Computer Q&A: Web scams proliferating, demand vigilance
By David Radin
Date: January 22, 2004
What's worse? A year in which $55 billion in damages are caused by computer viruses? Or one that starts off with a dangerous one and a fast spreading one?
According to Trend Micro, last year hit records in damage caused by worms, viruses and Trojan horses launched against computer networks and users.
This year is already off to a start that may make 2003 damage seem low in comparison.
Only a few weeks into 2004, users already have been targeted by major instances of these threats -- some of which can cause huge financial losses -- and many of which now include new mechanisms as virus writers blend spam into the mix to make their offerings spread faster and become more difficult to recognize.
On Jan. 9, AT&T alerted customers that somebody was posing as the AT&T Worldnet billing department, trying to defraud its customers. Using e-mails purportedly from AT&T, the scammer is sending e-mail with the subject line "Billing Update Requested (Urgent)," which includes a link to a fake AT&T Worldnet Web site. When the user tries to update his information, he actually is giving his credit card info to the fraud artist -- not to AT&T.
Similarly, a new version of the Mimail worm has started circulating. It disguises itself as an offer from eBay's PayPal service, telling the recipient that PayPal wants to add 10 percent to his balance if he goes to a Web site as per the attachment carried with the message.
Who wouldn't want to get 10 percent extra money in his account? There are millions of PayPal users^; so the target audience of victims is potentially huge.
Unfortunately, the attachment is not a PayPal Web site. Launching it will create a fake Web page on the victim's computer, which will ask for credit card data, then mail the data to the perpetrator. It also harvests e-mail addresses from the victim's hard drive, and sets Windows to relaunch the worm every time Windows starts up.
Seemingly not as dangerous is the Bagle virus (a k a Beagle or W32/Bagle-mm). First found by Panda Software, Bagle has been spreading quite fast using some older means of tricking users -- which are obviously still effective despite all the education and technology of the past few years. Bagle comes in a message that simply says "hi" with some garbled text and an attachment named randomly.
Clicking on the attachment launches the Windows calculator as a diversion while it launches the virus. It doesn't automatically launch itself in the preview pane. The user must launch it.
According to Patrick Hinojosa, chief technical officer of Panda USA, the fast spread of the Bagle virus is probably because it comes from somebody you know and looks safe. "It looks like something interesting and funny."
But it is not^; and the garbled words may contribute to the high open rate. Hinojosa suggests staying true to the common wisdom that you shouldn't open any executable file that you haven't asked for -- even if it is from somebody you know.
Hinojosa told me that there are a lot of schemes going on right now in which a user is directed to fake Web sites using viruses, worms and spam, and in which scammers can get you to give them valuable information.
Panda www.pandasoftware.com) and other anti-virus software vendors have posted software tools to remove the Bagle virus if you get infected. Removing the virus doesn't protect you from getting other viruses, so make sure that you're running an updated version of your favorite anti-virus software. Update it frequently. Better yet, set it to update itself daily.
^macro[showdigestcomments;^uri;Computer Q&A: Web scams proliferating, demand vigilance]