ERE Information Security Auditors
Home | Site Map | Contact Us | Blog
This text is replaced by the Flash movie.
 Executive Strategies for Managing Risk
Audit Tactics for Managing Risk

Posts Tagged ‘Anti-Virus’

Buying Malware and other Self Destructive Behaviour

Tuesday, November 3rd, 2009


Last week I received a call from a lady requesting my assistance. Let’s call her Linda.  Linda’s dilemma was that she purchased online an anti-virus package (from an unknown vendor) which delivered two surprises:

  1. It did not work.
  2. It crashed her computer.  Linda was about to  have her computer restored to a working order.

We reviewed the details of her transaction and her situation and I provided Linda with the following recommendations:

  1. I found the actual vendor’s web site and contact information for Linda (nothing whatsoever to do with our business), and suggested Linda contact them directly and ask for an immediate refund.
  2. We discussed the merits of her not doing anything to her computer until the issue of the refund was handled to her satisfaction.  My reasoning was that a law enforcement agency may wish to do a forensic review of her computer.
  3. Further, based upon the outcome of the refund request, we discussed Linda contacting her local law enforcement and the FBI with regard to possible fraud.
  4. Next we discussed the merits of Linda immediately reporting this transaction to her credit card company and changing her credit card number.
  5. Finally we agreed that self destructive behavior such as dealing electronically with parties unknown is to be avoided.

A few days later Linda called me again, probably with a smile on her face.  Apparently she got a full refund from the vendor, and her credit card company replaced her credit card.   So for the time being, law enforcement is out of the loop, and Linda was off to restore her computer to its previous health.

You may be wondering how Linda, who is a resident of the USA, found my company, as was I.  After doing some surfing I found a link from her vendor, which was in Europe, to a site with a somewhat similar name as our company.  Only the company in question was apparently also in Europe, not Canada, and provided no contact information whatsoever.  So Linda did a partial name search and found our company in Canada.

My last couple of blogs have dealt with the dangers of inappropriate trust on the web and how users can protect themselves.  Just as you wouldn’t feel comfortable purchasing meat being sold from a strangers’ car, it seems reasonable to similarly not purchase anything from an unknown party on the web.

Have a secure week.

Regards, Ron Lepofsky, B.A. SC. (Mech Eng), CISSP

ERE Information Security Auditors

www.ere-security.ca

Tags: , , ,
Posted in Information Security, Internet Security | No Comments »
Home | Point in Time Audit | Doc Audit/Authorship | 7x24 Monitoring | Knowledge Transfer | ERE Differentiators | About Us | Site map | Contact Us | Blog
Copyrights © 2007-2008. All rights reserved.  Non-security resources 1|2|3|4|5|6|7|8|9

   AddThis Social Bookmark Button