How an online scam could cost you £875

Last week, Jacques Erasmus, the head of our research lab, worked with Microsoft and Get Safe Online to show how easy it is to break into wireless connections and user's computers.

Two real life situations have been simulated: the first, busy executive that grabs a complimentary 4GB SanDisk U3 USB flash memory stick in a coffee bar and the second being a malconfigured wi-fi connection. When the USB stick was inserted into a laptop, the trojan automatically started its payload routine. Within seconds, Jacques was receiving email from a server which forwarded every keystroke made by the unsuspecting 'executive'.

Moreover, the attacker could see every file within the PC and could steal anything he wanted. As Microsoft pointed out, if the laptop was used for business, the entire company would now be compromised - all because of one unprotected laptop.

security starts at home, and a layered approach is no longer simply desirable - it's required

In the second demo, Jacques showed how a WiFi connection with WEP can be used to attack the owner. After getting into the network, Jacques changed the router's Domain Name Server settings (as the username and password were left unchanged from the manufacturer, which is usually the case) so that the victim would be redirected to a website hosting a trojan. The trojan was then injected and the attacker had full access to the user's PC and to all of his documents.

The whole article, written by PC Advisor, is published at this link.