What a Hacked PC Can Be Used For 364
An anonymous reader points out that the Security Fix blog is running a feature looking at the different ways hacked/cracked computers can be abused by cyber scammers. "Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common — yet often overlooked — ways that cyber crooks can put your PC to criminal use."
Re:Hello, I'm "misguided" (Score:3, Informative)
Do you scan it offline or online? As in, do you boot from external media (which you created using an uninfected PC) to run the scan, or do you do it on the machine?
My parents machine was dumping out spam (verified with wireshark) even though AVG said it was clean and updated. I installed other AV softs, same thing. I copied softs like stinger to external media, booted a PE disk, still clean.
I finally downloaded an .iso with AV built in on my linux box, burned it, and rebooted the infected PC with it. Almost every single EXE was infected. But as far as all the security softs on that machine could tell, it was clean as a whistle.
common sense helps a lot (Score:2, Informative)
If you do these easy things you will greatly lower your risk profile:
1) Install a NAT or other hardware firewall that blocks unsolicited incoming traffic
2) Never visit the Internet except known-safe sites
2b) Pray the known-safe sites never get hijacked or have off-site ads or other content
3) Never insert a thumb drive or other media except from a trusted source. Copying your factory music CDs to an MP3 player that's never touched another machine is okay, but that's about it.
4) Make sure everyone using your computer follows these practices.
You are still vulnerable to trusted web sites that get hijacked, visitors to your house that put their infected thumb drives into your computer without asking, and other issues, but the risk is greatly reduced.
The downside is you've just sacrificed the ability to use search engines in any meaningful way, as well as the ability to click on off-site links from trustworthy sites.
Re:They don't care (Score:3, Informative)
MAC spoofing is not useful in concealing your identity online. It's generally just used to bypass filtering by MAC addresses on local networks (think wifi).
Re:Sadly, no, they don't (Score:3, Informative)
I agree, this helps to an extend. But then: Is it my business to make the damned PC secure, disable IE, and create a new user account? Or should this be the case, when I get the PC in the first place? And, btw, I twice got a PC that was infected before I actually did the first update -- it was infected within 2 minutes after having an Internet connection. If this is not a case for warranty, I do not know what is.
And when we are on it: The worst thing is the 30 day trial period of an antivirus. Ensures that your PC will be unsecure afterwards (and that the average user did not install a proper, and maybe free, AV).
Re:They don't care (Score:4, Informative)
This will only work if you're on cable, and don't use a router. And even then, I'd question it's reliability. After all...law enforcement isn't really known for being technologically savvy. Some of them are, certainly, but I wouldn't want to bet on it.
On DSL, on the other hand, you've got to send a username/password to connect.
Doesn't matter a hoot if you change your MAC address or not...the password still says who you are.
And you obviously don't know much about low level networking. If you have a WiFi router, then the only MAC address the ISP sees is the one of your router. They don't see anything on your local network. So your neighbour can tap in all they want, and your router MAC address is still the one going to the ISP.
MAC addresses stay on the local network segment.
Re:They don't care (Score:2, Informative)
Ah, time for the old mechanic joke. To summarize.
Yuppie takes his car to the mechanic. Mechanic spends 30 minutes looking over the car and then smacks it with a hammer. Car is working perfectly.
Yuppie complains about the bill. "You just whacked it with a hammer. I could have done that for free!"
Mechanic smiles knowingly. "The bill is for knowing where to hit it."
Same thing with doing computer work. Sure we're just pointing and clicking but we know where to point and what to click.
Re:They don't care (Score:3, Informative)
I quite natural assumption, don't you think?
No, not really. If I take my 1991 minivan offroading, break a bunch of stuff, and take it to my mechanic to get it fixed, I would expect my car to break AGAIN if I took the same actions AGAIN.
The very definition of insanity is to keep doing the same thing over and over again, expecting different results.