I recently spent a lazy Sunday afternoon poring over an online clothing store, purchasing a dress (okay, it might have been two dresses) for upcoming social events. While browsing the web the next day I was displayed banner advertisements for the specific dresses that I had deliberated on, yet not purchased. A tempting reminder of what could have been hanging in my wardrobe perhaps? Or maybe a subtle reminder to run a system scan to delete any ‘not-so-friendly’ tracking cookies from my machine.
Luckily, when running my spyware scan I discovered my computer had taken on an ‘unwanted guest’ in the form of malware. The term ‘malware’ refers to a broad category of malicious software that is designed to infiltrate or damage a system without your consent. Malware can be the culprit behind a sluggish computer that directs you to fake websites you didn’t intend to visit.
Nastier types of malware can allow spammers to send emails using your account, erase files from your computer, and even track your online activity- sending your personal details to not-so-friendly people in cyberspace. All without you knowing. My specific offender was the StealthMBR.
Sound ‘stealthy’? Well it is. This particular type of malware opens a back door on your computer allowing hackers access to your system while bypassing your firewall and security software. To add insult to injury, it also messes with your operating system files. Yikes!
Stunex – the ‘blockbuster’ of malware
Of course, this is small fish when compared to the more publicised cases of malware. When security experts came across computer worm Stuxnet in 2010, it had already ravaged the Iranian nuclear program infecting more than 100,000 computers. In what Vanity Fair has called “one of the great technical blockbusters in malware history” the software had the remarkable ability to convince staff at a nuclear research facility that everything was running as usual (the equivalent of that trick you see in the movies where the bad guys record mundane security footage and play it back through the system while robbing the bank.)
By the time staff became aware of the Stuxnet breach, the worm had disabled the “off switch” at the plant and destroyed one fifth of Iran’s gas centrifuge equipment, rendering the nuclear program several years behind schedule. I was beginning to think that my computer got off rather lightly!
A whole lot of bots
According to Security Intelligence Report No. 9, Jan-Jun 2010, Microsoft desktop anti-malware products alone removed ‘bots’ from 6.5 million computers around the world over the second quarter of 2010 alone. In Australia in this three month period, this was 66,576 computers.
iiNet recently participated in the Australian Internet Safety Initiative, through the Internet Industry Association’s iCode (http://www.icode.net.au/index.php). This initiative uses various sources to gather data on computers that are behaving oddly on the internet within Australia. Daily reports are sent to internet service providers, identifying compromised IP addresses on their networks. We will be kicking off our involvement within the next week or so, sending helpful emails to our customers who might be unknowingly harbouring malware on their machines.
This is specifically timely when the ‘DNS Changer’ looms on July 9th. You see, surfing the Web works a bit like making a call from the contact list on your mobile. To make the call, you simply hit the favourite in your contact list- after all- who remembers phone numbers these days? Similarly, it’s hard to remember a string of numbers, call it the “phone number” of a website you’re trying to visit. Instead, we remember domain names- like iinet.net.au or facebook.com and the magic of DNS (domain name server) converts that name into numbers that your computer can understand. According to the FBI, a recent online fraud scheme has infected more than 4 million computers with malware ‘DNS changer’ in more than 100 countries- Australia included. This malware hijacks your browser to redirect you to sites you didn’t intend to visit (with each visit generating cash for the fraudsters.) The FBI plans to shut down those DNS servers in the next fortnight, and if your computer is unluckily being redirected there (without your knowledge) you’ll be sans Internet until you figure out what’s going on.
To avoid being webless on July 9th, hit up the “Self Help” section of the IIA website http://www.icode.net.au/ and run a free scan to rid your system of pesky intruders. Keep an eye out from an email from iiNet that might tell you of another kind of infection. And if anyone needs me, I’ll be flicking through pages of high fashion in Vanity Fair. Erm, for the articles of course
A friendly reminder:
You may recall we ran an Online Safety Series article in July 2011 about fraudulent or ‘Phishing’ emails – correspondence to you purporting to be from a company you would normally trust, such as your bank (or friendly ISP).
It’s the goal of these emails to extract as much information about you or your account, so be sure to always be aware that there are people out there, far less nice than you could imagine, who would try and trick you into divulging personal information.
At iiNet and Westnet, we’re certainly not immune to these emails. There has been a recent upsurge in phishing emails claiming to be from your ISP, asking you to follow a link and enter in your account details. Have a look through our Online Safety Series fact sheet from 2011 if you need a phishing refresher course.