My Bank is Full of Fail

[mynameisnotreal.livejournal.com]

I went to my bank the other day to drop off some receipts and checks. I do virus and spyware removal as a large part of my business, so whenever I see anything about that, I read it. My bank had a brochure next to the line titled "Protect Yourself From Malware". I read it and as soon as I got back to the shop I started calling people at my bank to tell them about their boo-boo.

Under the cut is the letter I sent to the third or fourth person I talked to that day. The first two insisting that I needed to give them my account number or SS number before they could help me.



Good Afternoon David,

I just got off the phone with you. I spoke to several people along the way and you are the last one I spoke with.

Now, to the point.

The flyer I picked up at y local branch this morning is entitled "Protect Yourself From Malware". Under the heading of What Can I Do To Protect My Computer, the flyer has two programs listed as protection. The second one, AdAware from www.lavasoft.com is reputable and the correct website.

The first one thought, lists the wrong address The program Spybot Search and Destroy is an excellent program and very reputable. The address you have for it though is www.spy-bot.net, a "goad" site. They mimic the real company, Safer Networking, try to make you panic into thinking your machine is infested with spyware, then lead you to other sites which will encourage you to install software which in turn INSTALLS spyware onto your system.


This is the address of the real website for Spybot Search & Destroy:

http://www.safer-networking.org/

This is the address you list in your pamphlet:

http://www.spy-bot.net

Which is associated with AlertSpy, a program which gives 'false positives' saying your system is infested with spyware, then attempts to get you to buy software which will remove the phantom software (that wasn't there in the first place) It's a sort of electronic shell game. Spyware Warrior, which we tech support people use to keep abreast of spyware lists this program as being Malware.

Looking at the code for this site, there are 1x1 pixel ads which in return links your computer to sites that install scripts/spyware on your system. This tracks your surfing and may install malicious spyware onto your computer.

Here are some websites for the security community that speak about www.spy-bot.com:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

http://www.privacydigest.com/2007/10/07/rogue+anti+spyware

Also, I wrote to the people at Safer Networking to let them know about your flyer. They are definitely the good guys in this case, not the ones you have listed.

Thank you for your time and I hope this helps out.


Simon John McNeilly

www.buggstompers.com



UPDATE: Safer Networking has been in touch with me. They wanted a copy of the pamphlet for their attorney.

Comments

[mouser.livejournal.com]

I bet the brochure was put together by a middle manager who knew how to spell virus and had a panic attack.

Either that, or a VP who had a panic attack and delegated it to the wrong person.

I bet it takes a week to remove them.

[hisamishness.livejournal.com]

those sites are just plain evil

even with specific instructions on what to look for and where to go a family friend got that crap on their system. Grrrr....

[http://users.livejournal.com/hub_/]

A week? you are optimistic. It is a bank.

[hisamishness.livejournal.com]

Faster response can probably be found if you poke them with a pointy stick made from a local "consumer adviser/advocate" on the local nightly news... Shame and Liability provide great leverage.

Tell us - what bank was it?

[bitterfun.livejournal.com]

You'd be wrong. Probably closer to a month to three months to remove it.

They'll evaluate the legitimacy, assess the cost to retract it, announce that it should be removed from the branches and then a region meeting to re-enforce the email and remind the managers to remove it from the branches.

[blkrabbitofinle.livejournal.com]

God. I read that, had flashbacks to the couple of years worth of various contract project work I've done for one of the local banks here, and cringed. I can't even laugh because it's so true it's not even funny. I would never invest money with this bank, having seen 'behind the scenes'.

[bitterfun.livejournal.com]

True, true, but it does have its advantages. I've been able to use my knowledge of banks workings to get my way and to get things done faster.

How's the tech industry in New Zealand? I've always been curious about life down there. (I'm in Seattle)

[blkrabbitofinle.livejournal.com]

Busy and growing industry, but with more work for people who are specialized in certain software or programming (Java, LotusScript, Filenet, etc) -- your average tech-monkey who can pull out a network card are a dime a dozen and it's harder to find good employment without specialist software skills.

Although to be honest I'm only passingly familiar with what's out there atm as I've been employed for four years so haven't really been searching around - but that's the trend I've seen, more and more.

[bitterfun.livejournal.com]

"your average tech-monkey who can pull out a network card are a dime a dozen"

That's true here as well. Fortunately I've made a career dealing with outsourcing companies and being tech/business liason.

[blkrabbitofinle.livejournal.com]

Yeah, that's basically what it comes down to - you have to distinguish yourself somehow. I came from your average hardware background and found a company willing to take me on at an initial low salary essentially as an apprentice. I got versed, trained and qualified in certain software and combined with a general tech background (I'm amazed at how many programmers can't do even simple maintenence on their physical PCs) it's worked out decently.

In your case it sounds like you expanded into a more management type focus, same result. So as long as you're flexible as a worker your background isn't quite so important.

Also - and I suspect this is the case most anywhere but certainly here - there's a strong element of, "It's not what you know, it's WHO you know." A lot of jobs come about by having a contact with a company to begin with, whether it's a friend working there, or previous contact with the company, etc.

[mattcaron.livejournal.com]

I'm amazed at how many programmers can't do even simple maintenence on their physical PCs

Don't even get me started... That's why I did the CE degree. I've designed small CPU's, circuits, etc. I wrote printer firmware for a couple years. Some of my code was incorporated into a commercial RTOS (we got a $5k licensing break in exchange for transferring ownership of the code, and given that it took me about a day to write, it's a heck of a bargain). I've written network drivers, USB drivers, and windows printer drivers... on beta boards which barely worked, and I got to pull out my EE knowledge to try and figure out WTF was wrong with it...

Just because I currently write PHP (which is such a piece of shit language, don't even get me started) is not the sum total of my skills.

That said, for some of the folks with whom I work, it is. That is the scary part.

[ex-deliveryboy.livejournal.com]

I wonder if they would move faster if they are advised that they are opening themselves to possible liability issues if someone installs this crap based on their recommendations.

[ateji.livejournal.com]

Send it to Consumerist.com for fun and wank?

[faerie-gift.livejournal.com]

Hehe.

A worthy suggestion. ;)

[mynameisnotreal.livejournal.com]

*I* wouldn't do this as it is my bank.

But if it just happened to fall into their laps...

[ateji.livejournal.com]

Would you be willing to scan it into a computer or send me a link if they have one on their site? XD If you are, my email is pinual at the place run by Google.

[bitterfun.livejournal.com]

As an ex-tech manager for a bank, I can say it was probably created by a PR department that did almost no consulting with a tech. There is also a chance that it was done on purpose. Any additional revenue for the bank might help their subprime situation.

[faerie-gift.livejournal.com]

It's charming to know they did next to no research at all before giving customers advice about online safety.

[blossomingfire.livejournal.com]

WTF is a bank doing giving out technical advice in the first place?

[valiskeogh.livejournal.com]

ROXOR!!!

it's always annoyed me that they dont have spybot.com...

[mynameisnotreal.livejournal.com]

Interesting stuff here:

http://spybot.com/en/spybotcom/index.html

[valiskeogh.livejournal.com]

damn... :)

[ohmyhead.livejournal.com]

Good catch!

[jokergirl.livejournal.com]

I bet the only way to get them to retract that brochure is to give that information to the media...

;)