CBCnews

Beware of malware, lawyers and elves

by Saleem Khan, CBC News Online

Have you ever wondered whether you should click on or download some new piece of software you or your friends have found on the internet? It's probably worth paying attention to that nagging voice in the back of your head.

Dave Marcus, a senior strategist at security software vendor McAfee Inc., was in Toronto on Monday, and we discussed the increasing sophistication of malware authors – the people who make things like computer viruses.

Marcus explained that as the bad guys are becoming more sophisticated and professional in their approach, they're also adopting techniques more often used in the corporate world.

"Do you know what the difference between malware and adware is?" Marcus asked rhetorically. "A lawyer – a lawyer and an end-user licence agreement."

Criminals have been known to wrap difficult-to-remove malware in an attractive software package, dressed up with all of the bells and whistles that you might expect of a legitimate piece of software, including an end-user licence agreement or EULA. Buried in the reams of text – if anyone bothered to read it instead of just clicking the "Accept" button – people might find clauses in which the user grants permission for the computer to be used for any purpose the criminal might choose.

These days, that might include a line that allows the software to use the computer to distribute spam e-mails touting any number of products.

I remember talking to a worker at a prominent computer security company nearly 10 years ago, who told me about a hilarious program that featured elves dancing onscreen as they sang a tune. People were passing the tiny piece of software around to entertain one another with the comical characters and the tune that accompanied them.

It was only after scores of people had already installed the program that the company's computer network became bogged down and they realized they had infected their machines with a piece of malware.

That was a decade ago but the capacity for criminals to exploit human social behaviour is not to be underestimated. If they can get the security experts, the rest of us should be on guard.

So exercise caution and watch out for the lawyers – and the singing and dancing elves.

Comments

  •  
  •