Caught in a botnet? Better do this, quick

Many of us need to drop a few pounds. Exercising regularly and eating a healthy diet with reasonable portions is a simple way to achieve that goal, of course. But many of us want quicker and easier solutions.

The market for weight loss programs and products is immense. The advertisements for these products are compelling and often contain celebrity endorsements and what purports to be scientific evidence in support of their claims. Unfortunately, generally, these products share two important characteristics: They are easy to use -- and they don't work.

The Federal Trade Commission (FTC) is constantly taking action against the scammers who operate phony diet programs and products, but the battle is never ending. Recently, the FTC obtained a court order stopping a California company, Sale Slash from marketing a wide range of bobgus weight loss products including Premium Coffee, Garcinia Cambogia, Premium White Kidney Bean Extract, Pure Forskolin Extract and Pure Caralluma Fimbriata Extract.

One of the things, however, that made this particular weight loss scam particularly noteworthy is the manner in which the products were marketed. According to Jessica Rich, the Director of the FTC's Bureau of Consumer Protection, "Sale Slash is a fraud trifecta. The company made outlandish weight-loss claims for its diet pills using fake news sites, phony celebrity endorsements and millions of unwanted spam emails."

One of the major ways Sale Slash's products were marketed to the public was through spam emails sent through a botnet of hacked computers. A botnet is a network of computers that have been infected by a hacker with malware that enables the hacker to control the computer without the individual hacked computer owners being aware of the attack. The malware that enables the hacker to take over the victims' computers is unwittingly downloaded by the victims themselves when they click on links or download attachments infected with malware. Often the links are sent in phishing email messages that promise videos, music or photographs of interest to the victims.

In the case of the Sale Slash products, the spam emails appeared to come from your friends because the email contact lists of the victims who make up the botnet were used to send the spam that contained messages such as "Hi! Oprah says it's excellent" along with a link that if clicked upon would take you to phony, but legitimate appearing, news sites with phony celebrity endorsements and phony investigative reporters touting the value of the products for dramatic weight loss.

So what should you do if you receive one of these emails?

The truth is that there are no quick fixes when it comes to losing weight and you should be wary of any product that promises that you can lose tremendous amounts of weight without dieting or exercise. The best course of action when considering a weight loss product, is to ask your physician about the effectiveness of the particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.

But what about your friend who it is made to appear sent you the email? Your friend may not be aware that his email account has been hacked and his computer made a part of a botnet, so you should notify your friend right away to alert them to the problem.

Being a part of a botnet means that a hacker has managed to take control of the victim's computer. The problem may be limited to the computer being used to send spam emails, but the hacker could have also managed to infect the computer with keystroke logging malware that can be used to make the victim of the hacking also a victim of identity theft so it is critical to act promptly.

So what should be done?

1. Change the password on your email account. If you have used the same password for other accounts, you should change those passwords as well and, in the future make sure that you use unique passwords for all of your accounts.

2. Change your security question. Sarah Palin's email account was hacked when the hacker answered her security question as to where she met her husband by going to Wikipedia and finding out she met him at Wasilla High School. You may think that the answer to your security question is not so readily available, but you would be surprised how much personal information is available about us all on the Internet. I suggest that you pick a nonsensical answer to your security question, so if your question is what your favorite color is, you should make the answer "seven." No one will be able to guess this and it is silly enough for you to remember.

3. Report the hacking promptly to your email provider.

4. Contact the people on your email list and tell them that you have been hacked and not to click on links in emails that appear to come from you.

5. Scan your computer thoroughly with an up to date anti-virus and anti-malware program.

6. Review the setting on your email to make sure that your email is not being forwarded to the hacker.

7. Get a free copy of your credit report. You can get your free credit reports from www.annualcreditreport.com.

8. Consider putting a credit freeze on your credit report so that a hacker cannot access your credit. You can get information about how to do this at www.scamicide.com.

Steve Weisman is a lawyer, a professor at Bentley University and one of the country's leading experts in scams and identity theft. He writes the blog scamicide.com, where he provides daily update information