Internet
viruses prey on computer complacency
by
Alan Zisman (c) 2006 First published in
Business
in Vancouver March 7-13, 2006; issue 854
High Tech Office column
P.T. Barnum never
really said, “There’s a sucker born every minute.”
But, apparently, if something appears online lots of otherwise careful
people take it for the truth.
Take phishing, fraudulent e-mail messages appearing to be from
financial institutions hoping to lure users to enter their login names,
passwords, and account numbers. Perhaps because my e-mail address ends
in “.ca,” I’ve recently been receiving messages
claiming to be from Canadian banks.
The latest was apparently from
TD
Canada Trust, promising me a chance to win $1,000 of online bill
payments if I clicked on a link and logged into my account.
The link didn’t point to a TD website. Instead it led to an
“sk” Web address somewhere in Slovakia. It’s unlikely
that any reputable financial institution would be outsourcing their
website and customer databases to eastern Europe.
Be suspicious of any e-mails claiming to be from your financial
institution asking you to go to a Web page – no matter how valid
they might look – and enter your login information. If
you’re not sure, phone your branch and get confirmation.
Twice in recent weeks, I’ve received e-mails warning me of newly
discovered computer viruses. The most recent spoke of a timely virus
with “an Olympic Torch that ‘burns’ the whole hard
disk of your computer.” It continues: “... it has been
classified by
Microsoft as the
most destructive virus ever” and suggests recipients of this
e-mail “COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS.”
Unlike the phishing frauds, the person sending me this message was well
intentioned. Nevertheless, it’s also bogus. A hint: Microsoft
doesn’t classify viruses. A
Google
search for “Olympic Torch virus” quickly confirmed it as a hoax.
Graham Cluley of
anti-virus firm
Sophos
notes that “hoaxes and chain letters like this are not harmless.
They waste time and bandwidth and can be a genuine headache for support
departments. Users need to ask themselves whether everything they are
told can be believed.”
Before forwarding any virus-warning e-mails, take a moment to plug a
couple of words from the message into Google. You should quickly see
whether they’re describing an actual virus or a hoax.
This week (as I write) has also had reports of the first malware
targeting
Apple’s
Mac OS X. Like phishing and virus hoaxes, the Leap-A worm requires the
active participation of its victims. It spreads via an infected
Mac’s iChat instant messaging software, asking all the contacts
on the infected user’s buddy list to download a presumed graphics
file. Opening the compressed file loads the program, infecting another
system. Once again, a simple request for confirmation is all
that’s needed to demonstrate that your “buddy”
didn’t really send you any pictures.
The good news: according to security-firm
Symantec
this well-publicized worm had infected fewer than 50 Macs. The bad
news: Mac users have been complacent. While their computers are
inherently more secure than Windows systems, nothing is perfectly
secure and it appears that Macs are now being targeted too.
Whether you’re using Mac or Windows may matter less, however,
than whether you believe everything you read in your e-mail inbox or on
the Web. Take a moment to get confirmation before you open an attached
file, forward a virus warning or type in financial account numbers and
login information.