Computer Support Blog

People often ask me how spam can be sent and why does it exist. Spam email costs business money and time. We don’t want it and never read it (do we?) so how can we stop it.

I do not think that we will ever be able to stop it is my answer, every time we provide a solution to stop it, the people that send it come up with another way to make it difficult to filter it out.

One of the most common ways that spammers are able to be non detectable are using your machine without you realising to send the spam email or attack other machines on the internet with so much traffic that the service is knocked offline.

Quite often without you realising you have installed an infected piece of software that has given backdoor access to your machine to these spammers. This is referred to as Zombie or Bot networks.

The most common methods used to distribute infected software are Trojan droppers and downloader’s installed into pirate software which is distributed via file sharing P2P networks (Kazaa, eDonkey, MSN messenger etc.). Or exploiting vulnerabilities in MS Windows and popular applications such as Internet Explorer, Instant messenger programs and Outlook. Hence do not innocently install software on your work computer that has not been approved by more experienced people that are able to test and approve, i.e. your IT administrator.

The people that have the control part of a program which controls the Trojans can then sell their access to all these machines to the spammers or people that want to use your machine connected to the internet to attack another network or website to take it offline. Because the attacks and spam email would be coming from many machines on the internet it is hard to combat/ detect.

Analysts estimate that Trojans are installed on millions of machines worldwide. Modern Trojans are sophisticated enough to download new versions of themselves, download and execute commands from specified websites or IRC channels, send out spam, conduct DDoS (denial of service) attacks and much more.

How is spamming profitable?
1% of a few million emails is a lot of possible business, and believe it or not some people do click on the links in the emails since they are intrigued about a cheap mortgage deal or pirate software that does lead to business and it costs them nothing really to send the emails. And a lot of the dark people that write virus for the challenge have the same mental attitude to write a spam engine that is successful without been detected.

The seriousness of staff ignorance is over looked when using the internet at work, and education is a must!
Using programs like instant messenger (IM) or visiting sites that are not work related for lunch time perusal are mainly to blame! This ignorance can have catastrophic effects on the companies privacy and IT uptime.
It was discovered in a recent survey that over 73% of businesses in the UK suffered a Spyware attack in 2006. 19% percent were unable to identify the source (Source security firm Peapod).
While 57 percent of businesses have banned instant messaging (IM) in the workplace, nearly 70 percent use methods to enforce the ban that are obsolete, easy to circumvent or completely ignored, the poll found.
Our Chief Analyst Matthew Aylard says that…
“Technology is not the only answer when providing protection, the users need to be aware and play a key role in ensuring that Spyware does not get a foothold in the infrastructure. For example… using an instant messenging program like Microsoft Live™ messenger correctly can be a great communications tool, when used incorrectly has massive security risks, usually down to careless or ignorance. Staff education is just as important as having the perfect technology solution”

What is Phishing?
Phishing is an attempt to obtain your personal information like user name and passwords for PayPal, your email, and access to your online banking. They lure you to a replicated site of one that you are familiar with, like say PayPal, you don’t check the address in the browser and think that you are logging into the actual site. They log all your authentication information that you use and then give you the impression that your attempt has failed. The fake site may then redirect you to the official website and you attempt to login again with success. Read the rest of this entry »

With all the new anti spam tools and controls to try to combat spam today, how is it that we still receive so much?

Many Internet Service Providers have made strict changes to stop these mass mailers, which also makes users’ lives more complicated having to change the way their email client works.

Here at CertainIT, we help businesses combat the problem using the latest technology and have great support from MailProtector. The main cause of the recently high volumes is Trojans running on your computers in the background sending emails out from your machine without you even knowing.

Read the rest of this entry »

Have you ever received one of those emails from a loved one with a link to an e-card that they have generated for you? Well cyber crooks are now trying to take advantage of you in this way as well.

Currently there is an spam email out there that appears to come from a secret admirer in an attempt to obtain your identity and personal information. Thousands of people’s logons, credit card numbers, and online banking details must have already been collected.

The attack encourages you to click a link in an email that takes you to a site to “collect” your e-card. The actual website that you are taken to installs a key logger on your system. A key logger is a program that transparently logs all your keyboard strokes and sends the information to a central database on the internet somewhere, or just locally on your machine. Obviously the person that has configured the log can then collect all your computer usage and passwords and use them as though they where you.

Windows users who have installed the MS06-014 patch, released in May, are not vulnerable to this. So please make sure you have installed all your critical windows updates via the windows update link on your start menu. Or you may have them set to be installed automatically my recommended advise.

This type of cyber crime is referred to as “phishing”. I would also recommend that you search Google for Spam and phishing and try to get a better appreciation of these types of threats. Always treat email as a potential threat to obtain information about you or that it may contain some sort of damaging attack at your computer.

Matthew Aylard - CSA

There has been a new flaw discovered in Internet Explorer Versions 5.01, all 6 versions and Excel which could allow someone to hijack a Windows PC. The flaw is due to an ActiveX control related to Multimedia Features and can be exploited by visiting a rigged website. The issue is deemed to be “critical” and although Microsoft have recently issued some security updates it does not cover this flaw. They generally release security updates for their products every month and how to us this vulnerability was exposed just after these updates, which is no coincidence. There are no known sites yet using this flaw to take control and data from your windows machines. Microsoft is not aware of any attacks that attempt to exploit the new IE vulnerability at this time, it said.  So remember to be very careful opening unsolicited attachments from both known and unknown sources or links to unknown website that we can not protect you from. Hopefully patches will be released soon. Remember its not because Microsoft products are badly made, just that people know if they find a “hole” in Microsoft product that “hackers” can take advantage of, they will be playing to a larger audience. If Open Office was as widely used then there would be more vulnerabilities discovered with that products as well.  People/ Organisations who discover these vulnerabilities and expose them to the Internet before allowing Microsoft to make amendments are the real problem and like to cause chaos.  

It is important that you take action and take more care about opening email attachments or visit strange websites. If it sounds suspicious it most likely is.