This was supossed to be an article about email, but a small incident with Microsoft changed my plans.
I've been talking here about things that we have to deal with everyday using the Internet. Things that, for whatever reason, are way out of control for the regular user.
Scam that can't be identified by the regular user, that can't be reported due to jurisdictions problems, spam that fills our mailboxes and we can't tell from where is coming, etc.
In spite of all that, Internet is a huge marketplace, companies want to be there because people are there. Millions spend time on the Internet all day, everyday, and companies that wouldn't have gone too far with that thousand dollars start are now making millions.
I don't complain, I think is fine to have a healthy market going on.
But the think I don't understand is why those who profit from this market don't do something to protect it. It can't be money, they have plenty, It can't be resources, they have plenty. It can't be the lack of a doable solution, they know how to do the job and if they don't I do, just ask me.
Today I had one more evidence of this attitude, this time from Microsoft itself.
I've received a message on July 20th with an offer to download an install the new Windows Live Messenger. I'm not posting the message here, besides it's in portuguese. But I can tell you that it looks a lot like a Microsoft web page. Whoever did it, took the icons and the styles from real Microsoft's web pages. This is standard procedure for this kind of traps, the message has to look like the real thing to make you fall for it.
Once again, I want to stress the fact that this people is taking the images directly from the real pages. They're not copying the files, they don't have the images stored on their own servers or a hacked one, they're just sending the messages with links to the real thing. Like these
http://ads.msn.com/ads/pronws/CIQ2055/images/5.gif
http://ads.msn.com/ads/pronws/CIQ2055/images/party_icons.jpg
http://ads.msn.com/ads/pronws/CIQ2055/pt-br/6.gif
I took these links from a fake message, as you can see, they are all files in MSN's servers. Same goes to Paypal's and eBAy's phishign messages and web sites. They're all linking to the real files.
The companies can use this to their own advantage. The best list of phishing pages and web sites is in their own logs. Every time one of these images is requested, the server's log has the information to identify where it was requested from. If the location is a web page from an adsl IP address, they have to know it's a phishing page. When they're referred from a site in China, Singapore or anywhere else and it's not an image intended to be used by affiliated sites or the address is not one of their affiliates, they have to know that it's a phishing page.
They can avoid this too, save their resources from being used by criminals or, beter yet, protect their customers at the same time, the customers that are their reason to exist, those who make the market they're profiting from.
The solution is simple, they have to serve images only when the HTTP referrer is their own web page. If it's not, they can either not serve the image or send one with a warning saying "this is not from xxx", "if you're seeing this is because this web page or message is not originally from xxx" or any other that make the user understand that he's not looking at the real thing.
Surely, the phishers will start to take the images to another place and link to them. But that's more work for them and more weak links on their chain, every image storage that we can find and shut down will turn a lot of messages and web pages useless.
Even if the phishers succeed, the companies can escalate their defenses using dynamically generated images. Something that changes with time, depending on your location, even your own profile. Anything that shows that you're connected to the right server when you see a message or use a web page.
All these simple solutions will make the criminals invest more time and resources to keep operating, it will make them more vulnerables. Is not a punishment, is a way to turn the balance of the situation. Today, it's easy to do, it's cheap, it's safe, it's affordable. If they have to invest more time, hack more sites, get more storage space, they'll be more vulnerable, they'll have more weak points on their operation, their cost/benefit ratio will turn to the red side. Hopefully, the activity won't be profitable anymore, I doubt it, but at least it will decrease. The smallest players will be out and the big ones will see their business shrink. And being a small number of them, maybe it would be affordable to pursue them.
Going back to the Micrsoft support story, this message I've received have a link to download and install the new Live(R) Messenger. Here's the link and a warning. DON'T DOWNLOAD THIS FILE UNLESS YOU KNOW WHAT YOU'RE DOING. DON'T EXECUTE THIS FILE. It's a known trojan and if you want to know about it, all the information is around the web. No need to take a risk for that, go to Grisoft's web page and look for "Trojan horse Downloader.Delf.11.AS".
http: // descolados.irishost.net / Install_Messenger.scr
The spaces were added to make you think before trying the link. If you have antivirus software (a good one) and your files are updated, you'll get the warning immediatly.
So I went to Micrsoft's support page and reported it. Also I reported to the hosting service.
Microsoft sent me this answer
Hi James,
Thank you for contacting MSN Messenger Technical Support. My name is Jonathan and I'll be glad to assist you with your concern.
Based on the information I received, I understand that you found a Trojan virus installer advertisement together with Windows Live Messenger.
Before anything else, please accept my apologies for any inconvenience that you may have experienced because of this issue. Don't worry I will do my best to try to address your concern.
With respect to this issue, I would need you to send a support request to the Windows Live Messenger technical support queue, as the resolution specialists of the said support queue are tasked to handle concerns such as the one you are currently experiencing. James, I know that going through the process of re-sending a support request would be a bit tedious on your part, but rest assured that doing so will help resolve your concern in the quickest possible time. To send a support request to the Windows Live Messenger technical support queue, please visit: http://support.live.com and click Windows Live Messenger.
In this light, I hope that I was able to help you with your concern.
Feel free to contact us through http://support.msn.com if you need further assistance. For additional help, visit http://messenger.msn.com/Help.
Thank you for contacting MSN Messenger Technical Support. Have a great day.
Sincerely,
Jonathan
MSN Messenger Technical Support
I have to recognize that they're nice people. First of all, they apologize, it doesn't matter why, they do. I hate that attitude, it seems that if you're contacting support they have to, to make you feel better. Well, it's not working. It doesn't make me feel better. I know they don't mean it, it's just part of the training, it's the procedure. They don't have to apologize for something that's not their fault. The point is they don't pay attention to the customers, they don't listen, they don't take positive action. The procedure is make you feel better and move on.
But this is just rant, the real issue is that they don't take it as their problem. As you can see, they want me to go back to the support site but this time to the specific support site for Live Messenger. They know that it "would be a bit tedious", but it will "help resolve my concern". IT'S NOT MY CONCERN!! IT SHOULD BE THEIRS!!
Here's my answer.
Jonathan
I'm not going to do anything. I don't care. It's not my problem. I was nice enough to warn you about an event that may hurt your users, even Microsoft's image. You go and deal with it, or do nothing. The solution is one phone call away from you but it's a lot easier to put the burden on me and send me to fill other web form that will send me another automated response...
Sorry, I won't do it. Microsoft has been informed of the situation and I'm taking this message as the official answer. Thousands of Microsoft users will fall on that page, probably thousands did already, and the solutions was pretty simple. In fact I'm doing it, I'll keep trying to contact the site owner, the IP owner and the domain registrar until one of them takes the page down. They won't listen to me, they don't, they didn't. However, it feels a lot more productive than wasting my time going through Microsoft's corporative support system.
Have a nice day
Meanwhile, the page is still there...
PS: I've just send another round of messages to tfisher@irishost.net, jgilmor@irishost.net and abuse@webhostplus.com
No comments:
Post a Comment