PC House Call - Case Studies
Hey Zonny,

Thanks for disinfecting my Dell laptop. I want to ensure that my desktop does not get infected what do I need to do?

Courtney, Huntersville

Courtney’s laptop was infected with what is called scareware. According to blogs at ZDNet, throughout the last two years, scareware (fake security software), has emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process. Courtney probably visited a compromised website that delivered that malware.

Apparently a primary source for propagation is through the social networking using illegal acquisition tactics. I have also seen instances of the malware spread through clicking on links embedded in email and through simple searches. Another source is from the serving malicious ads on legitimate and high profile sites in an attempt to exploit the end user’s trust via a mouse click on the “malvertisement.”

The criminals behind these efforts use sophisticated software that tricks users into believing the compromised website is serving legitimate content. Without a trained eye, it is difficult to detect the legitimate from the illegitimate. Infection detection and removal has become more difficult because certain scareware releases will prevent legitimate security software from loading. Moreover, it will also attempt to make its removal a time-consuming process by blocking system tools and third-party applications from executing.

I received an email from what appears to Pay Pal, asking for me to click on a link to submit information. Although I have an Pay Pal account, I have not used it in years.

I am suspicious.

Bill, Davidson

When I visited Bill’s house he showed me this suspicious email, which in many ways appeared legitimate. We decided to visit the Pay Pal site for more information.

According to Pay Pal, thieves on the Internet simply go fishing, or 'phishing', as the practice has come to be known, trolling the sea of online consumers in hopes of netting unsuspecting victims. One method of phishing is the sending of 'spoof' (fake) emails, which copy the appearance of popular Web sites such as eBay and Pay Pal in an attempt to commit identity theft or other crimes. It's incredibly difficult to detect fraudulent emails - as spoofers have become increasingly sophisticated in their attacks.

Bill and I decided to forward the email to abuse @ paypal.com. If we had clicked on the link in the spoof email, we would have been directed to a fake Web site - where the real damage could have been done, similar to Courtney’s malware infections described above.

Is my mobile device secure?

Joanne, Denver

Many Android™ smartphone devotees and tablet-toters are unaware of risks that lurk behind their apps. Take for example the 260,000 people who recently downloaded one of 58 legitimate-looking apps like Scientific Calculator and Color Blindness Test from the Android Marketplace.

What they received instead was the nightmarish DroidDream Trojan, which gains access to your phone, roots out private information and then sends that information back to the bad guys for extraction. This debacle provides a pretty convincing case for mobile security, but here are a few other ways you can help protect yourself from mobile threats:
  • Carefully read reviews, ratings and permissions for suspect information
  • Always verify that your software comes from a trustworthy source (visit the developer's website)
  • When in doubt, use a search engine to see if the app has made any news
What are those strange icons that I see people using their mobile phones like scanners?

Nancy, Cornelius

They're using a QR Scanner (downloaded from the Android Marketplace) and they're scanning a QR Code - like the one below. A QR code (short for Quick Response) is a specific matrix barcode (or two-dimensional code), readable by dedicated QR barcode readers and camera phones. The code consists of black modules arranged in a square pattern on a white background. The information encoded can be text, URL or other data.

 


 
Home HouseCall01.htm HouseCall02.htm
HouseCall03.htm HouseCall04.htm

Cybersecurity