Coldplay: This Band May Harm Your Computer
Eh-oh! Only slightly more po-faced than Coldplay.
Coldplay. Globe-straddling stadium-filling rock gods.
Also po-faced over-sincere celebrity chuggers. In March frontman Chris Martin was slagged off by U2's Bono, who called him a dysfunctional cretin wanker. A bit harsh. Especially coming from the king of po-faced over-sincere celebrity chuggers.
Anyway, how can this worthier-than-thou band harm your computer? Well, this month security company McAfee published their latest report on "The Web’s Most Dangerous Search Terms" (PDF). The company puts thousands of popular search terms into five different search engines, and analyses how many of the resulting websites harbour viruses and other nasties.
The most dangerous categories to search for are song lyrics and free stuff. The most dangerous song lyric to search for in particular is... Viva La Vida, by Coldplay. Actually, there is a whole alternative music chart of dangerous lyrics, with Chris Martin and company at number one. Here's the full run-down, pop-pickers:
| 1. | Coldplay | Viva La Vida |
| 2. | Mariah Carey | Touch My Body |
| 3. | Sara Bareilles | Love Song |
| 4. | Lil' Wayne | Lollipop |
| 5. | The Game featuring Lil' Wayne: | My Life |
| 6. | M.I.A. | Paper Planes |
| 7. | Jordin Sparks featuring Chris Brown | No Air |
| 8. | Chris Brown | With You |
| 9. | Leona Lewis | Bleeding Love |
Although Coldplay are the most heinous, Lil' Wayne and Chris Brown both feature twice in the list. What with Coldplay's preaching, Lil' Wayne's addiction to, um, cough syrup, and Chris Brown's Rihanna-beating they're certainly a bad bunch.
How come these songs in particular are so dang radioactive? Well, we've seen before that hackers are not daft, and they didn't target these search terms by accident. They follow the news and use tools like Google Trends to find out what people are searching for, then focus their hacking efforts on servers hosting popular pages for those terms.
Incidentally, the UK's chart of most dangerous search terms includes Alistair Darling and Gordon Brown. But that's another story.
Bot That’s Another Story
There's a secret global army. A malevolent force hidden within multinational corporations, government agencies and even our own homes. The troops are well camouflaged, receiving and executing their master's commands without detection.
What is this evil legion? Well, it's millions and millions of compromised computers — some estimate up to a quarter of all PCs — which are participants in huge networks known as "botnets". What do they want from us? That one's easy: they want our money. And they make a grab for it with spam emails, credit card fraud and other scams.
It wasn't always this way. Early computer viruses were written solely to prove that their author was very clever. They were often whimsical, displaying poems or cryptic messages on the screen, but sometimes destructive — erasing the user's hard drive. For example, the Michaelangelo virus (discovered in 1991) laid dormant until the Renaissance artist's birthday on March 6, then proceeded to trash all the hapless user's files.
Photo by squacco
Hackers have matured and instead of committing pranks with no tangible benefit to themselves, have got into bed with organised crime. The paradox is that while their exploits have a financial motivation — and attract a lot more attention from law enforcement — they're actually less annoying. What would you rather have, all your data erased or lots of spam? Having said that, the internet has made them much more rampant and we must now hide behind anti-virus software, personal firewalls, spyware scanners and automatic security-hole patchers.
Anyway, back to the botnets. This is how it works: the botnet commanders, with pinky raised to their lips and one eyebrow arched, rent out infected machines by the thousand to any spammers and scammers willing to pay. The renters can then log the user's keystrokes, send out spam, hold websites to ransom and do pretty much anything else they feel like with the infected computer.
In March 2009 the BBC got in on the act and, as part of a report into the phenomenon, bought its own network of 22,000 machines from hackers in Russia and the Ukraine. The software controlling the botnet wasn't what you would expect from movie portrayals: no screens of cryptic text commands or flying through abstract 3D worlds made of circuit boards. No, it was just a slick graphical interface in the same vein as the applications you use everyday. The Beeb researchers sent out 10,000 spam emails (to their own accounts) and brought a volunteer website to its knees my sending scores of simultaneous requests — which is how hackers hold real websites to ransom.
Botnets sound like fantasy, but they're real, and aren't going anywhere fast. Which is a shame, because it's neither difficult nor expensive to protect yourself. At the moment if you patch your software, update your antivirus, and run a firewall you're pretty safe. But, like any kind of crime, when one opportuntity is closed down the crooks don't just give up and go home, sighing "it's a fair cop, guvnor." No, they find another way in. And that we do have to watch out for.
Will Strip For Food, Money, and Image Recognition
When did the web go all hallucinogenic? Every form that you have to fill in features a box with squiggly random letters, in all the colours of the rainbow, with some sort of trippy 3D fractal landscape in the background. It’s not there because web designers are fanatical about prog-rock album covers, although that may be true. It’s there to check you are human and it’s called a CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Yes, I know that’s a glaring cheat. They must have thought nobody would notice.
The inspiration for CAPTCHAs came from Alan Turing, a British mathematician who designed one of the world’s first computers and whose code-cracking genius helped bring the Second World War to an end. Now his name comes up in a technology that exasperates us with barely decipherable characters to make us prove we are homo sapiens. Disgraceful.
If we have to prove we are human to comment on a blog or get a Hotmail account, it follows that there are non-humans trying to do the same thing. Who are these anti-people? Does their existence prove that we are being visited from other worlds, or that there truly is an abominable snowman? Well, sadly not. They are just computers, known as bots, programmed by plain old humans to send us spam and litter the web with unwelcome advertising. Set up a forum or blog today and the spam-bots will find you long before any real people come along.
This evokes a bizarre scenario where, if all the humans stopped visiting the web, the computers could continue chatting amongst themselves for decades to come. If they could evolve to advertise stuff computers need like hard drives and monitors, rather than willy enlargers and Nigerian bank scams, we could have a whole new economy going on.
Anyway, that can’t happen – because computers can’t figure out CAPTCHAs. Hackers and scammers, however, aren’t known for giving up easily, and have circumvented this security idea with a great piece of lateral thinking: just use humans to decipher the fuzzy images. But who would sit at a computer all day squinting at wobbly letters? Well, either third-world workers paid a pittance or – and you can almost taste the irony here – you and me.
So how can you make people do something they hate, not just once, but over and over again? Simple. You show them a picture of an attractive lady and say she’ll take her clothes off if they solve a CAPTCHA. They do that, she takes a little something off, then you give them another CAPTCHA. And that’s exactly what a group of hackers did – they wrote a virus, detected by security firm Trend Micro in October 2007, which infected computers and enticed users, via a sequence of striptease images, to solve lots of CAPTCHAs for them – which they could then use to register email accounts and send out spam.
With clever ideas like that these hackers could go far in the world, but most employers want people with a stronger moral compass. That said, they would fit right into the banking industry. Or politics.
The catchily-named TROJ_CAPTCHAR.A virus
Categories
Archives
Subscribe
