Spam Sentences

A quick post about spam. Some of the most common sentenced used in spam are:

  • We are letting you try it for FREE, you just pay the shipping costs!
  • FREE Download without limits!
  • Get your Free Trial Now!
  • Take FREE exotic vacations!
  • Get Free trial bottle!

In similar news, Norton has published a list of what they consider the top 100 most dangerous web sites. I won’t copy & paste the names here because my site and newsletter will no doubt be blocked by filters everywhere. You can have a look here to get an idea of what they consider to be highly dangerous web sites.

Four Corners Episode on Security

An Australian investigative program called Four Corners will feature an episode on the scope of online crime in Australia. If you have access to this program it’ll be worth watching. They’ll go over how identity theft works, how online crooks have attacked businesses, and how unsecured wireless networks are hacked.

Monday 17th August, 8:30pm, ABC1. And a repeat on Tuesday 18th August, 11:35pm, ABC1.

ABC will also provide this program online if you have a fast internet connection, on their iView application.

Update: Part of the episode featured federal police raiding a hacker group. The hacker group has attacked a federal police network in retaliation. Interesting.

Hacking Wireless Networks

A while back I wrote about wireless network security, click here to see the article. Basically you have 4 ways to set up a wireless network (at home or at the office):

  1. No wireless security
  2. WEP
  3. WPA
  4. WPA2

No wireless security means just that, anyone can connect to it and use your internet. If you’re wondering why this is a problem have a quick read of this article.

WEP is a very old security system. It doesn’t work.

WPA and WPA2 are still good, as long as you use a long (20 character) password. Read here to learn more about WPA.

Below is a tutorial video that has step by step instructions on how to hack into a WEP protected network. The point is: it’s easy to hack into a wireless network protected with WEP. WEP doesn’t work.

Vodafone Uses Incorrect Marketing Tactics

Today I received from someone claiming to be from Vodafone (a local phone company), offering me a new phone and new plan. Fair enough, I’m a Vodafone customer and my contract’s close to renewal.

But things turned ugly when the person on the phone asked for my account password, so that he could verify he’s talking to the right person. I refused.

I explained that I received an unsolicited call, I don’t know who I’m really speaking to, and that I’m not prepared to give a random stranger my account password.

He’s probably heard this several times so he said he understands, and I could give a few other personal details instead. I refused again. Confused, he put me onto his team leader, or at least someone claiming to be his team leader – I have no way of knowing who I’m speaking to. If I had been the one to initiate the call then I know I’m speaking to the right company. If I receive a call then I don’t know. There’s a fundamental difference here.

The team leader tried to explain they need to confirm who they’re speaking to. She claimed to understand my position, but wouldn’t change her argument. I continued refusing to give my password to a random stranger just so I can hear about new phones.

So we agreed to end the conversation. I wrote Vodafone a complaint using their website, explaining the situation. I’m not sure if the complaint went through because their web page took me to an answer’s and questions page after I’d typed everything out.

It’s not completely the cold-calling people’s fault, they’re doing what they’re paid to do. It’s Vodafone’s problem that they came up with this procedure. They’re giving their customers an expectation that it’s normal for strangers to call them and ask for their passwords.

And if you haven’t worked out the problem yet, look at it this way. I now know that Vodafone customers must be used to receiving unsolicited calls and giving out their passwords. So if I call 20 random people in Australia, chances are at least one will be a Vodafone customer. I just have to say I can offer them a new phone plan if they can give me their password. Then I can call up Vodafone, confirm my identity using that password, change my mailing address, and order a new phone and ask for it to be sent to my residence. I wouldn’t actually do it this way but you get the idea. It’s called identity theft.

I’ve written about the same problem before in 2007, it seems nothing’s changed in the past 2 years.

Where Does Spam Come From?

The technology spammers use is always changing. A report released by MessageLabs in June 2009 shows that 83% of spam is currently being sent from botnets. Now let’s explain what a botnet is.

There are people out there who hack into people’s home PCs (the PCs of ordinary people like you and me). They usually write a virus to do this, or pay someone to write the virus. Then when they’ve hacked into a home PC, they add it to a list.

After a few days they can get about 500,000 home computers on their list (yes, they work very fast). So once the hacker has hundreds of thousands of computers on their list, he writes a program that can control them all at once.

Now keep in mind that most home users won’t know their PC has been hacked. Everything still looks normal.

The hacker then sells this list of PCs to a spammer. The technical word for this list of controlled PCs is called a botnet.

A spammer buys this list of hacked computers and the program that controls them all at once. He uses also buys an email list from someone else (a list with millions of people’s email addresses). He presses a button, and all of the home PCs he’s controlling start sending out spam.

Again, home users don’t know their PC is now being used to send out spam. They might notice their internet go a little slower but most people don’t have the technical skill to work out why. It just gets ignored.

The spammer then sits back, relaxes after doing his 5 minutes of work. If anyone gets caught for sending spam it’ll be the home user, not him. The home user is ignorant of what’s going on. The hacker made his money and will do it again. And the cycle repeats again after a few days.

botnet percentageSo how much spam are we talking about?

The largest botnet in operation in June 2009 is sending 74 million spam emails a day, all of this from people’s home computers. That’s a lot of spam.


What can you do?

Don’t let your own computer become part of a botnet. Use a good antivirus product, scan for malware, and fix up any problems.

Lenovo Laptops With Adware?

Some of Lenovo’s laptops have been shipped with adware installed, and it wasn’t an accident. Lenovo thought it would be a good idea if their new laptops showed popup ads to convince you buy more Lenovo products.

It’s bad form, a new computer shouldn’t be popping up ads without your consent. Lenovo generally build good quality machines but this move is ethically wrong.

Click here to see a screenshot of the ad.

Can USB Drives Carry Malware?

USB drive USB Drives are so popular these days nobody thinks much about them anymore. They come in all sizes (up to 128GB these days) and don’t really cost that much. They’re cheap enough that some people give them away.

mp3 playerSo can they spread malware such as viruses? Yes, they certainly can. On many Windows computers, when you plug in a USB drive it does a quick search and it can run programs installed on them. Microsoft calls this a feature.

But malware authors (bad hackers) know all about this and they write malware that runs as soon as the device is plugged into a computer. You won’t know it’s happened, malware can install itself quietly in the background without getting in the way of your work.

So what do you do about it?

  • Be cautious about what you plug into your computer
  • Have a good anti-virus package installed that can scan these devices for you
  • You can disable a feature in Windows that automatically runs programs on these USB drives
  • In an office environment a good system administrator can lock down this feature across the entire network

What else can plug into your USB port and carry malware?

  • USB Flash drives (also called flash drives, pen drives, thumb drives or USB sticks)
  • Digital cameras
  • MP3 players (including iPods)
  • Mobile phones (cell phones)

camera And if you’re thinking how can malware get onto a camera, I’ve seen it myself. A friend took their camera to the local shop to print some photos, then lent me the camera so I could help them with something, I detected a virus that installed itself on it from the shop.Yes, it really happens. Take care with USB devices.


One of the best things you can do to protect your PC is to perform regular backups. Nightly backups are best – that’s how almost all business operate (some businesses go one step further and do backups every hour!). But for home use this is a bit of a burden, so you should be doing weekly backups, at least.

external drive There are so many ways these days to do a backup. Some common methods are:

  • Copy your important files to a flash drive. Flash drives are so cheap these days, they’re reliable and are large enough to hold your most important documents. Backing up is just a matter of dragging your files across using something like Windows Explorer (or the equivalent in your OS)
  • Using a built-in backup program. I personally don’t like built-in backup programs, they’re often tricky to use and don’t offer enough features. But systems like Windows come with a built in backup program so you could begin by using it.
  • 3rd party backup programs – this is where you get the most value. For a modest fee you can purchase a backup program that will get the job done how you want. I prefer Acronis TrueImage Home because:
  • It backs up everything, a complete image of my PC. There won’t be anything left out, and if my hard drive dies I can restore the system exactly how it was
  • It’s simple to use
  • It has so many features that as my needs change it will be able to provide the backups I need
  • It’s not very expensive
  • Internet backups – there are now many backup systems that store your files somewhere on the internet. The idea is that if everything in your home disappears (e.g. by theft or fire), your data is somewhere on the internet and you can restore it when you have a new PC. These are great for many people. E.g.
  • Having a good backup is extremely important. There are so many things that can go wrong with computers, from hard drive crashes, theft, to malware that takes your files hostage. Having a backup is common sense, it’s a cheap simple insurance against all the things that can go wrong.

    You should also have more than one backup. Using external drives is a good option these days, they’re affordable, and you can keep one at a friend or relative’s house as added insurance.

    How not to do backups:

    • RAID (disk mirroring, or disk striping) is not a backup. It’s a form of data redundancy, there’s a fundamental difference.
    • Overwriting backups – if you only have one backup and you overwrite it every time you do another backup, there’s a brief moment where you have no backups (during the backup itself). I’ve seen it before, the computer dies half way through a backup and you’re left without a working computer and with half a backup. This is no good.
    • Relying on Windows System Restore is not good enough. There are still so many things that can go wrong and leave you without your previous files, photos, etc.

    So how do you do backups? Post your comments below. We’re also running a poll on backups.