikiAnswers and Answerbag, but you will also find people on forums, constantly asking for the latest proxy to bypass Internet filters at school or at work. Unfortunately, these people fail to realise that firewalls and Internet filters are there for a reason.

I guess I'm not going to be very popular after publishing this article, but this is really a big problem and one that needs to be addressed very quickly before it grows into another digital snowball like spam and malware. IT departments spend a lot of time and money on network security. Restrictions are put into place, not only to protect corporate data, but also for the safety of everyone working on the corporate network. However, network restrictions are not only for the corporate world, these restrictions are also present at schools and even in our homes. But what is the use of protecting your data and privacy if you constantly have to deal with cyber rats eating their way through your defences from the inside?

A proxy is often blocked as soon as the network administrator becomes aware of the fact that it is used to gain unauthorised access to websites and other networks. That's the reason why people are constantly in search of brand new proxies and what scares me the most, is the rate at which these new proxies become available, it is so bad you can even regard it as another form of spam. The sad reality however, is that the people who use these proxies, either do not know a thing about PC security, or they don't give a damn about it. Browsing restricted sites via an illegal proxy exposes your computer to malware and hackers, putting the whole network at risk. Confidential and sensitive corporate information can easily be leaked and the privacy of every employee using the corporate network could be compromised due to the selfish acts of employees who can't walk between the lines. So you are not only putting your colleagues in a tight spot, your compromising your own security as well.

The most popular reason for a proxy is to gain access to social networking sites like MySpace, Facebook, Orkut or Twitter. Social networking sites are time and money wasters in terms of productivity, bandwidth and company resources. Instead of doing their jobs, people waste hours and hours of productivity during the day, by hanging out on social community sites. To add insult to injury, they don't use their own bandwidth to chill on these sites, they use company bandwidth, company computers and company printers to do what they should be doing after work. Kids browse these social communities instead of attending to their schoolwork, wasting their parents's money, or the money of the taxpayer if the government funds the school. Speaking of the government, what about government workers? Instead of delivering the services we pay for, they browse MySpace, Facebook, Orkut or Twitter with our tax money. (Some governments do not even have any network security to speak of, so they can access any site without the use of a proxy).

Don't get me wrong, I'm not against the use of social networking sites, but there is a time and place for everything and social networking sites do not have a place at the office or at school (unless you are the PR manager of the company maintaining the company profile on MySpace). Before everyone starts to call me a party pooper, accusing me of taking the fun out of the office, think about this: If everyone spent more time on their job and less time on social networking sites during working hours, we will get a lot more work done and will therefore have plenty of time to hang out with friends and family on our favourite social networking sites. Don't be mad at your boss for limiting your Internet access, the fact that you are using a proxy to bypass Internet filters and other limitations imposed by your employer, already tells me that you can't use the Internet responsibly. If you really need to use these sites, visit them after work or after school and if you don't have a computer at home, use a friend's computer or visit an Internet café. It has to be mentioned though, that 3rd party proxies are not only used to access social networking sites, but they are also popular for porn surfing and the downloading of pirated software, music and movies. These sites are far worse than social networking sites, because they do not only waste valuable man-hours, they are often loaded with nasty malware, a direct threat to the safety of everyone working on the network.

The bottom line is, companies invest a lot in computer security, computer labs at schools do their best to keep their networks safe and clean and parents invest in parental control software to keep their young ones from accessing harmful content on the Web. Still you get people who want to break down all these barriers, ignoring the damage they cause and the risks they create during this process. Bypassing the parental control software on the family computer can easily lead to a prohibited site where a sneaky rootkit finds its way into your system. It may log a credit card number here and a password there and before your folks know what's going on, they could be staring bankruptcy in the face. The same can happen at work or at school, your infected PC can cause a lot of problems for other people using the same network. Do you want something like this on your conscience? Proxies may have their uses, but they should not be used to cross digital borders illegally. If you are not allowed to visit a specific site at work or at school, then there's most likely a pretty good reason why you shouldn't visit it. If you choose to visit prohibited sites without proper authorisation, you risk loosing your job, getting suspended or even harsher network restrictions may be implemented. Think about it, is it really worth all that?

People are so touchy about this subject that when they ask for new proxies in forums or Q&A communities, they often warn you in advance not to bitch about why they shouldn't be using one. So next time when you run across someone asking for a proxy to bypass firewalls and Internet filters, don't waste your time explaining why they shouldn't be using one, don't expose yourself to insults and swearing, just refer them to this article.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Anti-Spammers Suffer From "Spam Exceptionalism"

2008-04-05T17:18:00.004+02:00

In response to the conviction of Robert Soloway, the "Spam King", Eric Goldman, assistant professor with Santa Clara University School of Law, who blogs about technology and marketing, stated that many Internet users may be happy to hear about Soloway's criminal prosecution, but law enforcement shouldn't necessarily rush into these criminal cases. Why? Well according to Goldman, spam is principally about speech and we should be very reluctant to criminalize speech-based behaviour. Goldman added that there's such an antipathy towards spam that there's almost a sense that anyone who ever engages in spam is so evil that they should be punished, an attitude that Goldman likes to call "spam exceptionalism". He believes that if people really thought about the issues, they wouldn't necessarily find spam any more invasive than other forms of advertising, like television commercials or junk postal mail.

So I guess I'm one of the worst spam exceptionalists in the world and the reason for my "problem" is because I'm not thinking clearly about the issues of spam, as a result I'm blinded by my negative attitude towards spam and can't see it as another form of advertising. Is spam just another form of advertising? Is vandalism just another form of art? Is drug trafficking just another form of doing business? Can we justify a crime just because it bears a striking resemblance to something legitimate?

So what are the basic characteristics of spam?

It is unsolicited;
It is obtrusive and a hindrance;
It needs to be managed and is therefore counterproductive;
The recipient of the message pays for it, not the sender.

If you evaluate the different forms of advertising against these characteristics, you soon realise that actual advertising is not nearly as invasive as spam. When advertising material bears all the characteristics mentioned above, you can't classify it as advertising anymore, at best you can call it spam (or perhaps a couple of stronger words). So lets take a quick peek at the different forms of advertising to see how spam matches up against them.

TV Commercials
Television commercials can be seen as unsolicited, because you turn on the TV to watch your favourite show, not the annoying commercials. TV ads can become obtrusive and a hindrance during the show, especially when the broadcaster interrupts the show on a frequent basis. TV commercials can be useful at times (something that can't be said about spam), for instance to grab a snack, stretch your legs or to make a quick phone call. Some TV ads can be entertaining, but spam is boring and hardly entertaining (unless you're a 419 scam baiter or spam collector). Broadcasters love to raise the audio of TV ads, so much that you often have to hit the mute button on your remote control to prevent your speakers from exploding. This may be seen as a form of management, but unlike spam, you don't need to manage TV ads, once the ad is played it's gone (for now at least), but you need to take specific action to get spam out of your life, it's going to sit there in your inbox until you select it and hit that darn spam button. The viewer never pays for TV commercials, on the contrary the commercials sponsor the shows watched by the viewer. So spam is a far cry from advertising when you compare it to TV ads.

Radio Commercials
Radio and TV commercials have a lot in common, the only difference is that TV commercials are audiovisual and radio ads are, well… audio only. Radio ads are often less invasive and annoying because they are often played between songs and do not interrupt programs as much as TV ads, but it all depends on the advertising policy of the radio station off course.

Magazine and Newspaper Ads
These ads have more or less the same characteristics as TV commercials, but they are less invasive and annoying than TV ads. If you are not interested in an ad, you simply read on or skip a page, it is as easy as that. There is nothing to manage and there is no cost for the viewer of the ads.

Online Banners and Text Ads
Well-behaved online advertising is never obtrusive, invasive or a hindrance (I will discuss spam ads later in this article). As a matter of fact, people have developed a sense of banner blindness and automatically ignore the majority of these ads. There is no need to manage these ads because when visitors see the ad, they either choose to click on it or they ignore it completely. Web ads may be seen as unsolicited, but they are often there to cover the operating expenses of the website, so they often serve the same purpose as TV commercials. The visitor pays a small amount in terms of bandwidth, because the ads need to be downloaded along with the rest of the content of the web page. However, the advertiser still pays the full price for the ads, the exact opposite of spam where everybody else pays for the "ads" except the "advertiser".

Billboards and Outdoor Advertising
These ads are neither solicited, nor unsolicited, they are there to be seen if you want to look at them. The advertiser pays for the ads, so there are no costs for the people viewing the ads and there is no need to manage these ads because you either respond to them or not, it is as simple as that. They are not a hindrance or obtrusive, except when they are deliberately placed in front of something else to draw unnatural attention to them. These ads are normally next to busy roads, on the walls of large buildings or at the main entrance of buildings. Because of their size and nature, there are often legislation regulating the use of these ads, so it is very hard to spam with them. Putting up a billboard in certain a way to draw extra attention to it, but causing a road hazard at the same time will get you into trouble. With spam you can do as you wish because there are simply not enough proper anti-spam laws to regulate the digital advertising industry and the laws that exist are seldom used.

E-mail Advertising
There is a huge difference between e-mail advertising and spam. E-mail advertising is opt-in advertising, in other words the recipient chose to receive e-mail ads and may opt-out at any time by un-subscribing. But some publishers do not seem to grasp the true meaning of opt-in. It means choice, the choice to receive e-mail ads or not. Certain publishers force their subscribers to sign up for 3rd party and additional marketing mailings as well. This means that you never get a choice to receive the newsletter alone, if you want to receive the newsletter, you also need to live with all the additional advertising e-mails as well. You can un-subscribe at any time, but this means you will opt-out from the newsletter as well, not just the advertising e-mails.

Proper e-mail advertising means you give your readers the choice to receive additional marketing material or not, it should not be a precondition to receive your publication. If you do not want to give your readers such a choice, place the ads in your newsletter (but sparingly, remember your readers signed up for the newsletter, not the ads). Forcing your readers to receive extra advertising e-mails, whether it is from a 3rd party or not, is a big no-no. Additional e-mails means additional management and when your newsletter becomes too much of a hassle, subscribers will either opt-out or hit the spam button. The advertiser ends up paying for advertisements that never reach their audience.

So what is the bottom line? Proper e-mail ads are opt-in and not unsolicited. They are neither obtrusive, nor a hindrance and subscribers are allowed to opt-out at any time. There is no additional management for the recipient and the advertiser pays for the ads. The only cost to the recipient is perhaps the bandwidth used to download the e-mails, but remember this is not a wasted bandwidth because the recipient opted in to receive the e-mails.

Postal Mail Advertising
No this is not the junk filling up your mailbox, I will discuss that a bit later. The rules for proper e-mail advertising also apply to this form of advertising. Some companies send a free magazine (containing 3rd party ads) along with your monthly bill. I have seen this with cell phone companies, sending a free magazine containing interesting articles on mobile communication, or medical aids sending free healthcare magazines every quarter. This form of advertising is often less invasive and annoying because the reader gets a free magazine. I normally do a 5-minute scan through the magazine to see if there is anything interesting. If I can't find anything compelling it goes straight to the waste bin. I am sure many people never even look at these magazines, especially if the readers know they only contain a load of junk. Unfortunately, this contributes to a lot of additional household waste.

Up to now I discussed the most common and more accepted forms of advertising. These forms of advertising are less invasive, require little to no management at all and there is no substantial costs for the recipient of the advertising material. We will now take a look at the less desirable, annoying and invasive forms of advertising, or should I rather say forms of spam?

Junk Postal Mail
This form of advertising has all the characteristics of spam. It is unsolicited because you never opted to receive it, it's obtrusive, a bloody hindrance and needs to be managed because it takes unnecessary space in your mailbox, space that could have been used for more important mail and you need to filter through all the junk to get to your actual mail. The only thing that separates it from spam is the fact that the advertiser paid for the advertisements and their distribution. However time is money and it takes time to sort out your own mail from all the junk, so there is some form of substantial cost to the recipient. Very few people look at them (the loads of flyers lying on the floor at the post office is proof of this) and the majority of mailbox owners are annoyed by them. Some of the scams in circulation on the web are also distributed via postal mail. It is actually shocking to think that post offices agree to distribute this junk, because think carefully about it, they are paid to place this stuff in your mailbox, so the only conclusion one can make is that they are prepared to put almost any kind of correspondence in your mailbox, as long as they are paid for it. With that being said said, junk postal mail falls under the umbrella of spam.

Flyers
Flyers are distributed in many ways, including the post as discussed in the paragraph above. Flyers are distributed on street corners, in parking lots, magazines, and newspapers and from door to door. Each one of these methods forces the recipient to take some form of action, therefore the advertisements need to be managed by the receiver. If you ever saw the movie National Lampoons Loaded Weapon, you will recall the scene where one of the lead characters stood in a store scanning through some magazines. Flyers kept pouring out of the magazines and it was not long before he stood knee-high in a huge pile of flyers. This is an old movie, so this has been a problem for a long time and it is getting worse by the day.

Imagine how much time goes to waste when you take a flyer presented to you at every darn street corner, when you remove the bouquet of flyers from your windscreen each time you park your car at a parking lot and when you take out all the flyers, compressed into your mailbox by every idiot who distribute the junk from door to door. That's just one part of managing these ads, you also need to get rid of them. Receiving a flyer on every street corner and at every parking lot quickly fills up your car with junk. What do most people do when they are done with the flyer, they toss it out of the window. Flyer advertisements therefore contribute to pollution just like junk postal mail. No matter how you look at it, flyers have a lot of unnecessary costs for the consumer and even though the advertiser pays for them, they are just as annoying, problematic and unsolicited as spam.

Telephone and Instant Message Marketing
This is not really marketing, it is just another form of spam. You are forced to answer your phone or read the instant message because the caller ID is often hidden, so it is impossible to see who is calling. There are costs in terms of time involved in these annoying calls, because you need to answer the phone and tell the salesman you are not interested. Many of these marketers are persistent and do not take no for an answer so it wastes additional time if you have one of these spammers at the other end of the line. Telephone marketing is unsolicited, obtrusive and quite a pain in the… you know what. The U.S. may have a do-not-call registry but very few countries see this form of "advertising" as a potential problem for consumers.

Door-to-door Marketing
Door-to-door salesmen are a big problem in many neighbourhoods. It is really annoying to show salesmen away several times a day, especially for people working from home, because you are interrupted every hour or two by someone knocking at the door. There is nothing more annoying than a salesman ringing the bell while you are on the phone with an important client. Imagine a hundred salesmen at your doorstep and you have to show them away one by one, it my not be spam, but it is basically the same principle.

Pop-up Ads
If you ever wanted to experience annoying advertising, visit a website with pop-up ads. Nothing is more irritating than an ad floating over menus and buttons, forcing you to take notice of it before you are allowed to explore the rest of a web page. Whether it is a pop-up or pop-under ad, it is unsolicited and it uses unnecessary bandwidth. These ads are prone to use a lot of bandwidth because they are constantly in your face whenever you try to navigate to another page or website. Some advertisers love to throw you one last sales pitch just before you leave their site. These pop-up ads are often a chat window giving you the chance to talk to a so-called sales consultant. They are often not real people but bot-scripts repeating the same thing over and over again (try swearing at them and you will soon see they don't have a clue what you are talking about). A chat window like this need to be closed before you can navigate to another site, so you definitely take notice of them. These ads are unsolicited, obtrusive and in-your-face, therefore they need to be managed by the visitor, wasting valuable time and money.

Ads Disguised As Content
Just the other day I searched the web for drivers for my laptop. Believe me, after several searches and several hours of no success you slowly become irritated by your inability to find what you are looking for. The last thing you need, is a website pretending to have loads of drivers and when you use the search facility of the site, you only get a page filled with camouflaged Google Adsense ads (by the way this is against Google Adsense policy, so more people should start to report these spamvertisers to Google). A click on one of these ads will result in a low quality click, because the visitor is unlikely to be a targeted visitor and this raises the click-through costs for the advertiser with no return on investment. These ads are unsolicited and annoying because you don't get what you asked for. There is an additional management burden on the visitor, because whether you click on the ad or not, you end up bumping your head against a brick wall, so you need to track back and look for another site. It often happens that you visit several of these Made-For-Adsense sites before finding a real site with the actual content you were looking for. This waste of time is counterproductive and causes a lot of frustration. These sites are just as bad as the Viagra spam you get in your mailbox.

I think it is clear that spam can never be seen as another form of advertising, it is criminal, invasive and very hard to manage. Spam is not about speech, whether the intent of spam is commercial or not, if it is unsolicited, it is spam. When we criminalize spam, we are not criminalizing speech-based behaviour, freedom of speech does not give a spammer the right to puke in my mailbox. A criminal deserves punishment and the definition of a criminal fits a spammer quite well.

One of the readers of the InfoWorld article on Robert Soloway's trial, recommended his stupid POINT-CLICK-TRASH theory to manage spam. He reckons that it is much easier to trash spam than junk postal mail and he also thinks spam does not deplete natural resources; contribute to land fills; pollute the air, ground or water, so people should stop complaining about spam. Well I've got news for this narrow-minded fool and everyone who thinks like this, where do you think does the energy come from to handle the volumes of spam distributed worldwide, every single day? Spam leads to increased energy consumption and increased energy consumption contributes to global warming, so spam does deplete natural resources. Try applying the POINT-CLICK-TRASH theory to dump trucks dropping off waste on your property, you keep on trashing and the dump trucks keeps on dropping, it is an endless struggle. With spam you keep on trashing and the spammer keeps on spamming. The solution to spam is not to invent some stupid theory to manage it, the only solution to spam is to stop it at its roots and the only way to do that is to put the spammers behind bars, whether people like it or not.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about spam and malicious software.

The Future of Anti-virus Software?

2008-03-06T22:01:00.005+02:00

Larry Dignan of ZDNet made a very interesting post on the ZDNet Zero Day blog about the future of anti-virus software. One thing that caught my attention was the comments of Websence CEO Gene Hodges, "Modern attackware is much better crafted and stealthy than viruses so developing an antivirus signature out of sample doesn't work".

Look, if you told me that people should stop wasting their money on stand-alone anti-virus applications then I could have agreed with you to some point. The only thing that's outdated is the term "anti-virus". Strictly speaking, the main online threat is no longer called a virus, a more appropriate term should be "malware" and it is time we started to adapt to this new term. Online threats consist of viruses, spyware, key-loggers and trojans, all residing under the common term of malware.

I understand that the term "anti-virus" is a heavily marketed term and when you mention the term "anti-virus" to computer illiterate and inexperienced users they know exactly what you are talking about, but when you talk about malware they often give you that glossy stare, you know, the kind of stare that screams: "What the hell are you talking about!" Most anti-virus applications now offer protection against spyware and other malware related threats as well, so it is really silly to keep calling them anti-virus applications, they are in essence anti-malware applications.

Scraping your anti-virus solution is reckless and plain stupid. It's just as good as saying we should stop patching the security flaws in software, leave them un-patched because the threats, exploiting these flaws, are evolving way too fast. Should we stop installing security systems in our homes because new, more advanced burglars are born each day? If you can protect your system against known threats why not do it?

It is true, malware evolves much faster than the anti-malware solutions, but known malware gets recycled on the web over and over again. Protecting yourself against a known variant means you can't be attacked by it again and believe me it is not uncommon to be attacked by the same variant more than once. This means anti-virus software still plays a vital role in your protection against malware, it also means that anti-virus software developers are still detecting new threats at a very high rate. New variants may infect quite a lot of computers before they get detected, but once the anti-virus vendors release an updated signature file to all their users, they are at least constraining the spread of the malware and preventing uninfected users from getting infected.

Scraping anti-virus solutions means systems are left unprotected, meaning that they are left infected, thus making a contribution to the processing power of bot networks like Storm. At least an infected system can be cleaned once a new variant has been detected, therefore you are pro-actively taking a bot network down bit by bit and making it harder for the malware to spread any further. Remember, an infected machine becomes a distributor for new variants of the malware. Killing a known variant means you are preventing it from mutating and spreading any further.

Improve the technology, don't scrap it. Yes, definition based protection is nearing its end, but anti-malware solutions are moving towards behaviour based detection. It is suicidal to scrap anti-malware solutions completely just because of the fast evolution of new threats. The argument that the value of anti-virus software is declining is a bunch of hogwash. Big corporations should stop putting reckless ideas into the minds of ordinary users, they should stop the throw-away-your-anti-virus-program-and-buy-our-software kind of marketing. The Internet is dangerous enough as it is, so don't go encouraging people to throw a way the only thing that's keeping the Internet from collapsing.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and assisting the Internet Community in choosing effective security software solutions.

How Did They Get My E-Mail Address?

2008-02-07T20:50:00.000+02:00

Unsolicited commercial e-mail, more commonly known as spam, can be seen as another form of e-mail fraud. Spammers use clever and misleading techniques to collect and verify e-mail addresses, yes, that 'innocent' spam e-mail, advertising the next technological breakthrough, uses misleading marketing techniques to entice the reader to click on a link, buy a bunch of junk or some dangerous substance or even infect your PC with malware. No matter what the spam e-mail is trying to market, the only goal of the spammer, aside from making money, is to take the recipient for a ride.

The most frequently asked question from spam victims is: "How did they get my e-mail address?" This clearly shows that most victims of spam don't have a clue about preventing it. Knowledge about the techniques used by spammers to collect e-mail addresses is crucial, because this gives the e-mail user an edge in the war against spam. In this article we will look at the e-mail harvesting methods used by spammers and the precautions you can take to prevent your e-mail address from falling into the wrong hands.

Using a Secondary E-mail Address to Limit Exposure to Spam
Before we get to the nitty-gritty details of this article, lets look at a very useful method of preventing spam. Using a secondary e-mail address is a very effective method of keeping your primary e-mail address private. I recommend a free e-mail service like Gmail, Hotmail or Yahoo! Many websites demand an e-mail address in exchange for something else, or you often need to supply your e-mail address to activate an account or membership. This is where a secondary e-mail address comes in very handy. Just remember, the idea behind a secondary e-mail address is not to expose it to spam unnecessarily, but to use it in circumstances where you have concerns about your privacy or possible exposure to spam.

Chain Letters, Petition Lists and Hoaxes
Oh yes, those very popular chain letters and petition-lists being forwarded so vigorously by friends and family. That 'innocent' e-mail about some missing or sick child no one ever heard of, the warning of a syndicate, drugging people and removing their kidneys, yet it is never mentioned in the news media and you can't help to think that you have seen this e-mail before. What about the Osama Bin Laden virus destroying your hard disk, Mars coming to large view every 60,000 years, yet an e-mail about this event is distributed each and every year, or the one from Microsoft or AOL donating money to an non-existent fund of a non-existent cancer patient, each time the e-mail gets forwarded to 3 different people. These e-mails may seem innocent, some may contain a lovely message, some may even be true, but whatever the case, it should NOT be simply forwarded to everyone you know and neither should you encourage the recipients to forward it to all their friends and family as well.

The main problem with chain letters is the exposure of e-mail addresses along the line. E-mail clients often place the Subject, Date, From and To entries from the e-mail header in the body of the e-mail when you forward it inline. Forwarding the e-mail as an attachment, forwards the full header and not just the entries mentioned above. This procedure is repeated each time someone forwards the e-mail to someone else, resulting in pile of e-mail addresses building up in the body of the e-mail. Very few people remove this information before forwarding the e-mail, so you will be able to see the e-mail addresses of many other people who received the stupid e-mail as well. A chain letter, forwarded as an attachment each time, delivers more or less the same result as explained above, the only difference is that the recipient has to open attachment after attachment several times before getting to the original e-mail (which can be quite annoying).

A chain letter will be passed along the line and will definitely land in the mailbox of someone you never met and probably never will meet. Even if you send the chain letter to trustworthy people alone, you can never be sure where their friends and family will send the e-mail, so your e-mail address may land in the hands of a spammer or someone who sells e-mail addresses to the spammers.

Online Forums, Discussion Groups and Community Sites
419 scammers love to browse social networking sites in search of possible victims. Making your e-mail address public on the Internet will expose you to all kinds of Internet criminals. Spam bots crawl the web in search of e-mail addresses posted by unwary Internet users on forums and other community sites. Whenever you register on one of these sites, use your secondary e-mail address to sign up. Your e-mail address is normally required to activate your account, to receive notifications when people send you private messages or when someone replies to a post you made. However you won't really need these e-mail notifications if you visit the site regularly, so a secondary e-mail address will do fine when this is the case, because you will basically use it only to activate your account.

Contact Pages and Web Forms
There will always be scenarios where you need to publish your contact details online if you wish to stay in touch with your visitors or customers. Contact pages of websites will often contain an e-mail address. A Webmaster will always try to make the contact page as accessible as possible to his visitors, so a spam bot will not have any difficulty finding this page. This means the e-mail addresses on these pages are always sitting ducks for spam harvesting software. There are a couple of ways to protect your e-mail address if you need to make it available to the public.

One way is to embed the e-mail address in an image. A simple program like Microsoft Paint can be used to create the image. You can even make the image blend into the text of the page by saving it as a GIF or PNG and making the background transparent by using Microsoft Photo Editor. It is advisable to use a font that's easy to read to the human eye but hard to read for OCR (optical character recognition) software. OCR software will have problems reading an image when the characters appear faded, if they contain indistinct edges, if they are aligned at different angles, if the lines of text are wavering up and down across the image or if they appear to be dipping at the side of the image.

Another method of protecting your e-mail address from spam bots is to 'encode' it with a random format that's clear to humans but not to computers. You can 'encode' it by breaking the e-mail address up with spaces and spelling the special characters out with words, for example johndoe at example dot com. You can also use random substitutes for special characters and provide instructions in brackets, for example johndoe$example?com (replace the dollar sign with an at and the question mark with a dot). Another technique is to spell your e-mail address backwards, most people will realise that they will need to reverse the e-mail address before using it, for instance moc.elpmaxe@eodnhoj. You can even swap the special characters, for example johndoe.example@com (swap the at and dot characters). The possibilities are endless, so use your own creative 'encoding' methods, as long as it makes sense to humans. You may argue that there is no need to provide decoding instructions, because people with a bit of technical savvy will be able to decode it anyway. This will automatically exclude those dumb scammers who can't tell the difference between Western Union and Western Onion.

Webmasters can use a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to protect their web forms from being bombarded with spam. Many webmasters avoid CAPTCHA to make their websites more user-friendly, but a small loss in user-friendliness is nothing compared to the burden of filtering through all those spam submissions. However CAPTCHA is a must when the information submitted through a form is published on a site without any moderation.

Online Recruitment Sites
Yet another example of where it is critical to publish proper contact details, because a job seeker will always want a prospective employer to reach him or her without any troubles. The only problem is you need to disclose quite a lot of information in your CV in order to clear up any suspicions an employer might have. If you choose to omit critical information from your CV, you might just miss out on a great job opportunity.

Luckily online recruitment is quite expensive for the employer, something the online scammer often avoids. The online scammer will most of the times be on the lookout for cheap and free services. Some online recruitment agencies have specific criteria for employers before allowing them to browse CV's or post ads. For instance certain agencies demand a landline number from the employer, mobile numbers are not accepted. We all know that it is much easier to obtain a disposable cell phone than a landline and confirming the personal details of a disposable cell phone owner is much harder than tracking down the owner of a registered landline. Still these precautions are very limited and can easily be circumvented by more advanced scammers.

The bottom line is, your e-mail address and most probably other contact details will be exposed to various prospective employers. Spam bots won't be able to crawl the databases because they are password protected. It is very unlikely, but not totally impossible, to find a spammer going manually through each CV, recording the e-mail address of each job seeker in order to build a mailing list for spamming purposes.

Your best defence against online scams, while using an online recruitment agency, is a vigilant eye. You need to spot the scam before it catches you. Your contact details are exposed, so be ready for a dodgy proposition or two.

Replying to 419 Scammers
Many people get so sick of advance fee fraud e-mails that they reply to a scammer out of anger, to insult him, to insult his mother or just to tell him where he can shove his phoney e-mail. This is the last thing you should do when you receive a fraudulent e-mail. If the 419 scammers can't steal your money, they will sell your e-mail address to the spammers to make at least a buck or two out of the deal. So no matter how you look at it, you will always loose something if you reply to a 419 scammer, unless you are a scambaiter off course.

Responding to Commercial Spam
This is perhaps one of the most overlooked ways of loosing your e-mail address. Clicking on that strange link in a spammy e-mail, filling out that mortgage application form or un-subscribing to something you never signed up for, will most certainly get you on a spammer's list. Why am I saying this? Ever saw one of those spam e-mails sent to several recipients, but each e-mail address starts with more or less the same characters and it is only the last couple of characters or digits of each e-mail address that's different? It is a primitive technique similar to the one we used to made prank calls when we were kids. You dial a random number, do the prank and hang up. Then you only increment the last digit of the previous number until you find another number that's working and do the prank again. When the last digit reaches zero, you start incrementing the second last digit and when the second last digit reaches zero, you move on the third last digit, repeating the process until you're tired of making prank calls.

It's really a shot in the dark and your e-mail address is not really on a spammer's list, it is merely on a sample list generated by a computer program. Each e-mail address on the sample list needs to be confirmed before adding it to a priority spam list. Clicking on a link in a spam e-mail will give an indication to the spammer that your e-mail address is active and that you are responding to his or her e-mails. This makes you a much more promising target in the eyes of a spammer. So whatever you do, don't click on any links or follow any instructions given to you in a spam e-mail, unless you enjoy receiving spam.

Conclusion
This is not an exhaustive list, there may be many other causes of spam, but these are the most common reasons why you are getting all those junk e-mails in your inbox. Be my guest, open a new e-mail account and avoid all the pitfalls discussed in this article and you will discover that it is possible to live in a spam free world.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.

Spam - Report it or Prevent it?

2008-01-03T19:24:00.000+02:00

It has been quite a while since my last article and I apologise for the long delay. I devoted most of my time during November and the first couple of weeks in December to research and the blog unfortunately got neglected. I then took a break for a week to spend time with friends and family during the festive season. (I'm not a cyborg and even cyber cops need to take a break so once in a while). The only thing I regret is that I did not download any e-mails during this time, so you can expect I had quite a lot of e-mails in my inbox (the majority was spam anyway). 2007 has come to an end and 2008 lays ahead of us. Looking at all the security related articles since the start of 2008, I get the idea that the cyber security industry is preparing for one rough ride in terms of computer security in 2008. But enough about that, let's get to this week's article and the first one of 2008.

One Sunday on my way to church, I noticed that one of the cars parked in front of the church still had its headlights on. I was about to go to the consistory to ask someone to announce it, when my mother told me not to bother, because she reckoned many people will see it and eventually report it. I decided not to take my mother’s advice and reported it anyway. However it was not announced before the sermon started, so I guessed they already informed the owner about it. When the sermon was over I was really disappointed to find out that the owner was not informed and that the car actually belonged to an elderly couple. Of course, all their attempts to get the car running were in vain, the battery was completely dead.

Apparently I was the only one who reported this incident. I find it hard to believe that no one else saw this car, because its bright headlights were shining in the direction of the street where most people could see it, in fact many other members of our church had to pass this car just like I did. But what does this have to do with spam? I will explain in a moment.

Reporting several spam e-mails a day, without a single response from a service provider, host or registrar can be demoralising to say the least. People who report spam on a regular basis will probably agree with me. It can become so demoralising that you find it hard to see any sense in reporting spam to anyone. The lack of cooperation from the responsible parties, gives us a damn good excuse not to report spam, now doesn’t it? Sorry to blow your bubble, but that it is a lame excuse for not reporting spam.

Spam reporting is only one side of the coin. We also need to prevent spam. Spam can prevented in many ways. Protecting your e-mail address from unnecessary exposure should be your first priority when it comes to personal spam prevention and secondly you need to protect your computer with anti-malware software and a firewall to prevent your computer from becoming a spam-relaying zombie. A good junk mail filter can be added to your defence, to make it easier to manage all the unsolicited e-mails pouring into your mailbox. The spam you report are used in various ways, depending on who you report it to. Some anti-spam organisations use it to close spammer websites and the internet access accounts of known spammers, some use it to improve anti-spam software, some use it for anti-spam research to find better ways of preventing it and some organisations use spam reports for all the aforementioned reasons.

I know some individuals who are so passionate about fighting spam that they will even report other people’s spam for them. Many people feel that this is not a good idea, because of various reasons, one of them being the fact that only the original recipient can tell what is spam and what is not, because only you know what you signed up for and what not. Then again, this is not totally true. There may be merit in this argument, but it is not that hard to distinguish unsolicited commercial e-mails from legitimate opt-in e-mails. I know that some unethical companies are not always willing to remove your e-mail address from their database, which turns an opt-in e-mail into an unwanted e-mail, in other words SPAM! That being said, I still feel that it is quite easy to spot an unsolicited junk e-mail these days.

Some people feel that when you report spam without benefiting directly from it, you do it for altruistic reasons only. My personal opinion is that this is a bad overgeneralization of loyal spam reporters who report spam to see justice being served. Crime statistics at the end of a year often reveal a rise or decline, but a decline in child abuse for instance does not necessarily mean that less children were abused during the past year, what about all the child abuse incidents that were never reported? The same is true for spam, a decline in spam reports during a certain period does not necessarily mean that spammers sent less spam during that period. People need to be aware of the problem of spam and people need to understand how big it really is. In order to raise awareness about a problem, it needs to be reported, so that it can be accurately measured. I think our current awareness about the spam problem is only the tip of the iceberg.

Reporting spam will not make your spam disappear overnight and if anyone told you that they can take away your spam, then they are lying. Spam filters do not stop spam from being sent, they only stop it from being delivered and spammers will always find a way to circumvent your defence systems. The fact that you are receiving spam already puts you in a catch-22 situation. An active e-mail address is a commodity in the spam industry and your e-mail address can be sold to several spammers worldwide. Once a spammer gets shut down, he either sells his e-mail database to other spammers or he finds a new ISP to distribute spam once again. The cycle repeats itself time and again and it is likely that your e-mail address may land in the hands of a spammer operating from a spam haven (in other words a country where there is no anti-spam laws). The only way to solve your spam problem completely, is to put all the spammers who have your e-mail address in jail, destroy these databases before they get distributed to other spammers and shut down the botnets distributing the spam. A single botnet may consist of thousands of infected computers, scattered all over the globe, so you can see it is quite a feat to accomplish.

I recently read about an incident where a Russian registrar claimed they couldn’t take any action against a spam-relaying zombie, because their legislation does not provide any means by which they can act against the offending party. I’m not up to par with Russian anti-spam legislation, so I’m not sure if they were telling the truth, but nothing stops them from prohibiting spam and malware distribution through an Acceptable Use Policy. But what if a company does not worry about people abusing their networks? You will obviously need a higher level of authority to force them to take action against the perpetrators and in order to do that you need proper anti-spam laws.

Anti-malware developers can’t keep up with the rapid evolution of malware. This means more computers get infected much faster, resulting in large botnets being created on the fly, ready to distribute spam in next to no time. Malware infected computers are one of the biggest sources of spam, so if anti-malware companies are finding it hard to stay ahead from the malware creators, then think for yourself how hard it is to keep spam distribution in control, yes in control, we are not even speaking of eliminating it.

So what does the story of the elderly couple with the flat battery have to do with spam reporting. First of all, if we all have the attitude that someone else will report spam, then we will never get even close to solving the problem. Secondly, registrars and ISPs should stop hiding behind a bunch of lame excuses, they should stop ignoring spam reports and start taking action against the offenders. The registrars and ISPs who fail to take action against the spammers are like the minister who failed to announce the registration number of the car that was parked in front of the church, with its headlights still burning. If things continue like this we will have a flat Internet overloaded by a bunch of unsolicited junk.

In my next article I will discuss some of the most common causes of spam and steps that can be taken to prevent spam 'contamination'.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about spam and assisting users in the removal of malicious software.

Reconciling Parental Control Software with Internet Security Principles

2007-11-14T19:13:00.000+02:00

By Coenraad De Beer

Conventional parental control software is a security risk on its own. Parents often fail to identify the underlying risks of Internet monitoring software, but what do you use if you want to monitor your child's activity on the Internet?

Parental control software remains a useful tool to monitor your child's online activity and at the same time block inappropriate content. The fact that you are an adult does not necessarily mean you like to view offensive content, so the software can also be utilised to block offensive content on sites you often visit. Unfortunately, with the monitoring part of the software comes an inherent security risk of sensitive information that may fall into the wrong hands.

If you want to use parental control software, you need to use it responsibly, especially if you install it on a computer that is shared by several members of your household. The trustworthy members of the family need to be aware of the software and the need to have administrator privileges to disable the software before working on the computer. Parents often forget to disable the software before doing online shopping or banking, effectively allowing the key-logger component of the software to log important information such as social security numbers, credit card numbers and passwords.

Many Internet monitoring software packages take screenshots at certain intervals to capture the contents of the screen at a specific point in time. This is also dangerous if you forget to disable the monitoring part of the software, before logging into a secure area of a website. Screenshots can be taken of sensitive information that's normally only accessible behind a secure login area. All this information (keystrokes and screenshots) is stored on your hard drive, exposing it to possible exploits from crackers or spyware.

Well-written parental control software will obviously encrypt the information it logs, but crackers often decipher the encryption code in next to no time. The last thing you need is a spyware infection or an intruder on your system that can bypass the encryption of the parental control software. You don't want a stranger going through your logs if you accidentally forgot to disable the software before entering sensitive information on the Internet. So the most important thing to remember is to disable the monitoring software before you use the computer and remember to enable it again when you're done, otherwise there is no point in having the software on your computer in the first place.

Some parental control software allows you to create different profiles for different members of the family. You can for instance have a "Child" profile that blocks inappropriate content and monitors your child's activity on the web, a "Teen" profile that does not block any content, but only monitors your child's activity and a "Parent" profile that does not monitor your activity or block any content. The "Teen" profile can be activated when your teenager wants to use the computer, or you can activate the "Parent" profile if you are present while your children surfs the Internet. The "Child" profile should be used to limit Internet access while you are not at home to keep an eye on your children's Internet activity.

Kaspersky Lab recently integrated a parental control module into their Internet Security suite. It does not log keystrokes or take screenshots, it only monitors HTTP traffic. To know what your child is doing on his or her computer, you only need to monitor their Internet use. It is easy to see which games they are playing and which software they are using by examining certain areas of your system, like the Program Files folder and the Add and Remove Programs section of the control panel. Clever kids will know how to wipe this information, but most programs make connections to the Internet these days, so just by examining the HTTP traffic generated by these programs, you can easily tell which programs your child is using and which websites they are visiting.

The parental control module of Kaspersky Internet Security logs all the websites visited by your children, all the remote images loaded from e-mails that they read and all the servers they connect to for online gaming and software updates. If the logs contain entries from winamp.com, then your child is probably using Winamp to play music or movies. Entries from ea.com, might indicate that your child is playing some games developed by Electronic Arts. Your children will also download software from certain sites, which will give you another indication of what kind of software they are using. The fact that the software monitors HTTP traffic, means that you are not only limited to the traffic generated by a web browser or e-mail client, it monitors all Internet activity from any application.

The way that Kaspersky Lab approaches parental control and monitoring software, does not compromise your online safety like your conventional child monitoring software, because there is no security holes created by keystroke logging and capturing of screen data. The logs of your HTTP traffic may still contain tracking information that you may not want to reveal to advertising companies (and their spyware programs), but the beauty of this module is that it is integrated into an Internet security suite, so you are automatically protected against unauthorised access and malicious software infections, thanks to the firewall the anti-malware shields of the software. Traffic through secure servers (HTTPS) is normally encrypted, so the monitoring software only sees the encrypted data during a secure online session like Internet banking or online shopping. I still recommend that you turn of the parental control module before transmitting sensitive information over the Internet.

Up to know I basically discussed the monitoring part of parental control software. The control part allows you to block indecent content as well. Blocking inappropriate content minimises the risk of malware infections. Porn sites are often loaded with spyware, so keeping your children away from these sites, does not only protect them from exposure to harmful content, but it also protects your computer from dangerous infections. Your child's porn surfing may be the cause of a dangerous spyware infection, something you may not be aware of (especially if you don't have any spyware protection installed). You could easily log into your online banking account or enter sensitive information on the web, without realising that there are spyware lurking on your computer, watching your every move. Parental control software is not designed to protect your computer against malware infections, but preventing your children from accessing inappropriate websites, helps them to stay away from potentially dangerous websites, which is the number one rule in malware prevention.

Proper parental control software should allow you to set up filters to block specific inappropriate content, giving you complete control over what you allow your child to access on the Internet. Kaspersky Internet Security allows you to do exactly this. Lets say you want to block access to sites containing the word "murder" in the URL. You simply add the filter "*murder*" to the Parental Control Blacklist and it will block all websites containing the word "murder" in the URL. You can also blacklist specific URL's to prevent access to certain online chat rooms, web mail services or social community websites. Websites that carries your approval can be added to a white list to prevent the software from accidentally blocking it, or you may want to allow only specific pages from a site that's currently on the blacklist. The flexibility of the software allows you to fine tune the parental control software to your own specific needs, enhancing the online safety of your children.

So what is the message I'm trying to get across here? As I said at the beginning of this article, parental control and monitoring software remains a useful tool to keep an eye on your children's Internet activity when you are not present. As a parent you need to understand that parental control software poses certain security risks of you do not manage the software in a responsible way. I feel that developers of parental control software should move away from keystroke logging and screen capturing and focus on HTTP monitoring instead. Parental control software developed by a company who specialises in Internet security, gives you peace of mind that the software was designed with security as a top priority. The next step for Kaspersky Lab may be to make the module optional. Not everyone wants parental control software, but if I want to add this functionality to my computer, I'd rather buy it from a developer who has been in the Internet security industry for years, than buying the software from a developer who does not have a clue about Internet security.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security and analysts of Cyber Security Software. Read our review of Kaspersky Internet Security 7.0 for an in depth look into one of the most comprehensive Internet security suites in the security software industry.

Website Owners - The Next Target of 419 Scammers?

2007-10-31T23:41:00.000+02:00

By Coenraad De Beer

A couple of weeks ago I did an article on a 419 scammer who used Google to find possible victims. I analysed a very interesting 419-scam e-mail today that made it quite clear that the swindlers are slowly starting to change their tactics. The old methods are not working as well as they should, so scammers are looking for new and improved methods to claim new victims. Believe me, the dumb, idiotic scammers with their hilarious con stories are becoming smarter by the day.

The typical "Dear sir/madam" e-mails may soon be something of the past if all 419 scammers start to operate like Ferdinand Traore from Togo. Ferdinand sent an e-mail to a website owner after pulling his name, surname and e-mail address from the "Contact us" page of his website. Below is a copy of the e-mail that he wrote (The e-mail has not been edited in any way. I only changed the name of the website owner to John and his surname to Doe, to protect his identity).

"Dear John Doe,

Please forgive my using this means to reach you but I cant think of any other way of letting you know the urgent matter at hand. I acted as personal attorney to the (late) Engr. M.A. Doe, who lived and worked here for more than twenty years as a major contractor and businessman.

On the 18th of Novermber 2004 he and his wife and only daughter were involved in an automobile accident while visiting a neighboring country on vacation. They were buried two weeks after and I have exhausted all means of reaching who may have been related to them. This has been made more difficult because no mention was made of any relative while he was alive.

To the best of my knowledge, before his death, he had an investment deposit totalling more than Eighteen Million Five hundred thousand United States Dollars($US18.500.000.00) with the major bank here and now they have asked me to provide a next of kin if there is, or the estate will then revert to the government and so it would be lost.

My proposal is that you allow to be presented for this role so that documentation can be processed and payment made in your favour. This is a project which will see us partner to realise. I would be willing for us to discuss terms of participation in order to protect our various interests.

I want to assure you right away that I have positioned this deal to not last for more that two weeks. I shall be willing to discuss futher on this if write back or send to me your direct telephone number so we can discuss in the type of confidential atmosphere which this matter requires.

Awaiting your immediate response.

Ferdinand Traore (Esq).

Traore Chambers & Associates,
Rue Du Commerce Avenue B.P.120,
Lome-Togo"

You can easily be drawn into this e-mail because at first glance you may think it is a relative who died. If this happens, the scammer achieved his first goal, to get your attention. If he has your attention he can play with your mind. The plot is simple, a lawyer contacts you in search of a next of kin for a deceased person who has the same last name as yours, very convenient don't you think? The deceased person was loaded with cash, making the proposal very attractive to the unwary victim.

You may argue that there is nothing special to this e-mail, besides the fact that he addressed the victim directly on his name and not via the generic "Dear sir/madam" introduction. Furthermore the spelling and grammar is horrible, so it is easy to spot the scam in this e-mail. It is a classic inheritance scam e-mail, with the promise of a ridiculously large sum of money. Ferdinand sent the e-mail from ferdinandtraore.4to1957@yahoo.co.uk but the victim had to reply to ferdinandtraore.tgo1957@yahoo.co.uk, another common characteristic found in 419-scam e-mails. All the signs are there, so what is so special about this specific e-mail?

It is not the e-mail that's unique, but the methods used by the scammer to collect information about the victim. A closer look at the visitor statistics of this website revealed a visit from Togo, with the same IP address (41.207.162.4) as the one found in the e-mail header. So there was no doubt about the identity of this visitor, it was most definitely our friend Ferdinand Traore (oops did I forget to add the "Esq" suffix after your name? Sorry Ferdinand). The traffic came from a Google search for a specific surname, in this case not the surname of the website owner, but a surname that appeared on one of his web pages.

The scammer appended "co.za" to the search string, which tells me he was looking for South African websites (or South African website owners). He also placed "2007" in front of the surname. Why? Websites contain copyright notices, often followed by the name of the website designer. Most copyright notices contains a year and active websites change this number each year, some web designers do this via a script and others do it by hand. The scammer was probably looking for websites containing a 2007 copyright notice. This would certainly keep the search results fresh and minimise the risk of using outdated contact information.

In the previous article I mentioned a 419 scammer who targeted American citizens using specific e-mail services like Yahoo! and AOL. This scammer searched for the latest contact details of certain South African website owners. I'm sure they expand these searches to other countries as well, but one thing is for certain, they are using specific contact information to send targeted and relevant e-mails to possible victims. Later today someone else reported a scam e-mail, with the exact same plot. Once again the scammer knew the name and surname of the victim and addressed him accordingly. The victim of this e-mail was a job seeker who posted his resume on several online recruitment websites. So the scammers are using several online resources to harvest personal information about their victims.

E-mails addressing you personally are no longer a guarantee that it came from a trustworthy source. The fact that the sender knows your name and last name does not necessarily mean that he legitimately obtained this information or that he has legitimate intentions. People should look deeper into the e-mail for other obvious signs exposing the true nature of the e-mail. I mentioned a couple of common characteristics earlier in this article that will help you to identify other e-mails just like this one. But not all these characteristics are present in every e-mail scam, making it hard to define a single set of rules that will apply to all e-mail scams. Common sense is the only true weapon that's dynamic enough to adapt to the different methods used by e-mail scammers today.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops. Visit our 419 Scams page for more information about 419 scams and different 419 scam examples. Stay up to date with the latest in cyber security, by subscribing to our cyber security related RSS Feeds.

419 Scammers Using Google Search to Find New Victims

2007-10-18T23:57:00.000+02:00

By Coenraad De Beer

I've heard of phishing scammers using Google Maps to reveal the location of a victim, but I haven't heard of scammers using Goole Search to find the e-mail addresses of possible prospects for advance fee fraud. However I was surprised to find such a search last week when I browsed through the visitor statistics of cybertopcops.com.

419 Scammers are starting to use technology more often to swindle innocent victims. We see advanced and professionally designed e-mails and websites, clever social engineering skills and scam e-mails targeted at specific people. That was probably the aim of the scammer who used Google Search to find Yahoo! and AOL e-mail addresses of people in the USA, who are desperately in need of funds. Yes the exact search string used by this scammer was "email address of people in the usa that are in need of fund @yahoo or aol mail". The scammer landed on our Lottery Scams page where we refer to the fact that scammers often use Yahoo! and AOL e-mail accounts to distribute fraudulent e-mails. We recently made some changes to this page and as a result it's no longer appearing in the results for this specific search string.

A couple of things immediately caught my attention when I stumbled across this visit. The visitor was from Nigeria, with the IP address 196.1.179.153, one that is often involved in e-mail scams and spamming. His/her Internet service provider was Nitel, the principal telecommunications company in Nigeria. What struck me the most was the search string used by this visitor. Did the scammer really think he/she would find the e-mail address of a US citizen, looking for funds on the Internet, using a Yahoo! or AOL e-mail address and on top of that, leaving it on the web for anyone to use? It's like going to Amazon, hoping to find specials on 419 Scam Victims, or having a victim delivered to you on a silver tray. But is a search like this, really that far-fetched?

If you browse through the results of this search, you will find quite a couple of e-mail addresses, lying around for advance fee fraud scammers to use as they please. A couple of interesting theories came to mind when I analysed the search string.

419 scammers are targeting people living in the United States. Why? Perhaps they have a better success rate with Americans;

They prefer people using the e-mail services of Yahoo! and AOL. Why? The spam filter of Yahoo! and AOL is not as effective as Gmail's and it is probably easier for scammers to get through to people who use these e-mail services. Also note that the scammer did not look for Hotmail e-mail addresses. According to 419eater.com, some scammers do not like to converse with Hotmail users; and

They specifically target people in need of financial assistance. Why? People with severe financial problems are often desperate and will do anything to improve their financial position. 419 scammers exploit this desperation, making it easier to convince these victims.

I understand that it is hard to base solid theories on a single incident, so these are only a couple of possibilities from a personal point of view. 419 scammers send e-mails to many countries, not just America, they send e-mails to Gmail and other e-mail accounts, not just Yahoo! and AOL and they send e-mails in bulk, like a spammer with a shotgun approach, they often have no idea who the recipients would be.

What can we learn through this behaviour? Do not post your personal e-mail address in any public area on the web. Do not reveal your financial status on the web. Scammers will use this to their advantage. If they have your e-mail address in their possession and at the same time know about your financial problems, then they can send you a highly targeted and convincing e-mail, putting them in the right place at the right time. I still think it was wishful thinking by the scammer to do such a narrow search, hoping to find a victim that fits this profile. However, this scammer inadvertently revealed one of their harvesting methods, so lets take the necessary precautions and make it harder for scammers to find new victims.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about online scams and assisting users in the removal of malicious software.