All You Need is Love

How many people know not to open an executable file attached to an email from someone they don’t know?

Go ahead, ask 10 of your friends. I don’t have any concrete research, but I bet all of them will say they won’t open such files, because their computer might get infected with some sort of bug. They are well educated to protect themselves from this sort of attack… But the trouble is, hardly any Trojan will try to infect them like that these days.

OK, next question. Visitors of which of the following websites were exposed to a Trojan infection attempt in May 2009:

a)    PokerDen.com

b)    Paul McCartney’s website

Filtering out those suspecting a trick question, I’d say most people will vote for (a). It makes sense to associate Trojan infection with more seedy websites.

But the real answer is (b). Go ahead, check it out. Visit www.paulmccartney.com – and click on News. First read Sir Paul’s words about Michal Jackson, and then on the right hand bar you’ll see the Archive. Go to May 2009 and select the headline that says ‘website security statement’.

The statement will tell you that between April 4th and 6th, the website of the famous Beatle was breached. Hackers installed a piece of malicious code that attempted to infect all visitors with a Trojan.

The advice given by the website is this:

“We recommend that all users who visited the site between the 4th to the 6th of April inclusive carry out their own computer virus checks, by using an up-to-date virus checker, to ensure that their computer has not been infected with any malicious software. Users should be vigilant and be aware that hackers may use malicious software to obtain personal information from the user's computer and may use such information to open accounts and/or purchase goods; accordingly, users should check their bank accounts and personal statements frequently.

If a user discovers that their computer has been infected or that any personal information has been compromised they should alert their credit card companies and banks immediately”.

Those of you interested in the technicalities of the breach can read about it in ScanSafe’s blog here – they were first to report the infection.

We can speak about the emerging threats and how clever the fraudsters have become, but this single bit of news seems to mark a down trend for consumer trust in Internet Security.

Paul McCartney’s website used to spread malware? Has the world gone mad?