I feel the need to set the record straight and educate everyone on a HUGE misnomer that is being repeated on the social networking sites and elsewhere.
Yesterday, I was called to a clients because they allegedly had a "virus." Their contact list was getting Viagra spam e-mails sent from their account with no subject in the header. Of course, as a tech professional, my first instinct was the client had one of the new botnets. However, upon arriving at the clients location and investigating further, the truth of the matter was that they had their Yahoo e-mail account hacked and there was a spammer sending out Viagra spam emails with no subject in the subject line of the email.
Repeatedly, people had sent this client an e-mail saying he had a virus because of this.
Additionally, I have seen it on Twitter - "New virus hits Twitter sending links..." And on Facebook, "New virus attacking Facebook - Don't click the link." This is just a sampling of many other examples I can use.
So, let's get this resolved right now.
The formal definition of a virus is: "A parasitic program or code written (usually intentionally but sometimes accidentally) to enter a computer without the user's permission or knowledge."
A true virus always needs human intervention to become active. This is what distinguishes it from a worm which can move on it's own across networks.
This means that a person or computer user has to click a link, open a document or an e-mail, or take some other type of action to activate it. If human involvement does not take place, it's not a virus - it is something else.
In the situation where my clients e-mail was sending out Viagra spam, everyone assumed it was a virus because they know the client would not send this type of e-mail. But telling a security novice they have a virus creates a panic that can be avoided and would not result in cleaning up the real problem.
So, how did I know the email account had been hacked and it was not a virus? The answer is so simple it will surprise you!
All the sent mail was deleted and there was no indication from Trend Micro (which all my clients use) that a virus was present, nor was there activity on the network when the computer was idle.
You see, in a true botnet or other spam sending worm or virus, the network lights would be actively flashing because the malware would be sending spam even when the user was not in the email program or using the computer! Since this was not happening, I immediately went to Trend to confirm that it had not picked up any such activity - which it had not.
When I logged into the clients email account, I immediately noticed that all of his sent mail had been deleted. This client happens to be such a novice that he doesn't even know how to empty that! However, I did ask him if he deleted it any way, and he had not.
This particular hacker happened to be smart enough to erase his/her tracks making it also appear to the client that it was a virus instead of a hack.
You see, if the email user can believe they have a virus and wastes their time searching for a virus that doesn't exits, the hacker can continue sending the spam because the user would never think to change their password!
The same is true with these alleged viruses circulating Twitter and Facebook. 99% of the time, it's not a virus!
What has really happened is that some user fell for a social engineering technique where they were sent a link and they were duped into clicking it. At that point, several things could have happened.
They were asked to log in using their Twitter or Facebook account information.
They authorized some application to access their Twitter or Facebook account information.
In both of these situations, the login information or the authorization is what allowed access to their account by a malicious content provider, which then allowed that person to access their followers or friends.
This type of action - although it involved human interaction - is NOT a virus either. It's technically considered an account hack or hijack that the user actually authorized themselves unknowingly.
So, when is a virus NOT a virus?
The answer: When it's a hacked or hijacked email or social networking account.
Debbie Mahler is the owner of a 100% woman-owned a full service technology and training company ( http://mice.org ) specializing in technology strategies centered on the needs of individuals, solo-preneurs, and small-to-midsized businesses. We are your IT department without the overhead. From web & graphic design, to computer support and training, we're here to help you navigate the new digital landscape! If you liked this and other articles, please sign up for our free Tech Tips & get the free eBook: Why is my PC so slow? http://mice.org/lists/
0 comments:
Post a Comment