By Coenraad De Beer
Almost everywhere you go on the Internet, you come across victims of malware, hackers, phishing attacks and e-mail scams. These victims turn up like wounded civilians at all the malware removal forums and the security divisions of community driven web sites, seeking for help and advice to recover from the damages caused by these malicious threats. It is like a war ground, claiming casualties everyday. As with any war, you suffer a lot of casualties when you allow the enemy to get past your defences and it is even worse when you have no defences at all.
An anti-malware application is just as good as its resident shield. Anything that gets past an active resident shield will seldom be detected by any anti-malware protection system. Today's generation of anti-malware packages have heuristic detection technology helping them to detect virus- or spyware-like activity without actually knowing anything about the threat. But heuristic analysis is only a secondary layer of protection, your primary line of defence against malicious software is a definition or signature file containing the details and characteristics of specific malware threats. Even firewalls and spam filters have definition files in the form of blacklists. Neglecting to keep your signature or definition files up to date is like neglecting to pay your monthly insurance premium. Your insurance company will refuse to pay out any claims because you did not maintain your insurance policy. An update a day keeps the malware at bay.
A decent anti-malware application will isolate any known malware before it enters your system, but becomes vulnerable when unknown malware enters your system undetected. It is harder for anti-malware applications to take over a system, already infected with malware, than protecting a clean system from getting infected. Anti-malware software is primarily designed to protect your system from getting infected and its secondary objective is to neutralise threats as quickly as possible before they start to spread throughout your system. I have seen how top class anti-virus systems self-destruct when they are infected with high-risk viruses that were already present on the system, before the anti-virus software was installed. It basically means that the virus infects critical components and files of the anti-virus application, the anti-virus application detects these infected files and delete them or move them to the virus vault. If the anti-virus software deletes any of its critical components, it will eventually shut down, crash or become inoperable. The only way to repair the damaged anti-virus software is to re-install it.
Installing an anti-malware application on a system already infected with malware can be troublesome. Many viruses and spyware are aggressive and kill the setup wizard of many well-known anti-virus and anti-spyware packages, preventing them from gaining control over the system. They even terminate some anti-malware scanners if they attempt to disinfect infected files or remove any threats. It is a case of taking over some territory and defending it. Malware can be programmed to do almost anything in order to retain control over your system and it is hard to get rid of stubborn and aggressive programs refusing to surrender to an anti-malware package. Viruses and spyware are normally small, operate very fast and are very flexible. They mutate all over your system, making it hard for anti-malware applications to pin them down. On Microsoft Windows systems, you can always start your computer into Safe Mode when malware refuses an anti-malware application from being installed in Normal Mode, but many anti-malware applications rely on the Windows Installer, something that is normally disabled under Safe Mode. When it comes to disinfecting an infected system, you can't expect the installer to rely on faulty, damaged, infected or disabled components of the operating system. Off course it is not possible to make the anti-malware application completely independent, but at least develop its own independent installer, with built-in malware protection. This will make it possible to run the software under Safe Mode, where many malicious programs are automatically disabled, making the job of disinfection a little easier for you and the anti-malware application.
Unfortunately there are people under the false impression that they are untouchable when they have an anti-malware application installed on their system. Any defence system will eventually fail if you continue to expose it to constant attacks. I have come across people asking for the best anti-virus protection because they have a friend or cousin using their computer to browse porn web sites, but they do not want to confront this person about it, they rather want to increase the protection on the computer. Porn sites are polluted with viruses and spyware, not viruses alone. It is because if this approach that people fail to remove spyware from their computer, because they are using the wrong tools for the job. You can't protect your system effectively against spyware, or remove spyware from your computer if you are using an anti-virus package or vice versa. You can't keep viruses from infiltrating your system by using a firewall alone. It may block a virus attempting to enter your system through a blocked port, but it will not be able to block a virus travelling through a trusted application like your browser.
Today you need protection against malware (viruses, spyware, rootkits, trojans, etc) not just viruses or spyware alone. You also need a firewall and a good spam filter. You need a browser that protects you from phishing attacks, browser hijackers and pop-up windows. Anti-malware applications are not super applications, they have their limitations and you can't expect your system to stay malware free if you constantly expose it to malware attacks from porn, illegal music and pirate software web sites. You can keep your system clean, your identity safe and prevent someone from destroying his/her life with junk like porn, by disallowing anyone (including your cousin) from using your computer for illegal and indecent activities. Who do you think is going to take the fall for illegal porn, music or pirated software? Your cousin? I don't think so, especially if YOUR computer and YOUR Internet connection were used. Even if you can prove it wasn't you, you will still be seen as an accomplice.
So what is the bottom line? Internet security is more about prevention than disinfection. The large number of single purpose disinfection tools, available for specific threats, is proof of this. Definition files are mainly for prevention and detection purposes. When a malicious program exploits vulnerabilities beyond the reach of definition files, you need a specific tool to get rid of it and often a special patch to prevent re-infection. This is why anti-malware developers have to release new versions of their software on a regular basis to stay abreast of the latest threats and vulnerabilities. Developing anti-malware applications, limited by strict standards, protocols and rules, is like arming a S.W.A.T. team with water pistols when they need to go up against a group of terrorists armed with AK47's. Malware does not play by the rules, it is time that anti-malware developers follow the same route, but without compromising the stability and performance of our computer systems.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Wednesday, April 04, 2007
Wednesday, March 28, 2007
Scammers With A Death Wish
By Coenraad De Beer
Scammers come up with the craziest ideas these days. It is hard to believe that people still fall for the ridiculous e-mail scams in circulation all over the web. It is even harder to comprehend how scammers think they are going to swindle people into believing their devious lies and unbelievable stories. Unfortunately, online scams are a harsh reality. On the one side you have innocent, uninformed victims walking into the traps of merciless con artists and on the other side you have scammers following a "shoot in the dark with a shotgun" approach to claim as many victims as possible.
Online fraud is a serious matter, but you can't help laughing at the creative, yet ridiculous ideas of online scammers. Last month I received a link exchange request from someone running a password recovery website providing a password recovery service for people who lost their e-mail account password. The only problem is that they hack e-mail accounts without confirming the real owner of the e-mail account. The other absurdity is that you can normally contact your service provider when you loose your password and don't need a password recovery service if you are the real owner of the e-mail account. Sometimes I wonder whether cyber criminals have any brain cells between their ears or whether they are simply looking for attention. It is even more absurd, even hilarious, when they are trying to scam anti-fraud activists and cyber law enforcement agencies. I know that many of these scam e-mails are sent in bulk by spam bots and the spammers never really know who receive their junk e-mails, but some scammers make it just too easy for cyber law enforcement agencies to track them down.
It is not odd for one person to receive several phishing scams on a single day, each one pretending to come from a different bank or financial institution. The best of all is the fact that these phishing scams are carbon copies of each other, the only difference in each e-mail is the logo and trading name of the financial institution. Scammers discredit their fellow scammers by sending similar e-mails on the same day to the same recipient. If I receive a phishing scam from a bank, of which I'm not even a client, I will most definitely not respond to a similar e-mail, received on the same day, using exactly the same message, even if I am a client of this institution. If everyone starts to read their e-mails more carefully and in detail, you will soon see the ordinary e-mail user being able to identify a scam just by looking at the pattern, words, techniques, formatting and writing style used by many scammers.
One of the latest schemes used by 419 scammers is the Law Enforcement Agency scam. 419 scammers seem to be less successful with their usual e-mail scams, most probably because of what I mentioned in the previous paragraph. Lottery scams, company representative scams, scams involving war victims, cancer victims, plane crash victims, you name it, have flooded our mailboxes so much that we can smell these scams a mile a way just by reading the subject line. Unfortunately you still get people who are unaware of these threats and 419 scammers usually claim victims among these people. The Law Enforcement Agency scam involves 419 scammers trying to swindle previous victims of these scams. The "agency" allegedly apprehended a group of fraudsters and recovered millions of "pounds sterling" stolen from innocent victims. (I wonder why they haven't recovered any dollars). These funds will then be disbursed to victims filing a claim with this "agency". Victims need to supply loads of personal details as well as the amount of money stolen from them. The scammers claim that the victim will not spend any money until the cheque (notice a cheque and not a secure electronic transfer) is issued to him/her. Just ask yourself, why the need to pay money to reclaim something that was lawfully yours? Do the scammers honestly believe that people will fall for a lousy scam like this? People desperate enough to get their stolen money back will most certainly walk into this trap and spend more money only to loose more money and scammers are bargaining on this. Luckily you get people who learn from their mistakes and will never make the same mistake twice, so the scammers can forget to scam vigilant people who already experienced the trauma of loosing a lot of money to empty promises from a total stranger.
Scammers from Nigeria have tried to become partners of cyber security agencies in an attempt to infiltrate and destroy anti-fraud organisations from the inside. Online scammers have become nut cases, fanatics, digital suicide bombers and kamikazes, trying every trick in the book (and some stupid tricks of their own) to reach their idiotic goals. It is just sad that they continue to claim victims with their amateurish schemes. Perhaps these scams are so amateurish that people struggle to see through them. It is a case of horribly underestimating your enemy, the worst part being unable to identify your enemy, even worse, not even realising that your are dealing with an evil opposing force.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software. Visit our Hoaxes, Spams and Scams Section and educate yourself with real life examples of online fraud.
Scammers come up with the craziest ideas these days. It is hard to believe that people still fall for the ridiculous e-mail scams in circulation all over the web. It is even harder to comprehend how scammers think they are going to swindle people into believing their devious lies and unbelievable stories. Unfortunately, online scams are a harsh reality. On the one side you have innocent, uninformed victims walking into the traps of merciless con artists and on the other side you have scammers following a "shoot in the dark with a shotgun" approach to claim as many victims as possible.
Online fraud is a serious matter, but you can't help laughing at the creative, yet ridiculous ideas of online scammers. Last month I received a link exchange request from someone running a password recovery website providing a password recovery service for people who lost their e-mail account password. The only problem is that they hack e-mail accounts without confirming the real owner of the e-mail account. The other absurdity is that you can normally contact your service provider when you loose your password and don't need a password recovery service if you are the real owner of the e-mail account. Sometimes I wonder whether cyber criminals have any brain cells between their ears or whether they are simply looking for attention. It is even more absurd, even hilarious, when they are trying to scam anti-fraud activists and cyber law enforcement agencies. I know that many of these scam e-mails are sent in bulk by spam bots and the spammers never really know who receive their junk e-mails, but some scammers make it just too easy for cyber law enforcement agencies to track them down.
It is not odd for one person to receive several phishing scams on a single day, each one pretending to come from a different bank or financial institution. The best of all is the fact that these phishing scams are carbon copies of each other, the only difference in each e-mail is the logo and trading name of the financial institution. Scammers discredit their fellow scammers by sending similar e-mails on the same day to the same recipient. If I receive a phishing scam from a bank, of which I'm not even a client, I will most definitely not respond to a similar e-mail, received on the same day, using exactly the same message, even if I am a client of this institution. If everyone starts to read their e-mails more carefully and in detail, you will soon see the ordinary e-mail user being able to identify a scam just by looking at the pattern, words, techniques, formatting and writing style used by many scammers.
One of the latest schemes used by 419 scammers is the Law Enforcement Agency scam. 419 scammers seem to be less successful with their usual e-mail scams, most probably because of what I mentioned in the previous paragraph. Lottery scams, company representative scams, scams involving war victims, cancer victims, plane crash victims, you name it, have flooded our mailboxes so much that we can smell these scams a mile a way just by reading the subject line. Unfortunately you still get people who are unaware of these threats and 419 scammers usually claim victims among these people. The Law Enforcement Agency scam involves 419 scammers trying to swindle previous victims of these scams. The "agency" allegedly apprehended a group of fraudsters and recovered millions of "pounds sterling" stolen from innocent victims. (I wonder why they haven't recovered any dollars). These funds will then be disbursed to victims filing a claim with this "agency". Victims need to supply loads of personal details as well as the amount of money stolen from them. The scammers claim that the victim will not spend any money until the cheque (notice a cheque and not a secure electronic transfer) is issued to him/her. Just ask yourself, why the need to pay money to reclaim something that was lawfully yours? Do the scammers honestly believe that people will fall for a lousy scam like this? People desperate enough to get their stolen money back will most certainly walk into this trap and spend more money only to loose more money and scammers are bargaining on this. Luckily you get people who learn from their mistakes and will never make the same mistake twice, so the scammers can forget to scam vigilant people who already experienced the trauma of loosing a lot of money to empty promises from a total stranger.
Scammers from Nigeria have tried to become partners of cyber security agencies in an attempt to infiltrate and destroy anti-fraud organisations from the inside. Online scammers have become nut cases, fanatics, digital suicide bombers and kamikazes, trying every trick in the book (and some stupid tricks of their own) to reach their idiotic goals. It is just sad that they continue to claim victims with their amateurish schemes. Perhaps these scams are so amateurish that people struggle to see through them. It is a case of horribly underestimating your enemy, the worst part being unable to identify your enemy, even worse, not even realising that your are dealing with an evil opposing force.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software. Visit our Hoaxes, Spams and Scams Section and educate yourself with real life examples of online fraud.
Thursday, March 22, 2007
Spammers Replying To E-mail You Did Not Send
By Coenraad De Beer
Spammers are always on the lookout for ways to bypass our spam filters. Lately they have been very successful at this, because many people are complaining that tons of e-mails are getting past their spam filters. Spammers are combining old techniques with new ones, making it hard for even the most advanced and best trained Bayesian spam filter to keep junk mail out of our mailboxes.
Last year I came across a poster on Yahoo! Answers asking for advice on a strange e-mail she received. According to this poster she received a reply from someone on an e-mail she never sent. She immediately thought that the spammer hacked her e-mail account, sent an e-mail to himself and then replied to it. This is not impossible, but there are easier ways to do this, without hacking an e-mail account.
E-mails are plain text documents that can be modified and manipulated with a simple text editor like Notepad. The spammer simply saves any e-mail to a file, opens it with Notepad and puts your e-mail address in the "From" field. The spammer then imports it into an e-mail client and replies to this manipulated e-mail. This is only one of many ways to manipulate an e-mail message.
Spammers normally use a technique called hash busting. Hash busting is when you add random text at the beginning or at the end of an e-mail. The text makes no sense and consists of excerpts from books, articles and news bulletins. This text randomises the size, as well as the contents of the e-mail, making it hard for spam filters to find a pattern in the e-mail to base its filtering decisions on. For instance, an e-mail consisting of an image only will normally be flagged as spam, but if someone adds random text below the image, it changes the pattern of the e-mail and the spam filter can no longer use the criteria mentioned earlier to label the e-mail as spam. There are legitimate e-mails like this and the spam filter needs additional training to know which e-mails with embedded images, containing text below the image, are spam and which ones are not.
Some spammers realised that people became suspicious of the senseless text in spam e-mails, so they started to hide the text by making the colour of the text the same as the background colour. Other spammers make the size of the text so small that it appears like a horizontal line between paragraphs or at the bottom of the e-mail. The techniques used to conceal the hash buster text are easily detectable by a good spam filter because no decent person will send someone else an e-mail with hidden text or text that cannot be seen with the naked eye. So the spammers fail more often to get their e-mails through the spam filters when they use cloaking techniques like this.
Spammers needed a way to make the hash buster text look legitimate to the user as well as the spam filter. This is when they came up with the idea of pretending to reply to an e-mail message that was never really sent to them in the first place. The spammer creates the forged e-mail with hash buster text and then replies to it. The spammer still enjoys the benefits of the hash buster text coupled with a better chance to get past any spam filter, because the e-mail appears like a legitimate reply to a previous e-mail sent by the victim. A reply to an e-mail you sent to someone else is seldom unwanted and the spam filter will therefore be less suspicious about it, unless it contains specific keywords and phrases that trigger the spam filter.
But there are more consequences for the victim than just a spam filter not being able to filter the e-mail as spam. Spammers can include anything in these fake e-mails. They can even pretend that you enquired about one of their products. Instead of spamming you with an unwanted e-mail, they pretend to send you a reply to your initial enquiry, an enquiry you never sent. Abuse departments can easily use this as an excuse not to take action against the spammer. They may argue that the spam victim did not receive an unwanted commercial e-mail, because the victim enquired about something and the accused simply replied to that enquiry. Luckily abuse departments need to prove that the original e-mail was really sent before rejecting the complaint, but we all know that very few abuse departments actually take any spam reports serious these days.
It is because of the lack of proper legislation as well as poor implementation and enforcement of existing legislation that we have to deal with waves of spam every day. We are constantly one step behind cyber criminals and our current spam filters cannot keep up with all the tricks and techniques used by spammers to force their junk down our throats. There is a widespread appeal for better filtering and alternative communication methods. There is merit in developing better spam filters, but how do you replace a communication medium like e-mail without disrupting individuals and businesses that depend on it every day to stay in contact with friends, family and clients? What's the use of taking away a communication medium if you do not take action against the individuals who abuse it? It will only be a matter of time before spammers start to abuse the system replacing e-mail. You need to take action against the root of the problem and not the infrastructure through which the problem occurs.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Spammers are always on the lookout for ways to bypass our spam filters. Lately they have been very successful at this, because many people are complaining that tons of e-mails are getting past their spam filters. Spammers are combining old techniques with new ones, making it hard for even the most advanced and best trained Bayesian spam filter to keep junk mail out of our mailboxes.
Last year I came across a poster on Yahoo! Answers asking for advice on a strange e-mail she received. According to this poster she received a reply from someone on an e-mail she never sent. She immediately thought that the spammer hacked her e-mail account, sent an e-mail to himself and then replied to it. This is not impossible, but there are easier ways to do this, without hacking an e-mail account.
E-mails are plain text documents that can be modified and manipulated with a simple text editor like Notepad. The spammer simply saves any e-mail to a file, opens it with Notepad and puts your e-mail address in the "From" field. The spammer then imports it into an e-mail client and replies to this manipulated e-mail. This is only one of many ways to manipulate an e-mail message.
Spammers normally use a technique called hash busting. Hash busting is when you add random text at the beginning or at the end of an e-mail. The text makes no sense and consists of excerpts from books, articles and news bulletins. This text randomises the size, as well as the contents of the e-mail, making it hard for spam filters to find a pattern in the e-mail to base its filtering decisions on. For instance, an e-mail consisting of an image only will normally be flagged as spam, but if someone adds random text below the image, it changes the pattern of the e-mail and the spam filter can no longer use the criteria mentioned earlier to label the e-mail as spam. There are legitimate e-mails like this and the spam filter needs additional training to know which e-mails with embedded images, containing text below the image, are spam and which ones are not.
Some spammers realised that people became suspicious of the senseless text in spam e-mails, so they started to hide the text by making the colour of the text the same as the background colour. Other spammers make the size of the text so small that it appears like a horizontal line between paragraphs or at the bottom of the e-mail. The techniques used to conceal the hash buster text are easily detectable by a good spam filter because no decent person will send someone else an e-mail with hidden text or text that cannot be seen with the naked eye. So the spammers fail more often to get their e-mails through the spam filters when they use cloaking techniques like this.
Spammers needed a way to make the hash buster text look legitimate to the user as well as the spam filter. This is when they came up with the idea of pretending to reply to an e-mail message that was never really sent to them in the first place. The spammer creates the forged e-mail with hash buster text and then replies to it. The spammer still enjoys the benefits of the hash buster text coupled with a better chance to get past any spam filter, because the e-mail appears like a legitimate reply to a previous e-mail sent by the victim. A reply to an e-mail you sent to someone else is seldom unwanted and the spam filter will therefore be less suspicious about it, unless it contains specific keywords and phrases that trigger the spam filter.
But there are more consequences for the victim than just a spam filter not being able to filter the e-mail as spam. Spammers can include anything in these fake e-mails. They can even pretend that you enquired about one of their products. Instead of spamming you with an unwanted e-mail, they pretend to send you a reply to your initial enquiry, an enquiry you never sent. Abuse departments can easily use this as an excuse not to take action against the spammer. They may argue that the spam victim did not receive an unwanted commercial e-mail, because the victim enquired about something and the accused simply replied to that enquiry. Luckily abuse departments need to prove that the original e-mail was really sent before rejecting the complaint, but we all know that very few abuse departments actually take any spam reports serious these days.
It is because of the lack of proper legislation as well as poor implementation and enforcement of existing legislation that we have to deal with waves of spam every day. We are constantly one step behind cyber criminals and our current spam filters cannot keep up with all the tricks and techniques used by spammers to force their junk down our throats. There is a widespread appeal for better filtering and alternative communication methods. There is merit in developing better spam filters, but how do you replace a communication medium like e-mail without disrupting individuals and businesses that depend on it every day to stay in contact with friends, family and clients? What's the use of taking away a communication medium if you do not take action against the individuals who abuse it? It will only be a matter of time before spammers start to abuse the system replacing e-mail. You need to take action against the root of the problem and not the infrastructure through which the problem occurs.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Thursday, March 01, 2007
United Against Cyber Crime
By Coenraad De Beer
Two heads are better than one. This is true and this is what we need to combat cyber crime effectively. There is much collaboration between organisations fighting cyber crime and it is important that these organisations work together to make the Internet a safer place for everyone. But there are still a lot of organisations that prefer to work alone and the abuse departments of well-known service providers are ignoring reports from the public and anti-cyber-crime organisations.
Why are people reluctant to report spam to the abuse departments of well-known e-mail and hosting service providers? Many people don't know that such departments exist and other are fed up with the ignorant approach of these departments towards reports from the public. What's the use of an abuse department if it doesn't do anything about the problems and abuse reported to it? But it is not only members of the public who experience these frustrations, anti-cyber-crime organisations have the same problem. These abuse departments eventually decide whether it is necessary to suspend the services of the guilty party or not, no matter how much evidence you provide to support your claim.
It revolves all around money, even the free services generate revenue for these companies. Free web site hosting normally involves adds of the hosting company displayed on the web site. Web sites involved in spamming activities bring in a lot of visitors which means the ads of the hosting company also gets exposure. Why would they want to terminate a web site that brings them a lot of revenue? This means that they are not enforcing their own terms of service, or you can even say their terms of service are only applicable to those who abuse the services without generating any revenue for the company. The problem becomes even worse when the abusing party pays for the services. Why would they want to cancel the account of a loyal client if it is going to cause revenue loss for them? What these companies don't understand is that they are making themselves less popular by being so reluctant to take action against these abusers and they will eventually only attract the criminals, effectively making them accomplices to these criminal activities. I believe most world-class companies will stare bankruptcy in the face if they terminate the accounts of all the spammers and unethical companies making use, or I should rather say, abusing their services.
Money is also the stumbling block for collaboration between cyber crime fighters. A web site owner will not want to refer visitors to a partner's web site without getting something in return. This is understandable to some extent because many anti-cyber-crime organisations provide their services free of charge and generate revenue mainly through advertisements. Without visitors they cannot make money from the ads displayed on their site. But is this enough reason to refuse a helping hand from a partner? A united force is much stronger than a divided force. The scammers love the fact that law enforcement agencies are not working together with anti-cyber-crime organisations to battle cyber crime. Spammers love it when e-mail and hosting service providers do not respond to the reports from anti-cyber-crime organisations and complaints from the public. Cyber criminals are laughing out loud at the divided force against cyber crime, battling to keep their heads above the flood of spam and scams reported to them on a daily basis.
The cyber criminals are constantly one step ahead of cyber law enforcement, it is time we turn the tides and stand united against cyber crime.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Two heads are better than one. This is true and this is what we need to combat cyber crime effectively. There is much collaboration between organisations fighting cyber crime and it is important that these organisations work together to make the Internet a safer place for everyone. But there are still a lot of organisations that prefer to work alone and the abuse departments of well-known service providers are ignoring reports from the public and anti-cyber-crime organisations.
Why are people reluctant to report spam to the abuse departments of well-known e-mail and hosting service providers? Many people don't know that such departments exist and other are fed up with the ignorant approach of these departments towards reports from the public. What's the use of an abuse department if it doesn't do anything about the problems and abuse reported to it? But it is not only members of the public who experience these frustrations, anti-cyber-crime organisations have the same problem. These abuse departments eventually decide whether it is necessary to suspend the services of the guilty party or not, no matter how much evidence you provide to support your claim.
It revolves all around money, even the free services generate revenue for these companies. Free web site hosting normally involves adds of the hosting company displayed on the web site. Web sites involved in spamming activities bring in a lot of visitors which means the ads of the hosting company also gets exposure. Why would they want to terminate a web site that brings them a lot of revenue? This means that they are not enforcing their own terms of service, or you can even say their terms of service are only applicable to those who abuse the services without generating any revenue for the company. The problem becomes even worse when the abusing party pays for the services. Why would they want to cancel the account of a loyal client if it is going to cause revenue loss for them? What these companies don't understand is that they are making themselves less popular by being so reluctant to take action against these abusers and they will eventually only attract the criminals, effectively making them accomplices to these criminal activities. I believe most world-class companies will stare bankruptcy in the face if they terminate the accounts of all the spammers and unethical companies making use, or I should rather say, abusing their services.
Money is also the stumbling block for collaboration between cyber crime fighters. A web site owner will not want to refer visitors to a partner's web site without getting something in return. This is understandable to some extent because many anti-cyber-crime organisations provide their services free of charge and generate revenue mainly through advertisements. Without visitors they cannot make money from the ads displayed on their site. But is this enough reason to refuse a helping hand from a partner? A united force is much stronger than a divided force. The scammers love the fact that law enforcement agencies are not working together with anti-cyber-crime organisations to battle cyber crime. Spammers love it when e-mail and hosting service providers do not respond to the reports from anti-cyber-crime organisations and complaints from the public. Cyber criminals are laughing out loud at the divided force against cyber crime, battling to keep their heads above the flood of spam and scams reported to them on a daily basis.
The cyber criminals are constantly one step ahead of cyber law enforcement, it is time we turn the tides and stand united against cyber crime.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Wednesday, February 21, 2007
The Mental Dysfunction Of A Hoaxer
By Coenraad De Beer
A hoax about the death of former South African president Nelson Mandela has been in circulation among South Africans since last week. This has caused waves of panic and shocked the nation. Mr. Mandela is a role model for many people, not just in South Africa, but worldwide and has always been an icon for peace, so it is understandable why so many people were shocked about this news. But was it possible to prevent the confusion caused by this hoax?
It all started with an SMS stating that Mr. Mandela was on life support systems and the media was refusing to break the news. Soon after that, the hoax started to circulate on the Internet. But like any rumour, people started to make it a bit juicier. It did not take long before the hoax transformed into the message of a deceased Mr. Mandela and the police being put on high alert. I'm not going into the details of what the hoax exactly meant and what is rumoured to occur if this was not a hoax, that is not the purpose of this article, but I would like to discuss the damaging effects of false statements like these and the frustration of dealing with this kind of spam.
The South African media immediately jumped to the conclusion that the message originated from right-wing activists who are trying to create panic among the people of South Africa. I simply don't understand what they will gain from this by creating panic among their own people, so it makes no sense to claim that these messages came from right-wing activists. By making a claim like this, the media simply confirmed what would happen if this was not a hoax, which makes them just as guilty as the hoaxers, creating even more panic.
This simply illustrates the confusion and frustration caused by hoaxes. People start to blame each other, pointing fingers and throwing stones at each other, jumping to all kinds of conclusions and I guess that this was the exact intent of the creators of this specific hoax, creating havoc and chaos. But we are missing the point if we start to blame each other for the result of a hoax. The creator or creators of a hoax should be put in a rehabilitation centre for the mentally challenged. I can see the purpose behind unsolicited commercial e-mails, because it holds financial benefits for the creator and don't get me wrong, I strongly condone any kind of spam. But I can't see any benefit for the creator of a hoax, except for the satisfaction of confusing people and causing panic. This is the sign of a psychopath who needs a straightjacket.
And what about the fools who spread these lies like zombies by forwarding the message to all their friends? They are just as psychotic as the creator, if not worse. I mean, if you get a message from a friend who are unable to verify accuracy and truthfulness of the information and you cannot verify it either, why bother sending it to other people, wasting their time? You only contribute to the problem by letting it spread like a bush fire and other people have to put out the fires afterwards.
There are tons of examples of hoaxes, chain letters and petition lists, created ages ago, but still in circulation today, because people continue to forward them, fuelling the wave of hoaxes and spam filling up our mailboxes every day. So is it possible to prevent a hoax from going this far? Of course, a little common sense and self-control against gossip can go a very long way.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.
A hoax about the death of former South African president Nelson Mandela has been in circulation among South Africans since last week. This has caused waves of panic and shocked the nation. Mr. Mandela is a role model for many people, not just in South Africa, but worldwide and has always been an icon for peace, so it is understandable why so many people were shocked about this news. But was it possible to prevent the confusion caused by this hoax?
It all started with an SMS stating that Mr. Mandela was on life support systems and the media was refusing to break the news. Soon after that, the hoax started to circulate on the Internet. But like any rumour, people started to make it a bit juicier. It did not take long before the hoax transformed into the message of a deceased Mr. Mandela and the police being put on high alert. I'm not going into the details of what the hoax exactly meant and what is rumoured to occur if this was not a hoax, that is not the purpose of this article, but I would like to discuss the damaging effects of false statements like these and the frustration of dealing with this kind of spam.
The South African media immediately jumped to the conclusion that the message originated from right-wing activists who are trying to create panic among the people of South Africa. I simply don't understand what they will gain from this by creating panic among their own people, so it makes no sense to claim that these messages came from right-wing activists. By making a claim like this, the media simply confirmed what would happen if this was not a hoax, which makes them just as guilty as the hoaxers, creating even more panic.
This simply illustrates the confusion and frustration caused by hoaxes. People start to blame each other, pointing fingers and throwing stones at each other, jumping to all kinds of conclusions and I guess that this was the exact intent of the creators of this specific hoax, creating havoc and chaos. But we are missing the point if we start to blame each other for the result of a hoax. The creator or creators of a hoax should be put in a rehabilitation centre for the mentally challenged. I can see the purpose behind unsolicited commercial e-mails, because it holds financial benefits for the creator and don't get me wrong, I strongly condone any kind of spam. But I can't see any benefit for the creator of a hoax, except for the satisfaction of confusing people and causing panic. This is the sign of a psychopath who needs a straightjacket.
And what about the fools who spread these lies like zombies by forwarding the message to all their friends? They are just as psychotic as the creator, if not worse. I mean, if you get a message from a friend who are unable to verify accuracy and truthfulness of the information and you cannot verify it either, why bother sending it to other people, wasting their time? You only contribute to the problem by letting it spread like a bush fire and other people have to put out the fires afterwards.
There are tons of examples of hoaxes, chain letters and petition lists, created ages ago, but still in circulation today, because people continue to forward them, fuelling the wave of hoaxes and spam filling up our mailboxes every day. So is it possible to prevent a hoax from going this far? Of course, a little common sense and self-control against gossip can go a very long way.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.
Subscribe to:
Posts (Atom)
