Internet viruses prey on computer complacency

by  Alan Zisman (c) 2006 First published in Business in Vancouver March 7-13, 2006; issue 854

High Tech Office column


P.T. Barnum never really said, “There’s a sucker born every minute.” But, apparently, if something appears online lots of otherwise careful people take it for the truth.

Take phishing, fraudulent e-mail messages appearing to be from financial institutions hoping to lure users to enter their login names, passwords, and account numbers. Perhaps because my e-mail address ends in “.ca,” I’ve recently been receiving messages claiming to be from Canadian banks.

The latest was apparently from TD Canada Trust, promising me a chance to win $1,000 of online bill payments if I clicked on a link and logged into my account.

The link didn’t point to a TD website. Instead it led to an “sk” Web address somewhere in Slovakia. It’s unlikely that any reputable financial institution would be outsourcing their website and customer databases to eastern Europe.

Be suspicious of any e-mails claiming to be from your financial institution asking you to go to a Web page – no matter how valid they might look – and enter your login information. If you’re not sure, phone your branch and get confirmation.

Twice in recent weeks, I’ve received e-mails warning me of newly discovered computer viruses. The most recent spoke of a timely virus with “an Olympic Torch that ‘burns’ the whole hard disk of your computer.” It continues: “... it has been classified by Microsoft as the most destructive virus ever” and suggests recipients of this e-mail “COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS.”

Unlike the phishing frauds, the person sending me this message was well intentioned. Nevertheless, it’s also bogus. A hint: Microsoft doesn’t classify viruses. A Google search for “Olympic Torch virus” quickly confirmed it as a hoax.

Graham Cluley of anti-virus firm Sophos notes that “hoaxes and chain letters like this are not harmless. They waste time and bandwidth and can be a genuine headache for support departments. Users need to ask themselves whether everything they are told can be believed.”

Before forwarding any virus-warning e-mails, take a moment to plug a couple of words from the message into Google. You should quickly see whether they’re describing an actual virus or a hoax.

This week (as I write) has also had reports of the first malware targeting Apple’s Mac OS X. Like phishing and virus hoaxes, the Leap-A worm requires the active participation of its victims. It spreads via an infected Mac’s iChat instant messaging software, asking all the contacts on the infected user’s buddy list to download a presumed graphics file. Opening the compressed file loads the program, infecting another system. Once again, a simple request for confirmation is all that’s needed to demonstrate that your “buddy” didn’t really send you any pictures.

The good news: according to security-firm Symantec this well-publicized worm had infected fewer than 50 Macs. The bad news: Mac users have been complacent. While their computers are inherently more secure than Windows systems, nothing is perfectly secure and it appears that Macs are now being targeted too.

Whether you’re using Mac or Windows may matter less, however, than whether you believe everything you read in your e-mail inbox or on the Web. Take a moment to get confirmation before you open an attached file, forward a virus warning or type in financial account numbers and login information.