On a day at the end of the year, Ms. P.H.Y., a student at the Maritime University, opened her computer and received an offline message containing a link that started with “vuonnhac.” Thinking it was a friend sharing a song online, she clicked without hesitation, and her troubles began from that moment…
At first, numerous pop-ups began appearing, offering various products. Annoyed, Ms. Y. closed the vuonnhac page and opened another window to browse the web, but to her surprise, her homepage, which was set to google.com.vn, had changed to vn-n.com.
With enough computer knowledge, she quickly realized that her computer was infected with spyware, specifically a type known as a homepage hijacker.
Without delay, she hurriedly downloaded the popular spyware removal software Spybot Search & Destroy to scan her computer. After nearly half an hour, dozens of spyware programs were eradicated, and Ms. Y. sighed in relief. However, when she restarted her computer and opened the Internet Explorer browser, the vn-n.com homepage still taunted her.
Refusing to give up, she tried a series of other spyware removal programs. Unfortunately, the unwelcome intruder continued to arrogantly occupy her homepage, unleashing pop-ups and pop-unders, along with other types of spyware that severely drained her resources (CPU usage always hovering around 100%), causing her computer to run as slowly as… a turtle moving backward.
Ultimately, Ms. Y. had to resort to an extreme solution: formatting her C drive and accepting the loss of a week to reinstall all her used software. “Being somewhat knowledgeable about computers, I always stayed cautious of links ending in .exe or .pif, as they usually contain viruses. But a completely normal link like this? Who would have suspected it?” she explained.
However, Ms. Y. is not the only one facing this nuisance. A quick survey conducted by reporters from Tuổi Trẻ, along with collaborators, at over 100 randomly selected internet cafes in Hanoi, Hai Phong, and Ho Chi Minh City yielded shocking results: more than 20% of computers were infected with the vn-n.com spyware. Although the survey scope was limited, the data still somewhat indicated the extent of the infection of this spyware.
Mr. Pham Quang Hung, Deputy Director of NMS Online Marketing Solutions Company, stated: “The infection method of this spyware mainly occurs through sub-sites with entertainment content such as music, stories, chat, games, sports, and lottery results. When users visit one of these sites, spyware is silently installed, and the browser’s homepage is changed to vn-n.com.”
According to Mr. Hung, the infection speed of vn-n.com is very high due to its infiltration through popular content sites. In just the past three months, this “made in Vietnam” spyware has helped the vn-n.com website, which consists solely of links and advertisements, rise more than 20,000 places in the Alexa ranking, proudly sitting at position 12,314—a ranking that many online newspapers would envy.
Mr. Hung emphasized that the “success” of vn-n.com has encouraged many other websites to adopt similar tactics to hijack browsers, such as songdong.net and manhhai.com. He warned: “This is a very dangerous trend and is likely to grow significantly in the near future. Since it is primarily prevalent among the Vietnamese community, these ‘VN-made’ spyware programs are much harder to manage compared to foreign spyware because they are not on the blacklists of spyware removal programs, making them difficult to eliminate using those tools.”
Currently, the “made in Vietnam” spyware has only been limited to hijacking browser homepages and displaying pop-ups, but if no regulatory measures are taken, it is certain that one day they will reach a level comparable to their counterparts in developed countries in terms of stealing passwords, personal information… for nefarious purposes.
This poses an extremely dangerous threat to the e-commerce sector that is set to grow rapidly in the near future.
BÌNH NGUYÊN
