Welcome to the SafeKids/NetFamilyNewsletter and thanks to everyone who's just subscribed! Please invite friends and colleagues to sign up and help us to help grownups stay informed about children's safe, constructive use of the Internet. Email us anytime!
October 3, 2003
Dear Subscribers:Here's our lineup for these first few days of October:
- Family Tech: Tell kids - watch out for spyware spam; What parents can do; Links for family discussion
- Web News Briefs: Huge child-porn bust in Europe; Sketchy online child porn figures; Growth surge for Europe's young surfers; 2nd teen (alleged) worm writer arrested; Aussie researcher on Net & teens; Those important patches; Profile of a spammer; MusicMatch's 99-cent songs....
- File-sharing corner: Keeping you up-to-date on an important kids/tech issue
~~~~~~~~~~Support the Newsletter!~~~~~~~~~~~~~~~~~~~
Help support Net Family News: Make a tax-deductible donation
to our free public service, via Network for Good's online fundraising system
for nonprofit organizations or our page at Amazon.com's Honor System
(Amazon takes a small percentage of each transation).
- Tell kids: Watch out for spyware spam
"Spy on anyone by sending them an email-greeting card!" the junk email told us. "Spy Software records their emails, Hotmail, Yahoo, Outlook, ACTUAL Computer Passwords, Chats, Keystrokes, Plus More..[sic] Check up on your spouse, kids, or employees. Follow this link to begin..."
The first thing that raised our eyebrows on reading this last Friday was the part about spying by sending an e-greeting. Email greeting cards (e.g., at BlueMountainArts.com or Greetings.Yahoo.com) are popular with kids, who might click on the link for fun or even try to play a prank on an unsuspecting person by sending a privacy invasion in the form of a "birthday card."
Clearswift, a UK-based email security company, noticed this spam especially too - both the e-greeting part and the sheer volume of it. The UK-based company monitors worldwide spam traffic, and the overnight increase in this particular email message seemed unprecedented to them, so they investigated further, they told us in an interview. Clearswift discovered that the link in the email, though disguised to appear US-based, actually leads to a Web site in Moscow - the real sellers of "LoverSpy," what they think is very sophisticated and invasive monitoring software.
It's exactly the kind of email to which parents need to alert their kids. Though Clearswift believes this one is indeed selling what it says it is, it points to real risks to family PCs. Just clicking on a link in an email can trigger the downloading of a worm or trojan "residing" at the Web site it links to (e.g., see CNET's report). And by downloading whatever that site says the customer can send in an e-greeting, the customer could be downloading a trojan that loads spyware (monitoring software) on his machine or even hijacks it to do any number of things. We know that malicious hackers have tricked as many as a million Net users worldwide into downloading a trojan that turned their PCs into porn distribution channels (see "How spammers distribute porn," 6/27/03).
A spam email like it "absolutely could be the vehicle for installing anything from a virus to adware," said Ted Werth, CEO of PlumChoice, a family tech support company based in Massachusetts. The LoverSpy spam "plays upon one of the biggest issues associated with viruses, in that the intent is to encourage a person to send cards to people they know. That means the resultant 'spy' software looks like it comes from someone a person trusts."
- What parents can do
"Train heavily" is the very best safeguard, PlumChoice's Ted Werth, father of four, told us. "It's like teaching kids how to deal with the real world," he said, when parents and kids talk about worms, viruses, trojans, adware, and other nasties children can download or click to. "I don't think there's any other way than to 'put the fear of God' in these kids" because - unlike us - they're fearless. They're not aware of what can happen. "Everyone clicks through those licensing agreements," Ted continued, pointing, for example, to the ones kids instantly "agree" to as they download file-sharing software. "Nobody reads them, and [the software providers] are taking advantage of that fact." Those licensing agreements usually that, in using their file-sharing software, you agree to allow "spyware" to be uploaded to your PC and to track your online activities.
"Kids know to look both ways when they cross the street because they're scared of getting hit by a car. It's the same with kids and computers," Ted explained. Sometimes it doesn't hurt for parents to get pretty graphic about the consequences of carelessness, he said. Tools like filtering or parental controls aren't nearly as effective as this kind of training. "No matter how many tools we're going to put in place, kids will do stuff." Besides, these software tools "start to look like cockpits of airplanes - very complicated," Ted said. "They're not hard to use, but they take a long time to set up and use, and parents don't have that kind of time."
Here are some tips for family PC security from Ted Werth, with a couple of ours thrown in:
- Windows people, keep your PC up to date with Microsoft patches (they're rarely perfect solutions, but better to have than not).
- Install an anti-virus program that updates weekly (McAfee, Symantec, Norton, etc.). Even if it's a friend sending an attachment, find out if it was really he who sent it - spammers and viruses can disguise themselves as your friends.
- Install a firewall (like ZoneAlarm, free for home use) - it helps keep non-email-carried code like the Blaster worm from getting into your PC ("think of your computer as a bank and the firewall as the guard at the door," Ted suggested).
- It wouldn't hurt to install software that scans cookies and other spyware (Ad- Aware is free to the home user). Adware and spyware invade your privacy and slow down your system.
- Everybody in the family should be picky about what they let in (via email, licensing agreements, chat profiles, instant messages) and register for in Web sites. Teach kids always to ask you before they download software or sign up for anything on the Web, especially if it requests personal information of any sort.
- Communicate! Sometimes it jogs parent-child communication to ask a tech- literate kid for information or tech support. It's ok if s/he explains to you how viruses, worms, and spyware get installed and how to prevent that. It's also ok to ask your kids what family Net-use rules they'd suggest; those rules will probably be a lot more fun to obey!
- For further info (or family discussion)
- Trojan spyware in the news. As if to confirm our suspicions last week, Reuters reported that "malicious Web sites are secretly slipping Trojan programs" onto people's computers - programs that can include "keystroke loggers that record everything a person types or software to erase the hard drive, among other things." Just as could be the case with the spam we mentioned above. In general, the attacks Reuters refers to "are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an email with a link to the Web page or distributing a link through instant-messaging." Tell your kids to be extremely careful about what they click to from IMs - even if they appear to be from friends, because friends' computers can be hijacked too (i.e., taken over and operated by malicious hackers).
- Unauthorized uploading. Besides the risks to a family's PC security and privacy, doing what the spyware spam above suggests - loading a program onto someone's computer without their authorization - is a felony, Reuters reported this week.
- The tech-literate mob. The geographical source of the spam - Moscow - should alert people too (though this is hard to detect by anyone but computer and email security experts like Clearswift). "Computer security specialist Erik Laykin, president of Online Security Inc., sees the criminal underworld of eastern Europe and Russia as a prime source for the worm onslaught," reported the E-Commerce Times this week.
- One person's nightmare. Andy Markley, graphic artist, "was the victim of a con artist who sent thousands of spam messages carefully crafted to appear as if they had originated from Markley's domain [Web site]," Wired News reports. "The scam almost cost Markley his business, his reputation, his Web site, and his sanity. His Internet service provider wouldn't help him," so he figured out how to track down the offending spammer, Eddy Marin, reputed to be one of the Net's most prolific spammers (see "Profile of a spammer" below for another example).
- File-sharing, IMs vulnerable. These are two of kids' favorite technologies, so it's unfortunate that worm and virus writers are increasingly exploiting them to hack into PCs, The Register reports, citing the latest Internet Security Threat Report. ZDNet agrees.
- Email Scams on the rise. "You've Got Deceit': Email Scams Grow," reports the Washington Post, doing us all the service of explaining what to look out for in other sales pitches beside the one we describe above. And with "When crooks go a-phishing, don't bite," ZDNet reports on how spammers are tricking email users to give out their personal information - another good discussion tool.
- "How spammers distribute porn," SafeKids/NetFamilyNews, 6/27/03 - our first report on how they use unsuspecting Internet users in households around the world.
Email us your family's rules and stories! Your experience helps fellow readers, when published (with your permission) in this newsletter.
* * * *
Web News Briefs
- Huge child-porn bust in Europe
German police have announced that an international investigation turned up a child pornography ring involving 26,500 suspects in 166 countries, the New York Times reports. "Some 1,500 police searched more than 500 homes throughout Germany [last week], seizing computers, videotapes, compact disks and diskettes." Some 800 people in the US were implicated as well, and the BBC cited 22 suspects in the UK, adding that the operation, dubbed "Marcy," had been going on for more than a year.
- Sketchy online child porn figures
When we found some disturbing figures about Net-circulated child porn in the South African media this week, we decided to check further. South Africa's Independent Online published a report on a talk given by Iyavar Chetty, head of that country's Film and Publication Board. He reportedly cited data from the UK's Internet Watch Foundation (IWF) showing that "an estimated 90% of all paedophile-related activities involve the Internet" and "there [are] around 1 million images of child abuse in circulation on the Internet, and the number is expanding by about 200 a day." The IWF replied quickly to our email query saying the figures "must have been given by another organisation because we don't have any idea how this information was provided." They suggested we contact Ireland's COPINE (for Combating Paedophile Information Networks in Europe) project at University College Cork.
COPINE's response was educational: "Those figures did not come from COPINE," Gemma Holland COPINE's Victim Identification Project manager replied. "There is no way of knowing how many child abuse images are in circulation, as there can be numerous copies held of the same image - as you can imagine it would be an impossible number to gauge. What is important is the number of children abused and photographed. There are a large number of children whose abuse is photographed and made publicly available on the Net (not to mention those which do not become publicly available)." Based on research COPINE has done in Internet newsgroups since 1997, Ms. Holland added, "we approximate that the number of children seen in publicly available images could be anything from 10,000 to 50,000. As for the amount of new children who appear we estimate about 6 a month. As for the 90% statistic, I've no idea where that has come from and as far as I am aware there is no evidence that would support such an assertion."
- Those increasingly important patches
PlumChoice CEO Ted Werth's passing reference in our interview to problematic Microsoft security patches made us curious about how patches get issued and why they've become increasingly important. The New York Times delivers with this week's article, "To Fix Software Flaws, Microsoft Invites Attack". Besides the increased number and sophistication of security threats (worms, viruses, links, etc.), there's the growing number of uses people have for the Internet and types of software to serve those interest. "The security flaws [the Microsoft rapid- response] team is scrambling to catch and patch are part of the larger problem with software today. The programs that people rely on for all manner of tasks ... are becoming increasingly large, complex and, all but inevitably, filled with bugs. The problem is magnified by the fact that most computers are now linked to the Internet, enabling programs to travel around the globe and mingle with other programs in unforeseen ways." There's a lot of information in this in-depth piece.
As for breaking news on Microsoft's plans to help customers protect their PCs, CNET reports a new strategy that includes "a deep partnership" with firewall providers. This makes sense to us because Microsoft's patches have only recently (since the Blaster worm) hit the mainstream media, and people haven't known to download these fixes. Here, too, is .CNET's roundup of patch problems and issues, a brand-new debate in the tech news media.
- Growth surge for Europe's young surfers
European children are the fastest growing sector of the Net's population, according to a new study cited by Reuters. "Some 13 million children under the age of 18 in eight countries surveyed [by Nielsen/NetRatings] surf the Web for school work, games, and music, a rise of some 27% over last year," Reuters reports, adding that 4 million of those kids were under 12. The countries surveyed were Britain, Germany, France, Italy, Sweden, Switzerland, Spain, and the Netherlands. The UK leads with 4.5 million children under 18 online regularly. Among their top sites are Google.com, About.com, and the Kazaa file-sharing service. The article suggested that the explanation for the pan-European growth surge was educators and politicians calling for the Internet to be added to school curricula and for high-speed Internet service to be cheaper and more accessible. Our thanks to Net-mom for bringing this report to our attention. Here's the BBC's coverage on this.
- Another teen alleged worm writer arrested
This time the teen code writer is a minor and alleged to have affected hundreds of thousands of PCs with his variant of the MSBlaster worm. No name or personal details about the teenager were provided by the Justice Department, but the Washington Post reports that the arrest occurred on the US's West Coast. Two other arrests in connection with the Blaster worm were of high school senior Jeffrey Lee Parson in Minneapolis (18 and charged as an adult) and 24-year-old Dan Dumitru Ciobanu of Romania. According to the Post, John McKay, US attorney for the Western District of Washington, said in his announcement about the latest arrest that "computer hackers need to understand that they will be pursued and held accountable for malicious activity, whether they be adults or juveniles." Here's CNET's coverage. Meanwhile, another Washington Post article reports that convicted hackers and virus writers soon will face harsher penalties. However, the new sentencing guidelines "generally will not apply to juveniles," the Post adds.
- Aussie researcher on Net's impact on teens
Studying the psychological impact of Internet use on 15-to-17-year-olds, Dr. Mubarak Ali Rahamathulla of Flinders University in South Australia had two findings cited in Australian IT this week. The first confirms what many parents probably already suspect: "Prolonged Internet use may have damaging psychological effects on introverted teenagers who [are] uncomfortable communicating with people in a one-on-one social situation." It could make them even more introverted, the professor said. He told Australian IT he is also studying teens' "attraction to using Webcams as a vehicle to push their sexual boundaries." He said there are "horrendous things going on inside teen chatrooms" right now because the age group he's studying is sexually curious and appreciating the Internet's anonymity, which allows them to "got to the extreme to get answers."
- Profile of a spammer
"Who are these guys?" the New York Times Magazine writer wanted to know, as he set out to meet and write about Richard Colbert, described by one anti-spam service as "Nonstop scam spammer, kicked off so many hosts and ISPs it's hard to count." The article is a rare look into the life and techniques of a top spammer. It answers questions many of us have, such as how these guys get our email addresses and how they actually make a living using them (the profit margin is narrowing quickly). As for the question of whether laws would make life harder for spammers like Colbert, check out a Los Angeles Times this week. It quotes the CEO of an email management firm as saying California's new anti-spam law will have about as much impact as any other such law: zero. Collectively a "range of experts" like him told the L.A. Times that the California law, "touted by state politicians as the toughest in the country, is at best a toothless, feel-good measure and at worst might spur frivolous lawsuits."
- Musicmatch's 99-cent songs
Musicmatch this week joined Apple's iTunes and BuyMusic in selling individual digital songs with what it claims to be "liberal usage rules" for downloaders, CNET reports. The rules are that "customers can play tracks on up to three PCs simultaneously and transfer them to Windows Media-supported music players. Songs can be burned to CDs, but a given playlist may be burned no more than five times," according to CNET. Musicmatch has songs from the five major labels and more than 30 independents, it says. Some 200,000 songs are available now at $.99 apiece (or $9.99 for most albums), and the company promises 300,000 more by the end of the year. For a broader picture, here's E-Commerce News on competitor iTunes and its plans to launch a Windows version of the iTunes Music Store by the end of the year (Apple has already sold 10 million songs via its Mac version). And the new legal Napster (under new ownership) is ready for a test launch, October 9, the BBC reports.
* * * *
- 'Kinder, gentler' RIAA?
That's the impression its chairman, Mitch Bainwol, gave the US Senate this week. In a hearing, he said the RIAA would "contact future defendants before they are sued and give them a chance to pay a cash settlement or argue that they have been mistakenly accused of copyright infringement," the Washington Post reports. The Post added that the Senate hearing included celebrity witnesses: rappers LL Cool J and Chuck D, "who are on opposite sides of the song-sharing debate and RIAA suits." Here's PCWorld's wrapup of the hearing.
- Dozens of settlements, 100s of amnesty takers
It looks like a great number of people didn't do much research on how little immunity the RIAA's amnesty represents. More than 800 people have submitted the affidavits required by the RIAA's amnesty program, stating they would "never again download or make copyrighted songs available to others through file- sharing programs," the Boston Globe reports (see "RIAA's amnesty offer," 9/19). As for the settlements, the Washington Post reports that 52 of the 261 lawsuits the RIAA filed last month have been settled. According to the Associated Press settlement payments "ranged from $2,500 to $7,500 each, with at least one settlement for as much as $10,000." The AP piece added: "The settlements, which do not include any admission of wrongdoing, require Internet users to destroy copies of illegally downloaded songs and agree to 'not make any public statements that are inconsistent' with the agreement."
- Litigation seems to be working
And the lawsuits are having significant impact, the San Jose Mercury News reports. "Music downloaders are fleeing the free file-swapping services in droves." The Mercury News points to Nielsen/NetRatings figures showing that "Kazaa usage has fallen 40% since the spring, when the Recording Industry Association of America began suing students who ran on-campus file-swapping networks," from 17.4 million US unique visitors in March to 10.4 million in August.
- ACLU's counterattack
The American Civil Liberties Union has a little litigation of its own. According to CNET, the ACLU could complicate the RIAA's anti-piracy process with the suit it just filed, accusing the trade association of illegally using thousands of subpoenas to unmask alleged copyright infringers. The civil liberties organization took particular exception to the RIAA's amnesty program.
- US file-sharing services: Image improvement move
P2P United, a US file-sharing services trade association (that does not include Kazaa), has announced its new code of conduct, the Washington Post reports. The code "condemns the illegal trading of copyrighted works and promises to give parents tools to limit children's use of song-swapping." In making the announcement, P2P United's members - Grokster, Morpheus, BearShare, Lime Wire, eDonkey and Blubster - said "their next software updates, due out in a few weeks, will comply with the code." Here's the BBC's coverage.
- Law enforcement targets file-sharing
Partly because of his own daughter's use of file-sharing, a New York prosecutor mounted an investigation into child porn on P2P services that "led to the indictment of 12 people for possessing and promoting child pornography," the Christian Science Monitor reports. District Attorney Tom Spota said his investigators found a lot of child porn on the file-sharing networks. "The problem is just now coming to the attention of law-enforcement officials from Wyoming to Long Island. Prosecutors are serving up indictments. Federal agents are actively working on leads and anticipating their own indictments. Earlier this month, the Senate Judiciary Committee heard testimony that the programs represent 'a major growth area' for the distribution of child porn. And grass-roots groups are clamoring for more controls, especially a requirement that file-sharing software providers obtain parental permission before minors can download," the Monitor reports. The article looks at efforts to give parents more control over file-sharing.
- Librarians support Morpheus and Grokster
In a legal brief in a "hotly contested" legal case between the RIAA and file- sharing services, the five major US library associations argued that Grokster and Streamcast (publishers of Morpheus) should not be shut down because file- sharing services have many non-copyright-infringing uses. According to CNET, the library associations' amicus brief "asks the 9th Circuit Court of Appeals to uphold the April decision by a Los Angeles judge that dismissed much of the entertainment industry's suit against the two peer-to-peer companies."
* * * *
Share with a Friend! If you find the newsletter useful, won't you tell your friends and colleagues? We would much appreciate your referral. To subscribe, they can just click here.
We are always happy to hear from potential sponsors and distribution partners as well. If you'd like to make a tax-deductible contribution or become a sponsor, please email us or send a check payable to:
Net Family News, Inc.
P.O. Box 1283
Madison, CT 06443
That does it for this week. Have a great weekend!
Anne Collier, Editor
Net Family News
HOME | newsletter | subscribe | links | supporters | about | feedback