At the recent AOTA conference, I chatted with Byron Acohido, a Seattle-based tech writer for USA Today. He and Jon Swartz have written a book called "Zero Day Threat", which means "a hazard so new that no viable protection against it yet exists."
Cybercrime is such a hazard. It's $100 billion a year industry, and growing quickly.
Acohido tells me that 40% of the personal computers in this country have been hacked, and are now "zombies" or "bots", that steal data, and use data. In other words FORTY PERCENT of the computer users in this country have been hacked, and are "in play", shelling out personal information, and emptying bank accounts like an ATM.
That's what happened to "Dottie". She tells me that her computer had been botted, and she had no idea until the FBI broke down her front door and seized her computer. Her computer's ISP was being used to make credit card purchases, on another person's card, which the Cybercrooks stole from another man's computer. The Feds tracked that ring down in Russia, but it took "Dottie" months of hassle to clear her name.
Experts at Microsoft offer some strategies on how to tell if your computer is a "bot" or a "zombie":
• Your computer runs more slowly than normal
• Your computer stops responding or locks up often
• Your computer crashes and restarts every few minutes
• Your computer restarts on its own and then fails to run normally
• Applications on your computer don't work correctly
• Disks or disk drives are inaccessible
• You can't print correctly
• You see unusual error messages
• You see distorted menus and dialog boxes
These viruses usually do not disable your computer, because zombie computers must be plugged in and connected to the Internet in order for the botnet to work.
You can get a free virus scan with the Windows Live OneCare safety scanner. If you want continuous protection, you should use antivirus software such as Windows Live OneCare, which is free for 90 days.
If your computer shows symptoms of virus infection, first make sure that the software on your computer is up to date. Then run the Microsoft Malicious Software Removal Tool. The Malicious Software Removal Tool checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software and helps remove any infection found.
5 ways to help keep your computer from becoming a zombie
1. Never open an attachment in an e-mail, instant , or mobile message unless you know exactly what the attachment is, even if it's from someone that you know. Attachments can contain e-mail viruses.
2. Use an Internet firewall.
3. Stay up to date. Visit Microsoft Update and turn on Automatic Updates.
4. Subscribe to industry standard antivirus software and antispyware software, and keep them current. Microsoft offers Windows Live OneCare, which is free for 90 days and Windows Defender. Windows Defender comes with Windows Vista. If you use Windows XP SP2, you can download Windows Defender for no charge.
5. Use licensed software products. Botnets are often comprised mostly of computers that run illegally copied versions of operating system and productivity software. Unlicensed software can be more susceptible to viruses, and can even come with viruses already installed without your knowledge.
Has your computer been compromised? Know of a scam or a ripoff here in the Puget Sound area? Shoot me a line and tell me about it.
I'm Bill Wixey, keeping your money safe.
A viewer, Joe, writes in:
Hello! Thanks for the article on "Is Your Computer Safe" ... however, you make no mention of computers NOT running Window$. How do the rest of us (running Macs, etc) see if we're affected?
Joe
Kirkland
A good point. The experts at PC World weigh in:
You can't easily tell if your PC has been zombified. The usual malware warning signs - computer slowdowns, odd behaviour - apply to zombies, though they could easily be signs of lesser problems. Watch your firewall software for strange outgoing traffic. Run multiple online virus scanners (browse to How Can I Tell If My PC Has Caught a Virus? for details). Also check out Symantec's free Norton AntiBot Beta, which specifically looks for bot infections. Still, don't consider yourself safe in the event that AntiBot doesn't turn anything up.
Some zombie or bot software can hide itself from virus and malware scanners by installing a rootkit. Free rootkit-revealing software such as Sophos Anti-Rootkit and Sysinternals' RootkitRevealer can help, err, root those infections out.
Though your ISP can identify zombies among its clientele, that doesn't necessarily mean you can contact the company's support staff and reach someone who knows what you're talking about.
I got mixed results with my own ISP. When I phoned tech support, I reached someone who'd never heard of a zombie. An email query yielded another ignorant reaction, but a forceful rejoinder from me produced a useful-sounding letter promising to inform me of any suspicious behavior.
Unfortunately, according to Trend Micro network architect Paul Ferguson, it's not in ISPs' economic interest to be especially diligent or helpful about this. "The vast majority do nothing at all," he warned me.
If email bounces back to you with a message that you've been blocked, your address may be on a spam blacklist - most likely as a result of being zombified. More than 100 such blacklists exist, and many ISPs use one or more of them to block the IP addresses of known spammers. If you're on one or two such lists, most of your mail will get through, but some will not.
Even if your email isn't bouncing, it's a good idea to find out whether you've been blacklisted. First, go to http://checkip.dyndns.org/ To view the IP address you send out to the world--probably your router's. Select the displayed address and choose Edit, Copy to copy it to your clipboard.
There are several blacklist reporting sites. My favorite is Robtex. Paste your IP address into the only field on the page, and click Go. Robtex will list a great many blacklist sites. If any of them are red, you've got a problem. Use the list's contact information to find out why you're on that list and how to get off of it.
Finally, remember that prevention is the best medicine. Keep Windows and your antivirus, firewall, and other security measures.
I'm Bill Wixey, keeping your money safe.
Comments (5)
I see that you mention that Windows is the most at risk. What about Macintosh computers?
Hi Teresha:
I just posted some more information on the "bot" threat to Macs on my blog.
Thanks for writing in!
Bill
Posted by Teresha | June 18, 2008 6:38 AM
Posted on June 18, 2008 06:38
Good reporting, but scary. You only mention PCs running Windows. Are Macs vulnerable to the same type of botnet take-over?
Thanks, doctor.
Another astute viewer caught the same thing, and I've just posted some new information about some other tips on how to prevent "botting" for Mac users, thanks to the experts at PC World.
--Bill
Posted by Sean Thornton, MD | June 18, 2008 10:46 PM
Posted on June 18, 2008 22:46
The dangers of using windows. Worse is many of these guys like to hijack the Active-X program. You are better off with Macintosh, Un*x, Solaris, or Linux. Still, watch what attachments you open and which web sites you visit. If you really want to be safe, run your system from either a CD or floppy, saving you files either on a usb pen drive or external hard drive.
Posted by Christopher | June 18, 2008 10:52 PM
Posted on June 18, 2008 22:52
"One expert says" that 40% of the PCs in this country have been hacked or compromised by bots.
That's an outrageous and unsubstantiated allegation, and not even mathematically correct. But you "bot" into it.
Acohido is pumping his book. What do you think he's going to say? But you took his panic-button "mother ship" hooey to a new level.
"Literally, on the scale of Al Capone"?? LOL! He's making references that nobody under 35 would even understand. Geraldo Rivera opened Al Capone's vault in April 1986, 22 years ago! How many 22-year-old cyber-geeks remember that? Maybe if Acohido had said, "Literally, on the scale of Enron or Halliburton..."
But you extrapolate:
"Once they've stolen your data they own your computer." And, if I recall and paraphrase the rest of your comment correctly (which is not posted to this edited video), you also said, "Once they own you, you can never get away from them." Right.
If that were the case, why even bother listing all the options for de-bugging your PC? Why not just toss all your gear into a trench and buy all new stuff?
Here's my advice: Stop buying BS from USA Today "tech writers." Acohido is no "expert." He's entitled to his opinion, but you know what they say about opinions -- everybody's got one. That doesn't make them credible.
Elrod
Dear Elrod:
Thanks for your comments.
Byron Acohido and Jon Swartz have produced a series of investigative reports about cybercrime for USA Today. Acohido is a Pulitzer-prize winning journalist, and with the depth of knowledge that has gleaned in writing his articles and researching his book he is, in my mind, a technology expert.
Certainly, the assertion that 40% of computers are infected is going to raise some eyebrows, mine included. As a reporter, am I citing a source. I did not get into many of the other assertions that he makes in "Zero Day Threat", namely, that banks and credit institutions are complicit in the theft of our money and identities.
In the tag of my piece, I did report that Acohido says once your computer has been "botted" it cannot be "unbotted", which is to say that the malware is installed in the hard drive and is extremely difficult to uninstall.
The following is from Nick Ianelli, a CERT internet security advisor:
"Your best bet is going to be to try to locate all the critical files on the system, pull them off or back them up, and then scan the files that you want to keep to make sure they’re clean. The best way to ensure that your computer is clean is to just wipe it and start from scratch. Rebuild the operating system and then load all of your applications. Load all of your files back onto the system after you’ve ensured that they’re not infected. It’s really the only way you’re going to know that your machine is no longer infected."
Bill
Posted by Elrod | June 19, 2008 9:20 AM
Posted on June 19, 2008 09:20
My PC is experiencing some of the symptoms mentioned above. Can you email me a good link to get the tools to check my PC for Bots and which tools need to be downloaded and any specific order it should be done? Thank you for your time, this is a very informative message to be putting out to viewers.
Hi Chuck. Hopefully this helps. I published this a few weeks ago on my blog under the story: "Is Your Computer Safe?"
Experts at Microsoft offer some strategies on how to tell if your computer is a "bot" or a "zombie":
• Your computer runs more slowly than normal
• Your computer stops responding or locks up often
• Your computer crashes and restarts every few minutes
• Your computer restarts on its own and then fails to run normally
• Applications on your computer don't work correctly
• Disks or disk drives are inaccessible
• You can't print correctly
• You see unusual error messages
• You see distorted menus and dialog boxes
These viruses usually do not disable your computer, because zombie computers must be plugged in and connected to the Internet in order for the botnet to work.
You can get a free virus scan with the Windows Live OneCare safety scanner. If you want continuous protection, you should use antivirus software such as Windows Live OneCare, which is free for 90 days.
If your computer shows symptoms of virus infection, first make sure that the software on your computer is up to date. Then run the Microsoft Malicious Software Removal Tool. The Malicious Software Removal Tool checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software and helps remove any infection found.
5 ways to help keep your computer from becoming a zombie
1. Never open an attachment in an e-mail, instant , or mobile message unless you know exactly what the attachment is, even if it's from someone that you know. Attachments can contain e-mail viruses.
2. Use an Internet firewall.
3. Stay up to date. Visit Microsoft Update and turn on Automatic Updates.
4. Subscribe to industry standard antivirus software and antispyware software, and keep them current. Microsoft offers Windows Live OneCare, which is free for 90 days and Windows Defender. Windows Defender comes with Windows Vista. If you use Windows XP SP2, you can download Windows Defender for no charge.
5. Use licensed software products. Botnets are often comprised mostly of computers that run illegally copied versions of operating system and productivity software. Unlicensed software can be more susceptible to viruses, and can even come with viruses already installed without your knowledge.
Has your computer been compromised? Know of a scam or a ripoff here in the Puget Sound area? Shoot me a line and tell me about it.
I'm Bill Wixey, keeping your money safe.
A viewer, Joe, writes in:
Hello! Thanks for the article on "Is Your Computer Safe" ... however, you make no mention of computers NOT running Window$. How do the rest of us (running Macs, etc) see if we're affected?
Joe
Kirkland
A good point. The experts at PC World weigh in:
You can't easily tell if your PC has been zombified. The usual malware warning signs - computer slowdowns, odd behaviour - apply to zombies, though they could easily be signs of lesser problems. Watch your firewall software for strange outgoing traffic. Run multiple online virus scanners (browse to How Can I Tell If My PC Has Caught a Virus? for details). Also check out Symantec's free Norton AntiBot Beta, which specifically looks for bot infections. Still, don't consider yourself safe in the event that AntiBot doesn't turn anything up.
Some zombie or bot software can hide itself from virus and malware scanners by installing a rootkit. Free rootkit-revealing software such as Sophos Anti-Rootkit and Sysinternals' RootkitRevealer can help, err, root those infections out.
Though your ISP can identify zombies among its clientele, that doesn't necessarily mean you can contact the company's support staff and reach someone who knows what you're talking about.
I got mixed results with my own ISP. When I phoned tech support, I reached someone who'd never heard of a zombie. An email query yielded another ignorant reaction, but a forceful rejoinder from me produced a useful-sounding letter promising to inform me of any suspicious behavior.
Unfortunately, according to Trend Micro network architect Paul Ferguson, it's not in ISPs' economic interest to be especially diligent or helpful about this. "The vast majority do nothing at all," he warned me.
If email bounces back to you with a message that you've been blocked, your address may be on a spam blacklist - most likely as a result of being zombified. More than 100 such blacklists exist, and many ISPs use one or more of them to block the IP addresses of known spammers. If you're on one or two such lists, most of your mail will get through, but some will not.
Even if your email isn't bouncing, it's a good idea to find out whether you've been blacklisted. First, go to http://checkip.dyndns.org/ To view the IP address you send out to the world--probably your router's. Select the displayed address and choose Edit, Copy to copy it to your clipboard.
There are several blacklist reporting sites. My favorite is Robtex. Paste your IP address into the only field on the page, and click Go. Robtex will list a great many blacklist sites. If any of them are red, you've got a problem. Use the list's contact information to find out why you're on that list and how to get off of it.
Finally, remember that prevention is the best medicine. Keep Windows and your antivirus, firewall, and other security measures.
I'm Bill Wixey, keeping your money safe.
Posted by Chuck Woods | June 24, 2008 10:30 AM
Posted on June 24, 2008 10:30