Nov. 8, 2005 at 11:00 AM ET
On the Internet, it was always possible to outsmart the phish. Just don't click on unexpected links, and you were pretty safe. But RATs? They are much smarter, and if you aren't careful, they'll probably outsmart you.
Remote access Trojans -- RATs -- are crawling all over the Internet, experts recently told me. RATs can steal your online banking passwords and let criminals move money out of your brokerage accounts. They let a criminal watch everything you are typing from half-way around the world.
How to stop RATs? There's no easy answer, the experts say, but here are the basic hints. If they sound a bit like mom's advice, they should.
1.) Don't go out in the cold without a coat.
2.) Stay away from places you know you shouldn't be.
3.) Don't eat candy from a stranger.
4.) Get your money's worth.
Now, Let me explain.
1.) Don't Go Our in the Cold without a coat
Maybe you thought it wasn't that cold out; mom knew better, and made you bundle up. After all, you couldn't see the cold viruses floating around at school. Somehow, she could.
The Internet's menaces -- particularly Trojan horse programs -- are just as invisible as cold viruses, that's why firewalls and antivirus software are a must now. If you're worried about a criminal watching data flying out of your computer, a well-tuned firewall should stop that. Windows XP now ships with a firewall turned on. Other firewall software is pretty inexpensive now, and the very vigilant can even buy small machines that act as hardware firewalls. It's a good idea to regularly make sure the kids didn't turn it off. Mom used to say you could catch a cold just running out to the car to grab a book. You can catch a RAT by turning your firewall -- or your antivirus software -- off for a few moments.
Still, no firewall or antivirus software is perfect; many Net users with updated software are infected with malicious software like RATs. So there's other advice you must follow.
2.) Stay away from places you know you shouldn't be
Rats like dark alleys; so do RATs. Pornography, file-sharing, and other murky Web sites are a major source of Trojan horses and other viruses. Innocent-looking downloads can cause a world of headaches. However tempting these sites may be, avoiding the Internet's seedy side will go a long way toward keeping your computer safe. And that means keeping the kids from downloading free software, too.
3.) Don't eat candy from a stranger
For years, unexpected e-mail has been a major source of trouble; now, unexpected greeting cards are causing trouble, too. Who can resist the offer of a cute, musical well-wish for Halloween or Thanksgiving? You can. Clicking on a greeting card invites the sender to execute a small program on your computer. It's a prime method for sneaking malicious software onto your machine. If there's a hair of doubt in your mind, call the sender to make sure it's a genuine well-wish and not a Trojan horse.
4.) Get your money's worth
Online bankers and brokers are just starting to get the message that there should be more between a criminal and your money than your pet's name. Federal regulators recently told U.S. banks that by next year, they had to go beyond a user name and a password to identify customers on their Web sites. You don't have to wait that long.
Bank of America and ING Direct are two banks rolling out measures that include additional steps, such as entering a PIN number with mouse clicks. Demand more from your bank's Web site. Ask at a branch; send an e-mail. A host of technology is available that would let you retire Fido as your password. Give your bank the idea that you'll take your money somewhere else if they don't make you feel safer.
And some old wives' tales
Unfortunately, there are some old Internet safety ideas that don't really work in this world of RATs.
Time was, savvy consumers who paid attention to their computer could sense when something was amiss, like a spyware attack. The computer would slow down, the hard drive would run continuously, the modem lights would blink.
Well, that sixth sense is less and less useful. With broadband connections, there are no blinking lights. Well-written RATs barely consume any processor space. The target computer doesn't slow down, and the hard drive won't spin out of control. So your intuition won't cut it. Without special tools, there isn't any reliable way to detect a RAT.
Many MSNBC.com readers suggested another intriguing idea that doesn't *really* work -- cutting and pasting passwords into online banking sites instead of typing them. The theory goes that since RATs that monitor keyboard keystrokes send a stream of characters you type to the bad guys, cutting and pasting the logins would mean there was nothing to steal.
That would foil some RATS, but not others, advises noted cybersleuth Richard Smith, who runs ComputerBytesMan.com. Smart RATs actually monitor every entry made in a Web page form -- those boxes used for data entry like name, address, and the like. As you might imagine, anything entered in those boxes is generally pretty juicy information for a criminal. These kind of RATs will steal even cut-and-pasted information.
Simpler RATs -- those that only capture keystrokes -- can be foiled with the cut-and-paste method, Smith said. And in fact, there was a time when he recommended it. But it's generally not worth the trouble at this point, he said.
Checking on your antivirus software is a much more productive way to spend your time. Believe it or not, millions of computer users don't have any antivirus protection at all: 17 percent of Internet users, according to a Consumers Union study published in August. That's a recipe for disaster. And it could have something to do with the fact that in the same study, about 50 percent of consumers reported suffering a spyware attack in the prior six months; and why 1 in 10 computers connected to the Net right now are infected with something, according to Webroot Software.
All of which means the next time you connect to your online bank, it'd be a good idea to check on your firewall and update your antivirus software. And while you're at it, zip up your coat. It's getting cold and dark outside.