Clickjackers

May 22, 2011
| By Pete Daly |
Print
Text Size:
A A
When the publisher at Gemini Publications recently got an email — from himself — inviting him to click on a link to “get more than 9,000 TV channels direct to your PC or Laptop!” he was not pleased.

He is not alone.

Many more people at work are exposed to what information technology professionals now call “clickjack attack.” That link to 9,000 TV channels is almost certainly a virus that would wreak havoc on the PC and perhaps spread to others in the organization.

More businesses than ever are being subjected to attempted computer virus infections because restrictions on employee access to the Internet have been loosening up, according to James Halstead, a partner at Logical PC Solutions, a small IT company in Walker.

“It used to be all about locking down everybody’s computer and preventing them from being able to use different programs and different software within the PCs, but we’re really seeing companies open up their networks to their employees and empower them more nowadays — allow them to use the resources that are out there and available to them online and through their flash drives and everything else,” said Halstead.

Greater freedom to access the Internet and to use sophisticated tools on company PCs is intended to allow employees to better do their jobs, said Halstead, but he quickly added that there is a downside. “Viruses have more of a chance to come in.”

“Facebook has been the huge source of viruses at this point,” he added.

Hackers who succeed in getting into an individual’s Facebook account use it to send out messages to that person’s Facebook “friends.” Halstead said the messages typically urge users to check out a video or photograph or website.

“It’s ultimately a viral link they are sending out,” he said.

The virus can be simply malicious or an attempt to steal information.

Hackers that get into someone’s computer can install a keylogger, which is a program that runs secretly in the background unbeknownst to the computer user and records every keystroke typed. The strokes the hackers are most interested in are credit card numbers, user IDs and passwords and other sensitive data. And hackers now are more productive than ever.

“It’s all automated now,” said Halstead. “The software’s doing it. There’s not somebody who has to be watching it to take over an account.”

Most of the hackers are individuals or organizations trying to steal identities and credit card information. Halstead said he suspects that most of the attacks originate outside the United States.

Another type of malware is a botnet, which can take over thousands of PCs and launch DDOS attacks from them. DDOS stands for “distributed denial of service,” which maliciously shuts down websites.

Is the level of computer attacks increasing?

“It’s always been about this level,” said Halstead. “Our industry fights it and then hackers come up with something new, and then we fight it again. It seems to be an ongoing battle.”

Up until a few years ago, some employers locked down their networks altogether, allowing access only to what computer geeks call “white-listed” sites, said Halstead. Those are sites employees are specifically allowed to use.

“But you’re finding out, more and more, there is info out on the Web that can be used from a large range of sites,” he said. “Sometimes, instead of re-inventing the wheel, you are able to use the Internet to get the same job done in less time,” said Halstead. “Empowering your people is generally more profitable.”

So now, the vast majority of employers find it easier to maintain a blacklist of certain types of websites. “If you’re blacklisting, you can’t blacklist everything,” he cautioned. “That’s why you have to have a firm policy regarding Internet usage, as well,” he said.

The blacklist is actually an Internet filter, typically provided to clients by IT providers, to keep employees out of specified undesirable areas of the Internet. But according to www.internet-filters.net, no filter can be 100 percent effective. A determined employee may successfully get to a non-approved site — and sometimes it can happen by accident. Halstead noted that many porn sites have innocent-sounding names that are almost the same as legitimate websites; the pornographers count on an honest misspelling or a mistake such as using .com instead of .gov.

Internet-filters.net also notes that many filters block legitimate sites that might appear to be offensive to some people, such as a medical site on gynecology.

The worst a virus can do is steal personal or business information, according to Halstead, or it might just knock out your PC until the IT people can get to it. “Shutting down your computer is not nearly so bad as them stealing your information. Shutting down a computer is nothing compared to identity theft,” he said, or theft of the company’s QuickBooks files and other sensitive information.

IT companies should be able to offer their clients advice on educating employees about what not to click on and what to look for, he said. “The most important thing to do is look at the source of the message, whatever it may be, and determine if that person would really send you what they are saying they sent you. Common sense is the smartest tool,” said Halstead.

One of the more insidious viruses lately, according to Halstead, is the Microsoft Security virus.

“It shows up as Microsoft Security Essentials, which is an antivirus program — but it’s really a virus. And no matter what you do, you can’t uninstall it.”

According to pc1news.com, the latest version of the fake Microsoft Security Essentials infection is known as Windows Supervision Center, which is mainly distributed via unreliable and misleading websites or via Trojan horses. It’s enough to click on some of the advertisements that certain malicious sites carry, and the phony Windows Supervision Center is now hiding in your computer.

Webopedia.com reports that unlike viruses, Trojan horses do not replicate themselves, but they can be just as destructive while serving as the gateway to viruses. There are remote access Trojans, security software disabler Trojans, and those denial-of-service-attack Trojans.

Some viruses are designed to automatically load on a USB flash drive when it is plugged into a computer, which spreads it to other computers.

“The best thing to do is keep an updated antivirus and scan your flash drive whenever you put something new on it,” said Halstead.

Logical PC Solutions, which recently marked its first anniversary, provides remote service, on-site service and service at its shop on the corner of Alpine Avenue and Three Mile Road in Walker. Halstead said its target market is individuals and businesses with fewer than 25 employees that cannot afford to have a full-time IT staff.

Logical PC Solutions has a staff of just three, all of them partners: James Halstead, 30; his brother Joe Halstead, 27; and Myke Wabeke. Over the first year, they have built the client roster to about 500. Many of those are residential accounts where computers are used for work, although they do have about 25 businesses.

James Halstead said being on Alpine Avenue has been a real blessing for the business. “We’ve been very successful here.”

Recent Articles by Pete Daly

Editor's Picks

Comments powered by Disqus