1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

The malware epidemic

Who's to blame?


Updated September 15, 2004
In a two-part series appearing in USA Today, Byron Acohido and Jon Swartz take a close look at the problems of zombied computers, phishing scams, and other online perils. While the series is definitely a good read, the assumptions made in part two seem a bit narrowly focused. According to the authors, the problems - or at least, the lack of solutions - are solely the fault of the tech industry. At the risk of sounding harsh, this rebuttal examines the actions of some users and questions whether at least an equal share of responsibility shouldn't in fact be placed on the users shoulders.

Changing intent
Unlike yesteryear's viruses, worms, and Trojan that were often viewed as pranks and glory-seekers, today's malware is after our money. As the USA Today article points out, one of the last persons to feel the impact of the infection is too often the user who is infected. Meanwhile, their systems are churning out thousands of spam messages each day. Even worse, these same hijacked systems can be used to harbor additional malicious code that is then dished up to others on the Internet, or used to launch attacks against other sites. And even though they may be oblivious to it, the infected user doesn't escape harm. Much of today's malware includes keyloggers designed to surreptitiously capture credit card numbers and other sensitive information which is then silently sent to the criminal hackers.

Lack of protection
In one example, the article cites the troubles that befell Betty Carter, who purchased a new computer, signed up for high-speed Internet access, and quickly encountered difficulties. Eventually her account was blocked after her ISP pinpointed it as a source of spam. Her PC had been hijacked. The author's note, "Carty's PC could have been taken over in myriad ways. She could have been fooled into opening a virus-infected e-mail. She might have innocently surfed to a Web page bristling with contagious code. Or she may have done nothing at all."

Though the authors obviously didn't mean it as such, the last option is too often the correct one. Despite the overabundance of security information in the media, despite not being able to hold a conversation in which ‘computer' is mentioned without the accompanying virus or spyware story that inevitably follows, many users persist in a 'can't happen to me' sort of mentality. As a result, they too often don't install or update their antivirus, use firewalls, or follow any of the basic safe computing steps. Jumping onto the Internet - whether via broadband or dialup - is akin to handing the car keys to your 16-year-old without having prepared them with driver's education and supervised driving time.

Nigerian 419 schemes and phishing scams follow on the heels of the snake oil salesmen of the past. And though it too may seem harsh (remember, the truth is not always pleasant), the old adage has proven true over the years, "There's a sucker born every minute." While it can be argued that the scams are well-written and often appear legitimate (both are true), they still require a naive and willing user to take the bait. In the USA Today series, the authors cite the example of 27-year-old Heather Hall who fell for a phishing scam, believing it to be legitimate correspondence from Bank of America. Her account was later compromised.

Before following in Hall's footsteps, ask yourself the following:

  1. Does your bank routinely correspond with their customers via email?
  2. Would your bank use email to demand otherwise unannounced account changes or verifications?
  3. Can you reasonably expect your bank to shutdown your account if you refuse to act on an email they sent?

(Hint: the answers to the above should all be No. If any are Yes, it's time to get a new bank). If you still believe there's a chance the email is legitimate, call your bank (or eBay, or PayPal, or whomever the urgent sounding email claims it is from) and ask them to verify it.

Certainly no victim of infection - or even of a scam - deserve to be flogged for the mistakes that were made. But ignoring the user's active role and placing the blame squarely on others is not a solution either. One of the most common complaints this site receives is, “I don’t use antivirus software. I got a virus on my computer. How do I remove it?” It seems that even when afflicted, many users just don’t get it. It's not hype. You do need antivirus. And you do need to follow the basic steps for securing your PC.

Next page: Steps to better security

©2014 About.com. All rights reserved.