Real World Computing
Simple, but not stupid
I consent to blackmailHow often do you read the small print before downloading and installing software or signing up for some online service? Chances are, you never do. However, security researchers at TrendLabs recently tipped me off about a sinister clause in the terms and conditions of one online service's "free" three-day trial, which might prompt you to change this habit. This particular social-engineering scam is associated with websites of the explicit, adult variety, but it could be adopted by any site that requires a membership fee on expiry of a free trial period- the adult angle merely makes it easier to get away with, thanks to the embarrassment factor that prevents most victims complaining too loudly.
What happens is that, in effect, users of the trial are exposed to a trojan, installed with their signed consent because of the blasé way they ignored the long and boring terms and conditions document. To sign up for the free trial, you first have to download and install a file from the payment management and billing service involved. Having examined this file in some detail, TrendLabs is quite clear that it's nothing more or less than "a disguised trojan", whose payload is a barrage of pop-ups requesting payment of the membership fee to the billing company after the free period expires. These pop-ups may obscure all open windows and running applications and become so frequent as to effectively render the host computer unusable until the fee is paid. Some might call this blackmail, which is in fact the word employed by TrendLabs.
But the terms and conditions spell out in some detail what would happen if this file were installed and the membership fee not paid - and users implicitly agree to this punishment by ticking the "yes" box before going ahead with the download. Here's the relevant clause from the terms and conditions of one site that employs this dubious scheme:
"If you choose to ignore the payment reminders and do not pay the membership fee, you hereby understand and acknowledge that the prompt reminders may become more frequent and that you may lose the ability to use your computer until you have submitted payment. The payment reminders will be active while your computer is online or offline."
Consider yourself warned - and start making the effort to always read terms and conditions in full.
More emerging trojan trends
My contacts at another IT security vendor, BitDefender, recently revealed another new trojan. That in itself wouldn't be particularly exciting or newsworthy, but what is is the way the snappily named Trojan.Qhost.WU does its stuff - or, more precisely, how it targets its victims. This trojan goes for the Google advertising jugular. What Qhost.WU does, in effect, is to hijack those text-based adverts that appear in your web browser when performing a Google search and replace them with a set of ads from a different provider. It still relies on the user having done the link-clicking thing or having downloaded and installed the trojan file from some website under false pretences, but once that's done things become really interesting from a security technologist's viewpoint.
Qhost.WU modifies the local Hosts file on your PC and redirects all browser requests for the .googlesyndication.com IP address to another, which serves up all the text advertising you see in the search results. This allows criminals to rent out this advertising space either under a facade of legitimacy to advertisers who are unaware they're being scammed, or to spammers who know and don't care. Many might adopt a "so what" attitude to this. I've had a couple of people react by claiming that Google can afford to lose some advertising and that in a free market why shouldn't they use the most economically sensible option. Both are flawed arguments because there's nothing either sensible or free about the criminal manipulation of your computer, diversion of your browser and substitution of the adverts you see.
