Monday, August 18, 2008

"News", as well as phishing, could appear in computer worms and trojans


We’ve gotten used (and desensitized) to warnings about emails seeking personal information, such as phishing attacks from banks or brokerages, and also from companies like paypal, Ebay, and ISP’s. And we’ve been warned responding to emails proposing getting something for nothing (“Nigerian scams”) and offering frivolous entertainment like greeting cards. Another variation is phony communication about tax liabilities or refunds, purporting to come from the IRS, which does not contact people by email for legal purposes.

In the 1990s the most common risk from email came from downloading an opening an attachment. Now, merely clicking on an attachment could start a malware application (such as a fake anti-virus script). In rarer cases, merely previewing or opening the email itself could start a malware application. (One of the first of these was “Bubble Boy” back around 1999, as I recall.) Modern email programs offered by larger ISP’s (which screen for viruses), in combination with anti-virus packages (like McAfee or Norton) running on a system properly maintained with operating system updates (as from Microsoft) generally offers reasonably effective protection from these possibilities. One problem in practice is that downloading these updates requires a stable broadband connection or a secure subscription wireless connection (don’t use a restaurant “hot spot’), that not everyone has access to. Making sure that this capability is routinely available to everyone like other basic utilities (electricity) is becoming a major national infrastructure issue, requiring investment and public policy decisions, connected to the “network neutrality” debate.

It’s important to realize that the range of subject matter in virus or worm attacks may expand. Recently there was a malware item purporting to come from CNN. “News spam” could become a threat in the future, and has occurred before. In 2007, there was a trojan that tried to solicit personal information by pretending to offer detailed information about a Brazilian plane crash (and its victims). The link in NetworkWorld is here.

Another possibility is that a spammer could claim to have a “tip” about an impending incident, or about the location of a terrorist like Osama bin Laden (seeking to exploit potential public interest in the government’s announcement of a reward for capture). This possibility is complicated by an additional hypothetical scenario of the Tom Clancy or Jeffrey Deaver spy-fiction world. Someone has a real tip, and uses spam to communicate it. It's not clear whether this has ever really happened, but I can imagine (as someone with a new novel on his own hard drive) why it might. What did the CIA admit after 9/11: “we had a failure of imagination”. And, we all know the truism for the gullible, “I read it on the Internet.”

I have received a few possible “tips” in my eleven years of being visible online, and four or five times I have contacted the FBI. I don’t claim “reporter shield” with something like this, particularly as an amateur. I’ve had a least one extended telephone conversation in 2005 about one of the emails that I got. The government, when receiving something like this, is supposed to match it to other tips from unrelated sources to determine credibility, since most of these items are probably hoaxes or just spam items. An issue after 9/11 was the inadequate communication among government agencies about the random information it receives. At the same time, the Administration promoted measures (like the Patriot Act) that compromise privacy and civil liberties while being slow at improving its own inter-department communication and on upgrading the skill level of its own information technology people.

Recently I got a bizarre email from France that appeared to suggest the ability to compromise oil production in Nigeria. There was a link in the email. I typed in the URL rather than clicking and found that the site was legitimate (and checked out as green with McAfee). Further, I found that an earlier National Geographic issue (that is, a clearly credible and neutral mainstream journalistic source) had backed up the “complaints” on the site. I wrote the email up on my international issues blog Aug. 15 (link). but I also sent it to NBC news with some explanation, figuring that a major news organization (that once employed me) could investigate and corroborate to determine credibility and notability for being on the air. So, some emails like this may actually be legitimate, may communicate real perils, and need serious attention from authorities (especially overseas) and major news organizations. On the other hand, disgruntled overseas parties may want to use "amateurs" as well as regular news organizations to broadcast their causes and grievances.

McAfee has a list of (news-related) “hoaxes” that may be useful, here. I didn’t see last week’s incident there, at least yet.

No comments: