| | Venice on the web
A semi-regular column Got a virus? Bet ya! Wanna lose all your data on your computer? Bet ya don't!
Virus and spyware infections are plaguing local businesses, one business owner was unknowingly running a porn server
-- John Patten, 02/19/04
-- jpatten@veniceflorida.com Got a comment? Make it here. Related:
Cheapskate's guide to a safe computer
-- Wired, 02/10/04
Spammers exploit high-speed connections
Two-thirds of unwanted messages are relayed unwittingly by PC owners who set up software incorrectly or fail to secure their machines; one Comcast user finds out for himself after Comcast shuts his access down for unknowingly sending spam
-- USA Today, 02/16/04 Local business owner is in the porn business and didn't know it
I have spent the last three weeks doing one thing: uninfecting computers. It has gotten to nightmarish proportions. Where once you were maybe likely to find a piece of spyware or a virus on one of five computers, I'm now finding the stuff on every computer I look at. I'm not kidding, I'm not exaggerating, I'm not making this up to create false fear and bogus hype: in the past four weeks, I have yet to see one computer that I have tested that didn't have something on it that could seriously mess it up.What's worse: most computer users don't have a clue that their systems might be infected, it comes as a total surprise. Business owners don't want to mess with it. Their computers work fine, just a little slow sometimes. OK. One computer I looked at recently appeared to work OK, although it was running pretty slow. The owner wanted me to tune it up. The owner, incidentally, has sworn he will kill me if I ever identify him by name in conjunction with this story, so I'm keeping his identity generic. Despite the fact that he is a good friend, I think he means it. It turns out that one of his computers was unknowingly being used as some kind of a porn dial-up server due to the presence of a hidden program called "Livesex.exe." The business owner claims that he didn't have a clue that this was on his computer, and I really have no reason to doubt him. It had gone through several users' hands in the course of the business, so there was no telling who was responsible for putting it on the computer. Even then, the user probably did it totally unwittingly -- the computer had never gone through Windows update to get the latest Microsoft patches, there was no firewall on the system and the Norton Anti-Virus was installed and updated, but it had been installed in its default mode. I'm usually pretty knowledgeable about whatever latest threats are are getting ready to brighten users' computing experiences, but Livesex.exe had me bamboozled. I'd never heard of it and initially I had no clue what this sucker was capable of doing. Turns out that it's a pretty obscure little trojan-like application that Norton Anti-Virus doesn't even recognize. I finally found some info on it in the Google discussion groups, and what I found on Google wasn't pretty. "So what's it do?" the computer owner asked. "As near as I can tell, it looks like it auto-dials on your phone line to Germany or possibly the Bahamas, gets some porn from there and then acts as a web server on your computer, serving up porn to whoever wants it from you. I think that's what it does anyway, this one is fairly unknown. It's no big deal, really, unless you actually didn't want to be visited by the FBI at some future date." | Venice MainStreet takes the challenge 
I called around to various businesses with a potentially embarrassing challenge: is your computer infected, can I look and can I write about it? I figured nobody would take me up on it. Several businesses took a pass, saying they had some kind of anti-virus software and that they were sure that they were safe. Cathy Linder at Venice MainStreet said yeah, come on down, give it a try. According to Linder, they have firewall and anti-virus software in place. But is it configured properly? Linder admitted that she didn't know. So, on Friday, February 20, at 1:00 pm, I'll be at Venice MainStreet looking to see how well protected their computers are and to teach them how to protect themselves, with full knowledge that whatever I find, I get to write about. I would imagine that if one or two folks wanted to look over my shoulder it'd be OK. If you want to watch, give Cathy a call and see if it'll be OK with her -- I haven't cleared this with her, so whatever she says goes. |
"Whaaa....?" "You and I have absolutely no idea what this program was doing. For all I know, it could have been being used to hack into other computers and then use them and yours to serve up the porn, leaving anyone checking on it with a dead-end that ends at your computer." His eyeballs rolled around a bit, no doubt calculating the damage to his business that would occur if he was ever accused of running a pornography ring from his office. "Whaaaa...?" "If you say Whaaaaa... one more time I'm going to have to slap you." "................" I think he was in shock by that point. There were some other unintelligible sounds that gurgled out of his mouth for a few seconds. Now remember, his original complaint was only that his computer was running a bit slow. He finally made a decisive call to swift action: "Well, get rid of it!!!!" Yeah, no kidding. All in all, there were over 900 spyware files, seven different viral infections PLUS the Livesex trojan on this one computer. Additionally, Livesex.exe wasn't picked up by the anti-virus software or by any spyware detection apps -- the only reason I even found it was that I using Windows to look at the list of currently running processes (which comes up at the Ctrl/Alt/Del prompt) and I wondered what the hell it was doing when I saw it running. 900+ files of spyware. Unbelievable. I've seen some bad computers before, but this one was easily the worst infected computer I have ever seen in my life. Miraculously, it booted up the whole time it was infected. It was just running a bit slow. Actually, it was still running lightning fast the whole time, it just had a lot to do -- sending out porn, sending out spam, tracking the user's use and reporting it back to a number of web sites and hackers, etc. This was one very busy little machine. Also miraculously, I was able to save the machine's files and original configuration without losing too much data while totally disinfecting it. I have no idea how -- the whole thing should have ended up as a figurative smoking pile of ashes. What I should have done was make the guy buy a new hard drive and then reprogram the computer from scratch using the new hard drive, including a full install of Norton Anti-Virus and a spyware deleter. That would have been followed by attaching the infected hard drive and disinfecting it once the infected operating system wasn't being used to drive the computer. That would have allowed for saving what could be saved on the infected hard drive in a much easier disinfection process. But noooooo, I had to do it the hard way. Who's to blame for this mess?
It's getting really nuts out there in cyberworld. Users are mad as hell about it and there's plenty of targets for their anger:  | Internet Service Providers (ISPs) like Comcast and Verizon who dole out high-speed access without successfully educating their customers; | | AOL for their proprietary software that creates yet another whole new environment for hackers to exploit; | | Users who hook up to the Internet without the benefit of proper firewalls and anti-virus applications -- not only do they allow their machines to get infected, but they then turn around and unknowingly infect others; | | High-speed and dial-up users who install firewalls and anti-virus programs but they never take the time to configure the software properly, they just install the programs in their default modes; again, not only do they allow their machines to get infected, but they then turn around and unknowingly infect others, only now they do it with the smug attitude that it couldn't possibly be their computer that is causing the problem; | | Dial-up users (56k phone modems and the like) who are under the mistaken impression that they are somehow less vulnerable than cable and DSL modems -- they're not, they are just as vulnerable to hacker and viral attacks as high-speed users; | | Spammers who climb into unprotected computers and take them over; | | Virus writers who gleefully do their damage and walk away; | | Microsoft, who somehow can never successfully communicate to users that Windows needs to be updated on a regular basis. |
John Patten is the editor and publisher of Venice Florida! dot com and had previously worked in broadcasting for over 12 years. He can also be incredibly rude at times. |
