7/7/10_anatomy_of_an_email_Hacker

The Anatomy of an E-Mail Hack
Page 1 of 3
The Anatomy of an E-Mail Hack
How Do E-Mail Viruses Spread? How Should You Protect Yourself?
By KI MAE HEUSSNER
July 7, 2010—
If only inboxes came with a warning label.
Delivery notices from the post office, messages from out-of-touch friends and headlines from seasonal
sporting events look innocent enough when they arrive in emailform.
But they all can bear malicious links ready to unleash computer-enabled chaos with just a single click.
Most of us have received the horrified e-mail: "My e-mail was hacked!!! I'm so sorry!" Some of us have
even sent one ourselves. But how exactly do e-mail viruses spread? And what should you do if one
ensnares you?
"The goal of a computer virus, really, is to self-propagate," said Aaron Higbee, chief technology officer
of the New York-based computer security firm Intrepidus Group. "You have to look at the motivation of
the people these days and, most of the time, it's money."
Written by a programmer or purchased by a criminal, an e-mail virus is a piece of computer code
transmitted via email and intended to run on any computer.
Sometimes, the code is embedded in an attachment and installed after the victim opens it up. But
increasingly, Higbee said, the code is installed when the victim clicks on a Web link and is directed to
an infected site.
Hackers Want to Turn Your Computer Into a Zombie
Once it gets its hooks into your computer, the virus can scan word documents, spreadsheets and address
books, on the prowl for other active e-mail addresses to target.
"Usually, that initial attack is just to set-up and maintain access. They just want to turn your computer
into an infected bot that just waits for instructions," Higbee said.
Without your knowledge, he said, a hacker could use your so-called "zombie computer" as part of a
greater network of machines to do their nefarious bidding.
Some hackers could sell or rent time with your computer, others might install code that logs keystrokes
and steals passwords so that when you go to your online banking site, it learns how to sign in as you to
siphon money out of your account.
http://abcnews.go.com/print?id=11101261
9/26/2010
The Anatomy of an E-Mail Hack
Page 2 of 3
For some victims, the telltale sign of a computer hijack is when the confused e-mail arrives from an
estranged ex.
But for most, Higbee said, "The bounceback [e-mails] will usually be the first clue that the computer is
infected."
First Clue of a Virus: Bounceback E-Mails From People You Didn't E-Mail
If you start seeing messages letting you know that e-mails you didn't send didn't reach their intended
recipients, it's time to start making sure your anti-virus software is installed and up-to-date, he said.
While many computer users might assume they're safe because they installed anti-virus safe once upon a
time, Higbee said that installing software once isn't necessarily enough.
"A lot of people will have something that comes with the computer that updates for 30 days or one year,
but once it expires it's no longer effective," he said. "First make sure that it's running ... and your
computer is getting the updates."
If the software has lapsed, he advised installing antivirus software from a full-service company that
offers free updates with the program. If the virus is still present after running virus removal and scanning
programs, he said you might have to reload the entire the system.
After e-mailing everyone in your address book and letting them know about the breach, he said you
should be good to go.
Sam Masiello, director of messaging security research at McAfee, said that though viruses no longer
destroy computers, they can still wreak havoc on a person's life in other ways.
E-Mail Attacks Contribute to Identity Theft
"It can cause a lot of trouble from an identity theft perspective," he said. According to the Internet Crime
Complaints Center, he said, individual fraud cases are up about 22 percent, from about 285,000 cases in
2008 to 336,000 cases in 2009. While not all of those cases are e-mail-related, he said they comprise a
substantial chunk of the total.
"There's a lot of hassle from a personal perspective," not only in terms of fraud but also in terms of the
emotional toll of unwittingly reaching out to people with whom you're no longer in contact, he said.
"If you have ex-boyfriends' and girlfriends' addresses, you could be sending malicious email to exes
[and] others you don't want to be involved with anymore," he said.
If you want to keep your computer and personal lives free of complications, experts say the most
important piece of advice is to read your electronic mail with a healthy dose of skepticism.
Keep Your Guard Up When You Read E-Mail
"What arrives in your inbox isn't really that much more secure than what arrives in your mailbox," said
Richard Wang, U.S. manager for the Burlington, Mass. security firm SophosLabs. "You should treat it
with the same sort of skepticism that you treat whatever arrives in your mailbox every day."
http://abcnews.go.com/print?id=11101261
9/26/2010
The Anatomy of an E-Mail Hack
Page 3 of 3
Some of the more prevalent e-mail viruses circulating these days are masked in messages intended to
pique your interest, he said.
One common virus is carried in an e-mail purporting to be from the U.S. Postal Service or a delivery
company alerting you to a package delivery. Another popular virus tempts victims with an e-mail
claiming to be from a job applicant.
But he warned, unless you're sure of the sender, it's best to not let down your guard, especially since it's
estimated that cybercriminals generate about 80,000 new malicious threats every day.
"One thing to remember is curiosity killed the cat," he said.
Copyright © 2010 ABC News Internet Ventures
http://abcnews.go.com/print?id=11101261
9/26/2010