Spies and Hackers
RIVER BENDER - DECEMBER 2004
It's getting tough to operate a PC on the Internet. Just when you think you're winning the battle against viruses and spam along come spies and hackers trying to invade your PC and steal personal data or simply screw it up.
Recently two men conspired to steal over half a million South African rands from a South African bank. What is frightening about this story is that they used a commercial spyware program from Spectorsoft called eBlaster that anyone can purchase today at http://www.spectorsoft.com/products/eBlaster_Windows/news.html. Is this legal? The software is legal because eBlaster is sold to help parents monitor kids web activity but it probably violates wiretap laws if used remotely without permission. The South African thieves sent the eBlaster installer as an innocuous attachment to bank customers who were foolish enough to click on it. Once installed, eBlaster began monitoring nearly every activity performed on the infected computers. The two men managed to steal user names and passwords from customers, logged into their bank accounts and transferred money to their own accounts.
Another program known as Lover Spy also includes an installer that can be emailed to a victim. Lover Spy's installer is disguised as an email greeting card. The software has been advertised through spam mailings as a way to spy on a lover without their knowledge. In this case the FBI started an investigation into Lover Spy for violating federal wiretap laws. In most US jurisdictions, it is illegal to install monitoring software on a computer you don't own.
What's the difference between spy software and monitoring software? None. Both names are used to describe the same kind of program but a true spy program has a capability to send monitored data to another machine via e-mail or a network connection.
So what can you do to protect your PC? The first defense is to never open an attachment unless you know what it is or who it came from. If in doubt, ask the sender before opening it. This has become standard operating procedure for all but newcomers. But wait, there's more to worry about.
The latest danger is called browser hijacking and is becoming common where your MS Internet browser settings are hijacked by malicious web sites and software that modifies your default start and search pages. No matter how often you change your settings back, such as your home page, they are changed again the next time you restart. There have even been cases where Internet Options have been removed from the Tools menu by registry hacking to prevent you from controlling your own computer.
What can you do about browser hijacking? The first thing to do is keep your Windows operating system updated with Microsoft's critical security updates available at http://v4.windowsupdate.microsoft.com/en/default.asp. Next you should download either free Ad-aware SE or Spybot S&D that will look for malicious software in your PC. Microsoft suggests either one even though they are third-party software. I installed both because they search for different malicious software. Ad-aware SE is available at http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button. Spybot S&D is available at http://www.safer-networking.org/en/download/index.html.
Once installed go online to the update website for Ad-aware and Spybot and get the latest definitions. Then do a complete scan of your PC. You'll be given a list of files found questionable which you can either delete or quarantine. I suggest you quarantine them for a few days until you're sure everything is working ok. This should fix the problem of a browser hijack but if it doesn't then do a Google search on browser hijack and you'll find information on how to fix the problem manually, which may require making registry changes. I haven't tried it but a small program called Hijackthis is available at http://www.spychecker.com/program/hijackthis.html that claims to be able to display registry entries causing hijack problems.
All past PC articles written for the River Bender since 1998 are posted on a link from the NBCUG web page at http://always-online.com/nbcug/dwindex.htm.