More security news today, healthcare workers be aware...keep up to date with your security updates and be sure to report anything strange to your IT department/agency. While at work refrain from going to websites you don't know...it used to be just email attachments, but now just clicking on a link in an unfamiliar websites can do you in...BD
BOSTON (Reuters) - A few weeks ago Candace Locklear's office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software.
She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers. It took eight hours for a technician to clean up her computer. But because the malicious software worked so secretly, she's still not convinced that all's clear.
It took eight hours for a technician to clean up her computer. But because the malicious software worked so secretly, she's still not convinced that all's clear.
"You won't know you are infected until one day your ISP turns you off or restricts access or money starts disappearing from your bank account," said Adam O'Donnell, a senior research scientist with Cloudmark, which sells anti-spam software.
Some are keyloggers, recording every key stroke that the user enters -- sending valuable bank account information, passwords and credit card numbers to hackers. And other malware programs turn PCs into "zombies," literally giving hackers full control over the machine. The zombies can be instructed to act as servers, sending out tens of thousands of spam emails promoting counterfeit medications, luxury watches or penny stocks without the PC owner ever knowing about it. The computer that controls the zombies -- known as the command and control center -- is able to change the text of the spam depending on what his or her customer wants to sell.
For what it's worth, this is a gross oversimplification. You don't even have to do anything anymore..if, say, you pissed me off in some horrible way and you had an average Windows computer, I could easily muck around with it while you're just using it without knowing better.
ReplyDeleteThis is also something not that new..and it's a shame the mass media are being dimwits about it. People who don't understand the concepts shouldn't be writing about them for thousands upon thousands if not millions of people to read.
That being said, the Storm botnet, which apparently rivals many of the world's most powerful supercomputers in what it's capable of doing. And it consists of mostly computers running Windows with idiot users who don't comprehend the idea of security. And it's capable of doing a hell of a lot more damage than bombarding people with billions of spam messages. I'd consider spam to be the least of all worries presented by the existence of such a botnet.
Might I also note the existence of so many techniques, even for websites, that would enable someone to abuse credentials and do things..without even needing to login or steal a password. Hellloooo CSRF! Link clicking and opening weird attachments, although they do prevent a fair number of annoying trivial headaches, are soooo 20th century.
Thank you for the comments. You are right we do need more of an awareness and even though this is pretty much a medical blog, I feel a reminder and occasional articles relating to security are not a bad idea to help keep the momentum alive.
ReplyDelete