Hey, I just got an email saying I won a million dollars! *Click* Wait, what just happened to my computer?

December 3, 2009

This is usually how it starts. Some shady person sends out spam telling people they have one a million dollars or a free laptop or mp3 player with a link a form they need to fill out to claim their prize. Only you don’t win an mp3 player or laptop. You win an infected computer that is now a drone in a much larger botnet. This botnet is either for direct malicious purposes (Denial-of-Service attacks) or indirect malicious purposes (spam, phishing, etc). How do you stop this from happening to you and you becoming “that guy”? Don’t click links in email unless you’re 100% sure who it’s from and what it’s for. That’s the basic rule to remember. Secondly, make sure you have an anti-virus program that’s capable of scanning email and keeping your system protected from malicious browser exploits. Thirdly, (and this should go without being said, but I’m saying it anyways) make sure your computer (and all software) is up-to-date. Sure, there’s the occasional bug and 0-day exploit on up-to-date systems, but there’s a whole slew of exploits and things that can be done to an un-patched system. Keep your systems up-to-date and you reduce the “known” exploits from literally thousands to maybe a few.

Think about this, 80% of the world’s email is considered spam. Of that 80%, the vast majority (more than 75%) is sent using infected computers (drones). If everyone would re-think blindly clicking links in emails and on webpages (social networking sites have a history of people trying to fool users into clicking bad links) then the spammers wouldn’t have drones available to them to send spam. Interesting thought, isn’t it? Let’s stop spam by being smart internet users and denying the “bad guys” the resources they need to send out the spam.