Monday, May 22, 2006

Something to look out for

I received an email earlier today that people should watch out for. It was a supposed alert about Ashley Flores, but as that link and this one will explain it was a hoax. This one seems to be little more than a little hoax or practical joke that got way out of hand, but there could be some real problems here.

This type of message is worded to create an uncritical emotional response. Everyone wants to help find lost children, and they can't imagine anyone sending this out unless it was true. Bad guys are using this type of message to spread emails with potentially destructive payloads and attachments. Emails with an emotional appeal have been used in the past to spread destructive virus and trojans. Today's virus's are mutating into a big business. They are now used to gather personal and financial data that is used in identity theft schemes, or they are used to set up hordes of "zombie" computers that the bad guys can use in various internet attack schemes. Don't think that just because you have the number one selling antivirus on your machine you are safe. The reality is that most virus writers and script kiddies will test their virus and trojan against the latest antivirus software they can find before they ever release it. Even if there is no virus or trojan, emails such as this can be a big problem.

The hoax we are looking at had an unused email address at Yahoo for replies. Imagine that instead of a dead address, they had included the email address of a small sheriffs department or small business. The avalanche of incoming emails could have created what is called a mail bomb. Similar emails have asked for donations or other information that could be used in identity theft schemes.

So what can you do? First, never forward an email to all the people in your address book just because you are asked to. Next, in any email sent or forwarded to you asking for help, go back to the source and ask for verification. At the minimum, do a quick check on line. A quick search using google had 4 sites at the top debunking this as a hoax. Next, check your machine with an online antivirus scan from a company different than the one you use for your resident scanner. I like Housecall and Activescan but every major antivirus company has some sort of free online scan or checkup. They might also try to sell you one of their products, which are good, but you don't need to buy one to fix the problem. Don't open any attachments. If the email was infected (or a scam) get in touch with the person that sent you the email and inform them of the problem so they can take the appropriate action.

People like to help each other when they can. The sad thing is that there are people out there that will take advantage of that helpfulness to do things that range from pulling a prank to breaking your computer and stealing your money and identity. Be cautious of junk emails.

No comments:

Post a Comment