 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
New tactics from hackers, spammers
This column originally ran in ComputorEdge on January 10, 2003
(Issue 2102, Today's Programmer)
Just in time for the new year, virus creators and spammers have come up with a new tactic to infiltrate our defenses.
With the general public more and more aware of the dangers of viruses and other malicious programs (trojan horses, worms — but for most of us, "viruses" is enough to cover all of them), it's getting tougher than ever to successfully get your virus to distribute in a big enough way to get the media to report on it.
However, since the losers who write these malicious little programs seem to have issues with getting attention, their desire to gain media coverage is undiminished.
Most readers will probably remember a few years back when a virus nicknamed "Melissa" was the scourge of the land. Melissa spread itself by using the interconnectivity of Microsoft's Office suite — by invoking Word Basic macros, Melissa was able to get the Outlook e-mail program to send an e-mail to everyone in your address book with another copy of Melissa. When your friends and business associates received an e-mail from you, they'd have no reason to be suspicious, and would click on the message, starting the cycle over.
New countermeasures now in place
Since then, of course, legitimate programmers have come up with new safeguards to protect us from Melissa and her offspring. Nearly every virus protection package on the market will prevent Melissa-style viruses; as new viruses spring up, most software security company offer updates you can download from their Web site — assuming their software doesn't automatically check and install them for you.
So getting your virus to spread is no longer as easy as it was just a half-decade back.
The highest hurdle
But for most viruses hackers, getting the human recipient to open the message remains the highest hurdle to success. Humans are, after all, still more difficult to manipulate than computers.
And that's both the genius and the sleaziness of the new tactics
Of late, I've been getting viruses attached to e-mails designed to appear as though it's a bounced message I sent someone else.
With the e-mail path masking that the hackers perfected to cover their tracks in the late '90s, they can now make their messages appear to come from various mail servers. And so I've got a collection of e-mails with faked return addresses like Mail Delivery Subsystem or MAILER-DAEMON, with subject lines of "Undelivered mail" and "Returned mail: user unknown."
Spammers jump on board
The first few of these I found in my in-box had executable files attached — viruses, I presume. My firewall wraps them in a sort of electronic cocoon so I can't even launch them with a simple double-click, anyway — and I don't use Microsoft Outlook or Office, so if their macro-based (like Melissa) nothing would happen anyway.
But there are tens of millions of folks out there who do use Outlook and Office, and by using the above masking techniques, it's easier to lower people's defenses.
Which is a reality that obviously appealed to the spammers, because in the latest batch of fake returned e-mails there have been no attachments, but links to porn sites cleverly designed to look like a mail server's admin contact point.
The lesson in all this is clear — be even more vigilant. Forward messages like this to your ISP so they can improve their anti-spam filters. And never click on a program that arrives as an attachment — even if it looks like it's something you sent to somebody else.