Lurking Internet Dangers: What You Might Get Hooked With - Part 2

Overview

In the previous part of the article, we discussed threats posed by malware and external attacks on connected computers, and in the present one we'll talk about the remaining two threats that are nevertheless need to be known about, too

Threat #3: Spam, phishing and website spoofing scams

Spam is bulk, unsolicited email advertising a product, website or service. For most Internet users it is a major annoyance and many have had to change email accounts due to spam overwhelming legitimate messages.

Spam typically comes from hijacked PCs and has fake return addresses so the only effective method of complaining is to analyse the email headers (normally hidden, see the instructions for your email software on how to display these) to find the real source and to look up the details for websites mentioned. However SpamCop (www.spamcop.net) can do this automatically - you just need to copy full details (including headers) of the emails you receive. Aside from this, spam filters (which now come included with many email clients) are the best option but do risk mistaking legitimate email for spam.

Prevention is better than cure with spam - ensure that your email address is not displayed publicly on any websites since most spammers trawl these with special software to extract email addresses. If you do need to display an email address, take measures to hide it from such programs (see spam.abuse.net/userhelp/#hide or www.u.arizona.edu/~trw/spam for more details). Finally consider using an email redirection service like SpamGourmet (www.spamgourmet.com), SpamMotel (www.spammotel.com) or SneakEmail (www.sneakemail.com) - these allow you to create "alias" addresses so you can give a different address to each person (or site) that you deal with. If one starts receiving spam, not only does this let you know who the likely source is but you can shut down that alias without affecting others.

Phishing attacks are emails designed to appear like official ones from a financial institution (banks, online trading sites, Paypal) asking you to visit their website, usually for some form of security verification. However the link included does not go to the real website but to one created by the fraudster (which is designed to look as similar to the real one as possible). Entering your login and password at this site will then reveal them to the fraudster, who can then use it (or sell it to others). More details on this can be found at www.antiphishing.org. Phishing is discussed in detail in our first Security Insight article (www.agnitum.com/news/securityinsight/may2005issue.php).

Website spoofing (also called pharming) is a variation on this technique where entering the address of the website results in you being redirected to a fake one. This can be achieved by browser hijackers or spyware changing system settings or by supplying Internet Service Provider (ISP) servers with false data ("DNS spoofing") which then causes all their customers to be redirected to a false website.

To counter spamming, phishing and pharming:

Ensure your email address is not displayed publicly or at least obfuscated.
• Use a spam filter or report spam to SpamCop (hard core spammers will not take notice, but many "semi-legitimate" ones will).
• Install antispam program
• Install antiphishing / antispoofing software such as Earthlink Toolbar (www.earthlink.net/software/free/toolbar), Fraud Eliminator (www.fraudeliminator.com/download.php) or Online Armor (www.tallemu.com).

Threat #4: Tracking and Profiling

Those running websites often have a legitimate interest in their visitors - such as what browsers are being used, which countries they are coming from or what computer operating systems (Windows, Linux, OSX) they are using. In some cases this can be beneficial in that the site than then be designed to better accommodate certain groups (e.g. the increasing number of Firefox users).

However the interests of marketers and advertisers goes well beyond this - they wish to identify data like age range, interests, wealth and addresses. While a browser will not reveal such information, it is possible to derive it by collecting details on websites visited and purchases made. To tie such information together, two browser features are used - cookies and referers.

When you visit a website by clicking on a link, your browser will report to that website where you came from. This is useful to webmasters in that it can inform them of where the traffic is coming from (e.g. a mention on another site or an improved ranking in a search engine). Similarly, most websites will store a tag (called a cookie) on your system so they can identify you should you visit again.

Both features (referers and cookies) have legitimate use and cookies can be genuinely helpful in some cases (storing the contents of your cart on a shopping website, keeping you logged in on a discussion forum). Where these facilities can be most heavily abused is with advertising - many advertisements are held on separate domains (e.g. doubleclick.net, mediaplex.com) so when a browser visits these sites to download advertising, they can set (and later read) a cookie as well as identify which site you came from. Over time, they can build a profile based on a (partial) picture of the sites you visit and combine that with other personal information (like credit history).

Web bugs (small images, typically 1 pixel in size) allow marketers to obtain similar information without having an advert visible on a site. See www.eff.org/Privacy/Marketing/web_bug.html for more information.

While this is more a privacy than a security issue, it may still be worth attending to by most users. To counter profiling:

• Prevent cookies and referer data from being used except by trusted websites (Outpost's Active Content filter can block these as can other web filters like WebWasher or Proxomitron). Some browsers (e.g. Opera) allow you to prevent third-party sites from setting cookies at all.
• Periodically clear all cookies from your browser (this will require you to login again at sites so is best not done too often).
• Use an ad-filter (like Outpost's Ad plugin) to remove advertising from web pages.

Also see the Electronic Foundation "Frontier's Privacy Top 12" List at www.eff.org/Privacy/eff_privacy_top_12.php for more information.

Conclusion

The greatest dangers come from the further reaches of the Internet - "warez" pages, file-sharing networks and underground chat channels. However, these are all only one link away - even a legitimate site can be altered to include a link to hijack unprotected users - so perpetual caution is needed to keep safe. However with security comes greater control, and following the above recommendations should give a better online experience along with a more secure system.