Sunday Jan 22

Jart in the News

HostExploit Twitter

A User's Guide to Fighting Spam, Cybercrime & Badware

Attention: open in a new window. PDFPrintE-mail


October 2008 is National Cyber Security Awareness Month in the U.S. And awareness (or the lack thereof) is indeed a big issue, to judge from a recent poll of 592 security professionals by the Internet Storm Center (ISC) 's SANS (SysAdmin, Audit, Network, Security) Institute, which asked, "What activities are you having for Cyber Security Awareness Month?"

So much for us security professionals. What can the average end-user do to enhance his or her security awareness? For starters, you can go to Our "Reporting cyber crime" page lists resources for most countries. What various law enforcement agencies can offer varies from country to country and, in the U.S., from state to state.

One of the best places to start is with the Department of Homeland Security. You can report an "incident" through its U.S. Computer Emergency Readiness Team (US-CERT) here.

So what is an incident? A good but fairly general definition of an incident is the act of violating an explicit or implied security policy. This can include:

  • Hacking your PC, work/home network, or Website.
  • Denial of service (DOS). However, check with your local ISP first, which, 99 percent of the time, is responsible for service lapses.
  • Unauthorized use of a system for processing or storing data. In other words, your PC is a "zombie," i.e., it has been hijacked and become part of a botnet.
  • Changes to your system without your consent. StopBadware probably has the best description: "If a PC application acts deceptively or irreversibly," i.e., badware, malware, and/or spyware.

    Are you protected against bots?
    Check out IE's botnet video tutorial

Phishing -- the email solicitation of personal information using social engineering and spoofed Websites -- is also rampant. If you get what you think is a phishing email, forward it to This e-mail address is being protected from spambots. You need JavaScript enabled to view it . Unless it's totally benign, you will get some sort of response from them.

There are other concerns you may have or want to report or share with the community. For the very serious and real problem of illegal content and online child abuse, contact the National Center for Missing and Exploited Children.

Cyber squatters may also commandeer your companys ID or personal name, as sport celebrities like soccer stars Ronaldino and Wayne Rooney have discovered. The World Intellectual Property Organization (WIPO) can help here: It costs $1,500, but the organization does work for regular Netizens, not just the rich and famous.

There are also numerous security forums and communities that discuss hacked Webmasters, identify spyware, check fraudulent Websites, track spam, or simply instruct and inform. Some of the best include: is another good resource for keeping yourself safe on the Internet. I also use the best "freebies," like OpenDNS, where I control the content I want; and I only use Firefox for browsing with add-ons such as NoScript, anti-keyloggers, and cookie control.

Do I sound paranoid? That may be. But I also know some cyber criminal is trying to steal my personal data.


Jart Armin