Viruses for fun and profit

I got a call last night from a local Knightdale, NC couple that had found me on the web – always nice to know that the time I put in on the site does have SOME effect!  They inquired about installing Windows XP on a desktop computer for them.  We talked about the OS install and eventually got to what had initiated the call.

It was a computer virus that had wreaked havoc on their desktop computer. Not a surpise as that is the most frequent reason that people call Lizardwebs. The issue had been going on for a while with the virus causing some casual issues, but nothing really nasty. But then it started acting up.

However, what they told me next sent shivers down even my spine.

Robert received 2 calls yesterday (Sunday April 11, 2010) from a company in Oklahoma. This certainly would be odd. The company representative said that they knew that Robert had computer issues and for x amount, they would fix it. They made absolutely no bones about it – they knew his computer was infected, they knew who he was, they had his phone number. If his computer is like most others, I suspect that they also have his bank account information and every other bit of useful information about him that he had on that computer.

And they had the (sorry for the language, but there’s no other word that will fit here) balls to call him and “offer” to “fix” the computer.

When he told me this, I immediately asked him if he had another computer available right now. I told him that he immediatley needed to change any online banking account passwords and anything else that might compromise his security. He had already changed them so it was not an issue – but a lot of people wouldn’t have the presence of mind to do that.

A certain client has asked me more than once about what is the reason for these viruses. Honestly, I have told him that “back in the good old days”, it was usually some adult site operator that would hijack a browser to send untold numbers of users to his site or one that would pay a clickthrough price for traffic.  If you can hijack 1000 browsers and get a penny a pop for a site hit, which the customer with the hijacked browser couldn’t really avoid, then it can add up.

As viruses have progressed, they have gotten far more nasty – keystroke loggers, silently sending all your keyboard activity to unknown locations, rootkits that allow an anonymous user to log into your computer and do all grades of vile things without you even knowing it. Tim had tossed out in a half-joking manner that likely the computer antivirus people are behind it.

Well, obviously someone or a group of people are behind at least some of this. Viruses are no longer just the work of some script kiddie hanging out in the basement on the family computer. In this case, it obviously IS a conspiracy: create the virus, send the virus out in the wild (your computer), steal as much info as possible, and then call them directly to extort some money to fix it.

It galls me to think that this goes on. God only knows how many people DO pay to have their computer “fixed”. I can pretty much guarantee that the “fix” does nothing but mitigate the apparent effects of the virus – and leaves all the other virus eavesdropping code in place for future misadventures on the computer. If these criminals would put half of their energy into doing something useful instead of pulling crap like this, imagine what they could accomplish. I guess it’s easy pickings though, sit on your butt and call all your victims and get money out of them to give them some false sense of security. No idea yet what money amount they actually asked for, but I bet they can make a pretty good living if they only get a handful of their victims to pay the extortion money.

There’s a bit of a turtle mentality in computer users I find. They kid themselves into thinking that it won’t happen to them – someone stealing all their data from their computer – and fail to realize the damage that can be done. These same people will freak out if they lose their credit card which frequently requires signatures and a picture ID to use. But then fail to even be mildly concerned when they have a virus that could potentially be downloading every bit of financial information about them to an unscrupulous hacker type.

I have to say that there is really no such thing as a small virus problem. It either is or it isn’t – and you’re taking your chances if you KNOW you have a virus and don’t get it fixed either by yourself or by a computer professional.

We’ll be picking up Robert’s computer this morning to wipe the disk and make a clean install of Windows XP on this machine. We will take no chances on what may be lurking underneath the hood on THIS computer.

Author: Eric Erickson

Share This Post On

Submit a Comment

Your email address will not be published.