Just as I was considering whether Google AdWords would pay for my kids’ education, I read that cyber criminals may be teaching a hard lesson to unsuspecting web surfers.

Researchers at security software developer Exploit Prevention Labs have uncovered hard evidence that cybercriminals are using Google AdWords to infect unsuspecting users with malware.

Under the guise of ads for legitimate, trusted organizations like The Better Business Bureau (see screen shot), unsuspecting users allegedly are instead redirected to malicious sites that attempt to install exploits and other malware.

Roger Thompson, Exploit Prevention Labs’ CTO, reported his findings on April 24, 2007 on his blog.

According to a press release, Exploit Prevention Labs first learned of this attack on April 10, when a user of the company’s LinkScanner Pro safe surfing software ran a Google search on the phrase “how to start a business.” The top-ranked sponsored search listing appeared to be from AllBusiness.com, a legitimate business. But the hyperlink actually led to a site that attempted to install a password-stealing keylogger on the user’s PC.

Thompson’s team discovered that, on April 2 or 3, a “known-bad organization” registered the domain name Smarttracker.org. By April 10, the organization had opened a Google AdWords account and purchased campaigns for various search terms. Although each of the ads displayed a trusted hyperlink, clicking on the link redirected the user to smarttracker.org before sending them on to their intended destination.

Google has terminated this particular offending account, according to the press release. This does highlight the issue of how to determine the legitimacy of any individual advertiser, and how to determine whether a redirected link is being used legitimately.

Of course, Exploit Prevention Labs says its LinkScanner family of safe surfing software
“provides complete, real-time protection against malicious web sites, exploits, phishing, and other social engineering attacks.”

Can they help me make money safely with Google AdWords?

Preparation for a major crisis is an important subject area for many communicators. I recently wrote a post on this topic on the main blog of the International Association of Business Communicators. Judy Gombita, who has finally joined the blogosphere as a blogger, alerted me to a great report published by The Conference Board of Canada about lessons from Hurricane Katrina: Tough Times in the Big Easy: Lessons From a Catastrophe. Registration is required, but is free.

 Thanks Judy, and congratulations; I’ll be reading your posts!

My latest podcast is a discussion about WordPress and the Install4Free Team that will help individuals (not businesses) install a WordPress blog without charge. This CommaKazi Speek blog was installed by a team member (not the one who I interviewed).

Here is a link to Show 5.

One of the interesting ideas floated in the discussion is how companies are using WordPress as a content management system (CMS), saving tens of thousands of dollars.

As I mentioned some time ago here, I’ve moved to a new WordPress blog, and started a podcast. I don’t plan on visiting the old neighborhood often, but a couple of things have made me a little notalgic, and so I came back.

The first thing was my trip last weekend to the West Ridge (Chicago) neighborhood where I spent most of my life, before moving to the suburbs. Driving along familiar roads brought back some happy memories.

The second thing was some emails from high school classmates. It’s been 30 years, and our school is scheduled to close, so classmates have been writing about the “good old days.”

It’s nice to remember the past, but I try hard to stay in the present.

I haven’t seen any commentary from bloggers regarding the article that appeared in Tuesday’s New York Times regarding the Wal-Mart IT employee who illicitly taped a NYT reporter’s call.

Maybe we are too information/opinion-saturated to react to something like this; particularly when it doesn’t seem to affect us. That’s why I think that we’re frogs in a pot.

If you’re unfamiliar with that analogy, it refers to the theory that a frog is easier to cook in a pot with cool water that is slowly, imperceptibly warmed. Put a frog in a pot of boiling water, and it will try to escape. Slowly heat the water, and the frog doesn’t notice until it is too late.

At the same time that professional communicators are pushing companies to embrace newer communication tools and technologies that increase collaboration and information-sharing, company management–led by Information Technology–is tightening controls over the access to, and dissemination of, information. They are “turning up the heat” within their companies, to make the connection to the frog analogy.

In the case of the Wal-Mart employee and the NYT reporter, the eavesdropping seems to have been unapproved by management, and the offending IT employee was sacked.  Here is the lead of the NY Times article:

Federal investigators are looking into the actions of a computer systems technician at Wal-Mart Stores who, over a period of several months, intercepted pager and text messages and also secretly taped telephone conversations between Wal-Mart employees and a reporter for The New York Times, the company said yesterday.

The IT employee was using security software offered by a software vendor. While he overstepped his authority, the point is that he probably heard about the monitoring option from the security software vendor during a sales pitch.

I can relate. Someone in IT management recently told me to be careful about the information I shared about the company in blog posts. That person showed me one of my posts, where I had shared some non-confidential facts about the company. He had obtained the link to my blog post from a security software vendor who was trying to sell a product. The pitch was, “Look at the information about your company that is available on the Internet.”

It’s not only the information shared on blogs that is getting IT scrutiny. IT knows (or can easily find out) what websites we view (blocking those that don’t meet some internal business standard), where we send emails, and when we inserted or removed portable media such as thumbdrives.  They can even “take over” your PC–as my company’s IT “help desk” does when I call with an issue. It’s not a far step, technologically speaking, to “eavesdrop” on employees.

Of course we scream when it happens. At first. Over time, with other things grabbing our attention, we don’t notice, or don’t react as strongly. Like frogs in a pot. 

Although my second podcast posted on Friday, I didn’t get the chance to mention it until now. I’ve spent the better part of the weekend finishing several house projects. Time to take a break and pass along information about CommaKazi Speek Show 2.

I spend about 15 minutes with Grant Rowson, CGA, manager of Technology Solutions at BDO Business Technology Solutions, Inc., Thunder Bay Ontario Canada. We discuss the need to balance security, productivity and the desire of employees to seek information on the Internet. I recently wrote a blog post about my experience with blocked web sites at my employer.

I hope the podcast generates some discussion here.

When I and my fellow employees in Libertyville, Ill. heard yesterday that our Portland office was closing because of a (in our estimation) light dusting of snow and icy rain, we shook our heads. “Let them come to the Chicago area and see what winter is really all about,” I thought.

Then I saw this video from Portland’s news source, nwcn.com and King5.com. (The link takes you to the home page, where you should see a sidebar for a video with the caption,’Amazing home video of icy collisions in Portland.’ Click that video link.)

The saying, “A picture is worth a thousand words,” rings true in this case. After watching the videoclip, no one at my office questioned the decision to close the Portland office!

I’m writing this quick post at home over the lunch hour before heading back to the office. Life has imitated art, as I live an approximation of an episode of “The Office,” one of my favorite television shows.

In last night’s episode, two of the key characters in the television show return from a secret joint-vacation to Jamaica. The man tries to send a suggestive photo of his female companion to a friend via email, but instead forwards it to half of his office. The other half of the office soon gets a copy of the photo via forwarded emails. The male character goes crazy, as his attempts to keep the matter private go horribly awry.

I laughed at the stupidity of that character, and how his mistake was broadcast throughout the office via email and then full-color poster-sized prints of the suggestive photo. “No one is THAT stupid in this day and age,” I thought to myself.

Then I got an email at work the next morning. No, it didn’t contain an attached suggestive photo. It contained a link to the website of the photographer who took pictures at our company’s recent holiday party. I went to the website, logged in with the supplied user name and password, and began to look at the pictures. “Nothing too bad,” I thought, when a coworker passed by and saw my computer screen. “Hey, don’t hog them to yourself,” my coworker complained, coaxing me into sending the link.

“No harm,” I thought. “We’re going to send the link to everyone later today anyway.” I forwarded the information and listened as my coworker began to review the pictures with other people who circled the cube. My biggest concern was whether a boss would pass by and wonder why this group of people didn’t have something better to do.

Then I saw the first questionable picture. While the first thumbnails I viewed were pretty sedate, they also were the first photos taken that night, before the drinking had gotten very far. I, and the group of employees in the nearby cube, began to see pictures where people threw caution to the wind, and (nearly) let it all hang out, so to speak. Nothing pornographic, but probably embarrassing in the calm (and sober) light of day, two weeks after the original event.

A supervisor who sits near me was one of the people who had taken several questionable photos with his date, and with some female coworkers. I called him over to my PC and showed him the photos. He reacted very much like the male character on “The Office” episode I had watched the previous evening. Lots of spontaneous sweat, increased respiration, and softly muttered sounds of terror.

Obviously, if he had thought about it at all, he imagined that only he would be able to view the photos. Now the reality that the entire company would realize just how far he can stretch out his tongue struck him. “Can we take those off of the site?” he whispered in a pleading voice.

I was a step ahead of him, but I knew that I had to move quickly. As word of the photos spread throughout the office, people began to log onto the site, using the login information that the photographer had given on the night of the party. With the okay of the service center management and HR, I had IT block access to the site. I exchanged emails with key people and together agreed that the site would remain blocked, and people would need to view and order photos from outside of the office. In the meantime, a coworker contacted the photographer to request that some of the more questionable photos be removed from the site.

Easy enough, but someone pointed out that some people in the photos might actually want to purchase those photos (maybe not the Tongue Master, but some of the others). How would they know that the photos were available if we had them removed from the website?

That is why I am at home. I had to leave the office where the photographer’s website was blocked by our IT Department, and get screen captures of the questionable photos before the photographer had a chance to remove them!

I hope that the people involved learned a lesson about corporate events like the holiday party. Careers aren’t often made there, but many a career has gone down in flames due, in part, to poor decisions made under the influence. That’s one of the reasons why I stuck to nonalcoholic beverages that evening–and struck a safe, non-offensive pose when taking a photograph with my wife.

I’m ending my Christmas/New Year’s vacation tomorrow, and coming to grips with the disparity between what I intended to accomplish, and what I actually did accomplish, personally and professionally.

I intended to post here and on the IABC Cafe several times, but didn’t get it done. The most frustrating thing about it was the time wasted because of computer software that didn’t play well with my aging Vaio computer. Of course, the simple answer would be to purchase a nicely furnished new PC, but my disposable income went toward other itmes for the home and family. I probably will purchase a new PC later this year.

Another goal that I intended to meet, and didn’t, was to have a new WordPress blog up and running. I plan to install the software on a hosted system, and I need to tweak WordPress. With so many other commitments and distractions, I haven’t had time to seek help from the WordPress community. I’ll be reaching out sometime this week or next.

My reading load has increased because of manuals for Christmas gifts, books, and other items. The excitement of my new programs and tools is tempered by the need to learn about them. It all takes time, as you know.

Oh well, my daughter just came down to tell me that I need to sign off so that I can walk the dog and call it a night. Where does the time go?

The snow was falling briskly, and the television continued to announce traffic snarls, accidents, and a growing list of school and business closings. Anticipating the coming winter storm, my company’s HR Department had sent a broadcast email the day before to remind employees about the company’s emergency weather hotline number.

Would I get an unexpected day off of work? I dialed the number at 5:30 a.m. to check. The recorded message stated that the company was open for business as usual. But it gave no reference to today’s date (as in, “Today is Friday, Dec. 1 and this is the latest update.”) It sounded like the generic message that probably played every other day of the year.

I continued to get ready, and just before leaving the house (earlier than usual in anticipation of a long commute), I checked the message once again. Same message; same feeling of uncertainty about whether the business would be closed when I arrived.

With so many businesses and schools being closed, the roads were less traveled, and I actually arrived at work earlier than usual. The parking lot was mostly empty, and the lights were off in the main lobby and Security Desk. I drove to a side entrance where I could use my ID badge to enter, and was relieved to see a smattering of other employees already at work.

Coworkers grumbled about the drive into work, and wondered why we were open, when so many other companies were closed. Some shared my opinion that the hotline message should have clearly indicated that it was current. I spoke with a colleague in HR, who agreed, and changed the messsage.

While it made me feel good that my opinion as the communications expert was heard, I also know that a coworker had spoken to the same HR person hours earlier, with the same suggestion. When I told the coworker that I had spoken with HR and the message would be changed, his reaction was two-fold:

* It was too late, because most employees would have either fought their way into the office or turned back by then.
* It was frustrating that the common-sense opinion of a “common employee” didn’t seem to matter.

This storm, too, shall pass. With employee engagement getting a lot of attention within corporations, this kind of situation bears watching, however. One other suggestion that the company did act on was to buy lunch for everyone who made it into work. Also, most employees left early, while it was still light, after spending much of the day distracted by weather-related discussions.

All-in-all, questions as to the benefits of staying open when many other companies either delayed opening, or decided not to open at all that day.