Safe Surfing: Part 1

Stephen Yagielowicz

Today’s Internet surfer faces a myriad variety of dangers, both obvious – and hidden. One of the worst of these dangers is the threat posed by malicious “spyware” – a broad term used to describe a software component which has been secretly installed on your computer system; either as part of a “freeware” download, or as a result of visiting a Website run by an unscrupulous Webmaster.

Spyware can take the form of a simple logging engine that monitors your surfing activity, and then reports the results to a marketer who will use the information to serve you targeted advertisements. While invasive, the end result is popups and spam targeted to your interests. Some spyware, however, can incorporate viruses, Trojan Horses, worms, and other “virtual nasties” that can corrupt your system, and install unwanted files, bookmarks, and perform other nuisances such as resetting your start page – or worse.

Some of these programs will auto-initiate dialers, and / or redirect the unsuspecting surfer to porn sites against his will. Oftentimes, the spyware programmer is doing this to defraud legitimate adult Webmaster affiliate programs (usually those which run on a pay-per-click model), using his creation to drive unwilling traffic to the sponsor.

Some of these programs are able to seek out and retrieve credit card information, user name and password combinations, and other sensitive, personal information. Registry alteration and host file manipulation are also common with such infections, and are often used to redirect surfers who type a URL into their browser’s address bar. For example, you could be heading over to your bank’s Website to do a little online banking the way you always do – except this time, when you type in “” you are sent to a site that outwardly appears to be your site, but in reality is a bogus copy, designed to lure you into revealing your account information.

A similar wave of e-mail based scams are now rampant on the Internet, attempting to lure you into chaos by pretending to be eBay, PayPal, CitiBank, or any number of other institutions. Fortunately, there are a couple of preventative measures that you can take against being drawn in by most of these fraudulent e-mail schemes.

The first, and easiest, is to not give your e-mail address to any financial institutions you deal with. Then, if you receive an e-mail from your bank or other agency, you’ll immediately know it’s bogus. Sometimes you want or need to give out your e-mail address to these organizations. If this is the case, and you’re fortunate enough to have multiple addresses, provide one exclusively for their use (not your “main” address), this way mailings to your main account can easily be flagged as bogus.

On a personal note, I face this quite often, as banks and other institutions which I do not patronize (and even those I do), send e-mail to my XBiz account; an address which I have not given them, which immediately indicates the mailing to be fraudulent…

Another simple means of avoiding being swindled by one of these schemes is available to users of Microsoft’s Outlook e-mail client, which will reveal in the status bar the true target of any e-mail embedded URL with a simple “mouseover” of the link. In other words, before clicking on that link that ‘says’ it’s going to take you to “,” place your cursor over it and look at your e-mail client’s status bar: if it says “” (and the e-mail was received on an account you gave them), then it’s likely safe to click on it. If the link says “,” but your status bar shows “” – don’t click on it!

While these simple steps can help protect you from e-mail based attacks, the problem of dealing with spyware and other malicious software is not as simple, but perhaps more vital: While these scams might be the mechanism from which the criminal hopes to obtain your money, the e-mail address he is using might have been given to him via spyware on your computer. Lavasoft’s popular Ad-aware utility will alert you to the presence of spyware and other malicious components on your system, and remove them as well.

As bad as the threat to your bank and other accounts is from malicious software, it is insignificant when compared to the threat to your liberty, which can end if the authorities find child pornography on your computer – child porn which was put there without your knowledge or consent by spyware. Stay tuned for Part 2!