Sponsor's Message

This move might even win the software giant a few friends amongst the usual Microsoft-knockers -- okay, I admit, that's a bit of a long-shot.

And I guess the knockers are having a field day today after it was announced that an Open Source company had produced a patch that fixes an oft-exploited problem with Internet Explorer.

Yes, although Microsoft have known about this problem for many years, they've never bothered to fix it -- and as a result, scammers have been taking advantage of the URL spoofing flaw to fleece unsuspecting Net users for almost as long.

Unfortunately, since this fix is unlikely to find its way onto the Windows Update system, those who need it most will probably never even know that it, or the vulnerability it addresses, actually exist.

And I see that the scammers who use this glaring hole are at it again in Australia, with Westpac customers *again* being the target of emails that attempt to trick them into handing over their bank account details.

Readers Say Got something to say about today's column, or want to see what others think?  Visit The Forums Have Your Say

But maybe you're wondering what these scammers do once they've got their hands on your online banking login and ID...

Well it seems that they use the transfer-money feature that many such systems offer to move large amounts of cash into the accounts of third-parties.

Yes, as reported in the headlines section of yesterday's Aardvark, some unsuspecting Australian Net users have been receiving emails (mainly out of Russia) which offer them a 10% commission on money that they allow to pass through their bank accounts.

It seems that the scammers dupe one set of unsuspecting Net users into handing over their login details by way of phony websites and that URL spoofing bug in IE -- then they contact another set of dullards who allow money to be transferred from those compromised accounts into their own.

Once the money is transferred, the recipient is then supposed to withdraw all but the commission they're supposed to "earn" and wire it off to a (usually Russian) address overseas.

It's really rather hard to believe that so many people could be so stupid isn't it? But then again, if Microsoft had fixed the URL spoofing bug then the problem would not exist -- at least not to the same magnitude.

So who's the real villain here? The idiots who hand over their banking details to a third party, the unethical fools who allow their accounts to be used for money laundering, the banks for not preemptively warning their customers about this scam, the gangs of scammers who operate the whole ruse, or Microsoft for repeatedly ignoring the spoofing problem as if it's unimportant?

Christmas and New Years Coverage
While most of my peers in the IT/Net industry will be sunning themselves on a beach somewhere for the next couple of weeks or longer, I'll still be here covering anything that looks interesting or newsworthy.

This means that if you find yourself near a browser while you're enjoying your holiday -- don't forget to drop in and see what you've missed on Aardvark.

Thanks to the kind readers who have sent me donations over the past few weeks, the rent is paid up and the phone/power bills are once again "current". That means, although there won't be any prezzies this year, at least I won't be sleeping on the side of the road. For that I would like to thank you all.

And yesterday a nice man from the Sunday program dropped by to talk about the recent events that have affected me so significantly. When I showed him the documentation and related my story He was chuffed to bits and more than a little excited by what he saw/heard. Watch out for a very interesting expose early next year.

Lighten Up
Okay, time once again for a little light-hearted lunacy from the web.

If you can't afford a Playstation or Xbox for Christmas, or perhaps the kids won't let you have a turn, then check out this game which not only has plenty of blood and gore, but is also strangely addictive.

And here's some research that dates back some 10 years but still makes very interesting reading.

If any Aardvark readers want to share an opinion on today's column or add something, you're invited to chip in and have your say in The Aardvark Forums or, if you prefer, you can contact me directly.

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!