Computer News No. 115  May-June 2005

From the Help Desk - Spyware and Network Scanning

      1. Recent spyware tricks
      2. Network scanning caused by trojan horse or spyware
      3. What you can do against spyware

1. Recent spyware tricks

You may have received a FAKE email with content such as the following:

"We have suspended some of your email services, to resolve the problem you should read the attached document."

The above is a fake notice from a spoofed email address.  Please note that Computer Centre does not send out emails with attached document file(s) to our users, and do not open any such attachment files as they may contain a virus or spyware.  

Users are alerted that such fake mails often use the recipients' email server name (technically, the Internet domain name) to trick the recipients into believing the messages are authentic.  The following (and many more) are examples of fake email addresses:
 
fake email address based on domain hkucc.hku.hk fake email address based on domain hkusua.hku.hk


admin@hkucc.hku.hk
support@hkucc.hku.hk
services@hkucc.hku.hk
webmaster@hkucc.hku.hk


admin@hkusua.hku.hk
support@hkusua.hku.hk
services@hkusua.hku.hk
webmaster@hkusua.hku.hk

Often these emails contain an attachment file or ask you to click a hyperlink.  DO NOT open any such attachment files or click the hyperlinks of such fake emails as this may introduce a computer virus or Trojan horse or spyware into your computer. 

2. Network scanning caused by Trojan horses or spyware

We are seeing more network scanning activities on the Hall Network.  Most of the incidents of network scanning are due to the users' computers being infected by computer viruses, Trojan horses or spyware.  The network scanning not only slows down the operation of the infected PC, it also creates so much network traffic that others cannot get on the network as they are all trying to connect to the same network equipment, and thus resulting in a sluggish network response for all hall-mates on the entire floor.

In previous help desk articles, we have cautioned our users against phishing and spyware.  A phishing site may send you a spoofed email notice telling you to go to a bogus web site and enter your password, or to download some software to fix some computer problem.  This can cause the installation of a Trojan horse or spyware in your PC. 

A trojan horse program often looks for system vulnerability in other networked PCs and infects them.  Spyware is a kind of Trojan horse implanted into your PC to steal your information, e.g. by  keystroke-logging -- it captures and logs all your keystrokes and send email reports to the attacker.  Logged information include all passwords typed on your PC, websites visited, clipboard recordings, etc.  Spyware starts to operate when your computer is booted up, and is configured to run invisibly without your knowing its existence.

3. What you can do against spyware

Just as you can report spam to SpamCop for stemming out spam, you can report phishing to the Anti-Phishing Working Group.

You can install an anti-spyware software in your PC for protection.  It works similar to an anti-virus software by scanning the memory and storage drives on your computer.  If spyware is found, it will be deleted.  Just as for anti-virus patterns, the files used for scanning spyware must be continuously updated.  Microsoft has responded to this issue by releasing the Microsoft Windows AntiSpyware.  Click here to download this free software (beta version at the time of writing).  See our FAQ for another anti-spyware.   

The following basic rules are good at all times for protecting your PC against vulnerability attack, virus, Trojan horse, spyware, spam or any other malicious software that may appear in the wild, wild Internet:

1. Perform Windows Update when it is released.  It is released roughly once a month.  You can also check for it explicitly by clicking the Windows "Start" button => "Windows Update" or configure your PC to update automatically.  This action would close known vulnerabilities which can be exploited by attackers.

2. Install Anti-virus software. You should install an anti-virus software and set it to update the virus definitions during system start-up. 

3. Install Anti-spyware software. See above. 

4. Do not open any unexpected email attachment files even from people you know because the senders' names can be spoofed.  You should first scan the attachment file or verify with the sender about the attachment before you open it.  

5. Do not give your email address to any internet subscriptions unless you know they are trustworthy sites.  Many unscrupulous merchants sell email addresses for a profit.

You can also visit our CC FAQ's on Computer Viruses to learn more about the details:

http://www.its.hku.hk/faq/virus.htm