Virus and Spyware - Avoid Infection With Careful Inspection.

Enter “virus and spyware” in a search engine and you’ll be pummeled with results – more than it is possible to absorb. Do this, don’t do that, install this, don’t install that. A single blog entry can’t capture every possible permutation of malware so instead I’ll describe two real attempts by Internet bad guys to infect my home PC and/or steal personal information. I thwarted both by being observant – and being observant is by far the best way to prevent a nasty virus or spyware infection. And before you think otherwise, neither of these examples is the result of visits to sites with, well, salacious content.

Real Example – Phisher attempts to hook me (I got away)

What is phishing? Here’s Wikipedia’s take: “phishing is an attempt to criminally and fraudulently acquire sensitive information”. A nasty example arrived in my email inbox last year. Not surprisingly it was a phisher impersonating a bank - one of the common ploys to get private information. Here’s the text verbatim (the only thing I’ve changed is my email address – to protect my privacy):

=== Actual phishing email ===
From: "Wachovia" To: "xxxxx" Subject: Wachovia Bank: please confirm your online banking account data -Fri, 25 Apr 2008 00:18:31 -0500 Date: Fri, 25 Apr 2008 04:18:37 +0000

Dear Wachovia Bank customer,

We would like to inform you that we are currently carrying out scheduled maintenance.In order to guarantee the high level of security to our business customers, we require you to complete “Wachovia Commercial Online Form”.Please complete Wachovia Commercial Online Form using the link below:
http://commercial.wachovia.com/Online/Financial/Business/Service[remainder of URL removed by me to prevent propagation]

This is auto-generated email, please do not respond to this email.

=======

This was an easy one for me to identify as bogus – I’m not a Wachovia customer. The phisher, however, likely sent out millions of emails like this in the hopes some subset of people will be Wachovia customers. The emails themselves are sent most likely via infected PCs to make it less likely spam filters will block the email.

The link – and this is the key part – looks like a link to Wachovia’s website but it isn’t. The actual link takes you to this website: “commercial.wachovia.com.dllstackontodir29.cn”. Note the “dllstackontodir29.cn” tacked on to the end – that’s the home of the bad guys, not Wachovia.

What you see on the screen rarely matches the actual link. This is not a bad thing for legitimate sites – the full website typically carries a lot of extra information that makes the website work but is meaningless to the consumer. The display name (what you see on the screen) is just enough text to tell you what you are clicking on. Scammers like phishers, unfortunately, take advantage of this.

Similarly, it appears the email came from wachovia.com – it didn’t.

Golden rule here – never believe an email like this – a legitimate business doesn’t take this route to communicate updates. Furthermore, if you aren’t sure go directly to the site and log into your account from there (rather than clicking a link in an email) – if there is something you need to do you’ll find out there. Finally, if you accidentally click a link you didn’t intend to, close your Internet browser.

Stay tuned - next time we'll talk about bogus spyware protection (also known as scareware).

If you think you are infected give us a call at 1-800-PCSUPPORT or click through to http://www.support.com. That link goes to where it says it will go - no phishing.

Additional resources:

• More on phishing: http://www.support.com/blogs/supportcom/post/if-it-smells-fishy-it-s-problem-phishing.aspx
• Update on the Conficker worm: http://www.support.com/feature/conficker-virus-protection