Arun Marballi

Over the last eight months, we have identified the many layers of protection that we must place on our computers for them to be safe particularly when we venture into cyberspace. One of these layers of security that I had recommended as an absolute �must� was anti-virus software. I also had indicated that we should on a weekly basis update our anti-virus software with the latest virus signatures to ensure that we continue to be protected from the myriad viruses that get spawned everyday by the malicious denizens that inhabit the Net.

To thwart phishing attempts, I had recommended against following links embedded in e-mails even if they appear to have been sent by a business or institution that we have a relationship with or from friends and family. Many anti-virus software vendors occasionally send out e-mails to their registered customers providing alerts and other advisories. However, these �well-intentioned� communication lines can become the chink in our armor if they are subverted by these miscreants to form what we recognize to be �phishing� attempts. One such attempt was reported this week in Australia. In this instance, the anti-virus vendor McAfee was the target and the phishing attempt comprised an e-mail allegedly from McAfee that purportedly warned of a new virus called Kongo31.XRW, which incidentally does not exist.

An embedded link in the e-mail transports the unwary traveler to a fake McAfee Web site hosted in Canada and the download link on the Web site gets you a �Trojan� called Trojan-Downloader.Win32.Hanlo.h that could do serious damage to your computer. The purpose of my including these specifics here is to warn you in the event you have received or in the future receive such an e-mail and more importantly to emphasize the importance of not following links in e-mails even if they appear to come from a genuine software vendor or financial institution.

Some financial institutions have started incorporating secure access features that combat this growing menace of misdirection and website spoofing. Case in point; Bank of America has recently implemented a feature called Site Key that basically works as a verification for the Bank of America Web site�s authenticity. The way this works is as follows: as an online user you select an image from a large collection of images that BOA presents to you and then create and enter a caption for this image.

The image and the caption you have created becomes your unique Site Key. Subsequently, when you identify yourself with your username (no password required at this time) on the initial screen, the bank�s Web site returns your Site Key image and your unique caption for that image. If you recognize it, then you know you have reached the bank�s Web site and enter your password to access your account. The premise here is that if the initial screen is a spoofed Web page by a phisher, you would not see your Site Key since the spoofer would not have your site key information. My �hats off� to Bank of America for having taken this step in the interest of consumer protection! I truly believe all vendors should take similar measures.

Finally, in the event you are still a passive reader and have not taken the preventative measures I have suggested, let me leave you with this thought at the risk of sounding like an alarmist. In the past, the virus and malicious software producers were primarily bored students looking to have fun. But these troublemakers have morphed into opportunistic miscreants that are getting increasingly sophisticated and driven by the profit motive. They will keep looking for the unprotected and take advantage of them for personal gain.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home