If You Swim in the Sewer…

Tragedy brings out the both the best and the worst in people. In the wake of the tragedy at Virginia Tech sewer-dwelling vermin are registering and selling domain names related to Virginia Tech, but they aren’t the threats. The floaters these sewer-dwelling vermin are swimming with are the jerks trying to use social engineering to gain control of your computer. One such attack involves an email message that claims to have video footage of the shooter. If you are sick enough to follow the link to see the bad news you will not see the shooter, but you will get bad news. The link leads to a file designed to compromise your computer.

 

Essentially every time you hear about a tragedy there will be some piece of sewage with a computer trying to break into your computer by promising video or pictures of bad news. As always, if you go looking for bad news you will find it – it just may not be someone else’s bad news you run into.

 
If you are looking for sewer news, guess what your computer is going to get filled with?

 

 
Randy Abrams
Director of Technical Education

Author ESET Research, ESET

6 Responses to “If You Swim in the Sewer…”

  1. Sasa says:

    I am afraid not much people will read this comment. You should put BLOG Link on the main page screen. I am telling this because I like Your comments.
    And Yes, there will always be e-mails about good and nice or such as Virginia Tech tragedy news that will try to trick users, but as long as there are this way of informing and I always warn my friends to install security software and be carefull.
    Thank’s for information and keep in that direction.
    Best Regards.

  2. NOD32 Fan says:

    Not sure if your comment about being “sick enough” is a correct response to how curious people naturally are in situations like this. In a society that thrives on blood, torture and death, these types of attacks will flourish because the footage is usually available. It is up to companies like yours to prevent malware from infecting machines, not make judgements on people who visit these websites.

    As for those putting the malware up on these sites, well I would assume that we all agree that those folks are taking advantage of tragedy, and are therefore sick and dangerous. But, they are just doing this because they know we are curious, not anything else. You can hate me for being curious, or call me sick, but it is not my fault that these videos are readily available, and also not my fault that someone wants to attach malware to it.

  3. Randy Abrams says:

    OK, point taken. Perhaps silly, naive, or foolish would be a better adjective.

    The reason the people are sending the emails to trick you into visiting the web site it to steal from you. The malware they put up is almost always aimed at gaining control of your computer to send spam and/or steal personal information that can be used for identity theft and financial theft.

    I don’t hate anyone for clicking on the emails, but curiosity must be controlled at times.

    It isn’t the user’s fault that these creeps try to exploit people, however the user bears some responsibility in the secure use of their computer. All of us at all of the legitimate security companies do our level best to help protect users, however the user is the first line of defense. It’s a lot like driving. You have a myriad of security devices in a car. There are seat belts, airbags, and brakes to name a few. As a driver you are still responsible for the safe operation of your car. You can’t put on your seat belt, hit the gas and fail to steer or brake when appropriate and then blame someone else if you wreck the car and get injured.

    When you get an unsolicited email claiming to provide something of interest to you it’s time to stop and think for a minute. Does it look like it came from someone you know? If not, then why is this person sending it to you? For your benefit? I think not. If it looks like it came from someone you know the email address can be spoofed. Is the message consistent with the types of messages this person normally sends? Is there anything about the email that would make it appear that the sender actually knows you? If you look at these scams you will see that they are very generic. There is nothing specific to the recipient.

    Anti-virus is one layer of defense, just as a seat belt is one of many devices for safety. No single defense mechanism can be relied upon exclusively for safety though.

    Happy and safe computing to you!

    PS, if you want gore, stick to the mainstream media. They thrive on this stuff and are a lot safer!

    Randy

  4. NOD32 Fan says:

    I understand that security is a process, not a product. Now, take my grandmother for instance, who knows how to turn the computer on and not much else. Or, my little cousin, the most curious teenage kid ever. How is he to know that the e-mail just sent to him by a friend is not infected?

    Yes, antivirus is one layer of defense, but for most it is the only thing keeping them from completely falling apart when they surf or chech e-mail. So, although sick things exist, and folks are trying harder than ever to exploit the masses, companies like yours are in the business of keeping these animals from being successful. Keep up the good work ESET, we are all behind you and your staff on this one.

  5. Randy Abrams says:

    We’ll keep doing our best, both with NOD32 and by trying to help the average user understand how to use their computers more safely!

  6. NOD32 Fan says:

    Thanks! And, I agree with the other comment on this page, your blog should be on the front page;) As always your expertise is a breath of fresh air in a world of bloated comments and biased opinions. Cheers!

Leave a Reply

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
19 Apr 2007
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.