Written October 2008
by Cliff Feldwick
Late at night when you were peacefully asleep, your computer may have been used as a zombie in the war between Russia and Georgia.
Much of the spyware out on the web now comes from quite sophisticated criminal organizations in Russia and other eastern European countries. It can track the websites you use, try to log your keystrokes and thus pick out your passwords to bank accounts and charge cards or, quite often, display bogus “warnings” that your computer has been infected (or used to visit porn sites – your choice of used bull feed) and offer to download a “cleaner” that, of course, creates much more havoc - after getting your payment. This type of threat can be quite sophisticated. Often the infections replace themselves immediately after being deleted by virus checkers, creating an endless cycle that is tough to break. And the programming has definitely been getting more refined – probably because the amount of money to be made has increased and prosecution in Russia is non-existent.
So what does this have to do with your peaceful computer? Much of this junk is spread by botnets – a term squashing together robot and network - that are infected computers that sit awaiting further instructions. Often consisting of literally thousands of computers, these “zombie networks” provide a rapid method of creating havoc. When the time comes, they can be used to spread more infections, or to launch denial-of-service attacks. Most people affected never know they are being used – the offending software was hidden in a script in a button on a website, or in a random e-mail, and was installed in what is called (in the computer industry) a “drive-by installation”.
Follow me just a little longer here. “Denial-of-service” attacks bombard a targeted server with millions of simultaneous requests, thus overwhelming and crashing it. They can be used as a way of shutting down competitors, or extorting money from targets. Particularly vulnerable are areas such as banking and communications that increasingly use the Web as their means of interaction with customers, even large commercial ones. Hence the interest of criminal organizations.
But even if you had a large or powerful enough machine (or private network) to launch such an attack, it would probably be blocked fairly rapidly by service providers that look to see where herds of messages are originating, and then shut down traffic from there because they assume its spam.
But what if you had hundreds or thousands of robot computers that could do your work for you? It spreads out the traffic, reducing the chance of blockage, and increases the number of attacking messages, thus increasing your chance of success.
Thus, if you’re trying to spread misinformation or just disrupt an enemy’s internet structure, botnets can be quite useful. In the case of the Russia-Georgia war, attacks were launched first on the official website of the Georgia president, and then on the news and information sources that the Georgian populace used to know what was really going on, knocking them offline for some days during critical periods. Trackers at the University of Toronto’s Citizen Lab noted at least six botnet attacks originating in Russia, followed by many more, smaller attacks from individuals who found instructions on how to do so on websites. Whether the initial attacks were a grass-roots effort or government sponsored will be hard to ever figure out.
So what can you do to protect yourself? At the risk of sounding like a broken record (now there’s a rapidly obsolete term), download the free spyware cleaners such as Spybot Search & Destroy or Microsoft’s Windows Defender and use them on a regular basis. Avoid similar sounding names – these are often spyware itself masquerading as helpful tools. If you’re not worried about your own system’s health, maybe you’d rather not be a part of cyberspace warfare.
SP-3 – still say No
Microsoft is now pushing the Service Pack 3 for XP (SP-3) down as an automatic update that installs without further notice, unless you turn it off. You should, and wait until all the problems are out, not just most of them.
Originally, most problems were with HP computers with AMD processors, but random problems have shown up on otherwise “vanilla” units, including computer slowing and false positives from Norton Internet Security. In one case, a client of mine saw his perfectly working install of software and internet settings on a new machine (pretty much a whole days work) hosed by the installation of SP-3.
So how do you keep this mischief off if you don’t want to otherwise fool with the settings for Automatic Update? Microsoft has posted a tool on their website that will specifically block this update (maybe, just maybe, they got a few calls). The web address for this is about a block long, so the simplest way to find it is go to Microsoft.com/downloads and type “service pack blocker toolkit” in the little search window at the top of the page. Follow their instructions.
If you really do want to install SP-3, look at Microsoft’s instructions at http://support.microsoft.com/kb/950717. It includes before and after (as in – damn, it blew up) help.
Cliff Feldwick is president of Riverside Computer Consultants and does software and network troubleshooting and data retrieval, when not watching things blow up. He can be reached at 410-880-0171 or at cliff@feldwick.com.