JD @ myITforum.com

How to Avoid Phishing Scams

So far, I have given you detailed instructions for how to pull off a Phishing scam. I am not however giving you this information so that you can go rip people off. Instead, I am showing you how a Phishing scam works so that you can avoid being ripped off. Of course, understanding how the scam works is only half of the battle. You still need to know how to spot the scam and avoid being victimized by it.

The best advice that I can give you is that if you ever get an E-mail message from your bank, your ISP, PayPal, EBay, Amazon, etc., read the note over several times. Odds are that the note will appear legitimate, but you need to look for something fishy (no pun intended). For example, does the note have misspellings or bad grammar? Is this the first message that you have ever gotten from the company? Does the company even have your E-mail address on file? If you have any suspicions at all about the message, then the message is probably illegitimate.

The best thing that you can do is to call the company that allegedly sent you the message. Never use the phone number included in the message though. Instead, take the time to look the phone number up in the phone book. It’s better to spend a few extra minutes looking up a number that you already have in front of you than to be a victim of a scam.

Obviously, you should never click on a link within a suspicious message. If you really must visit the Web site that the message claims to be from, enter the site’s address into your browser manually.

Other precautionary steps that you can take are to review your bank statements and credit card statements regularly to make sure that no one is stealing from you or making purchases in your name.

Finally, if you do receive an E-mail message that proves to be a Phishing scam, you should report the message to the company that the message claims to be from. Doing so makes the company aware of the scam so that they can report it to the proper authorities and help keep other people from being ripped off.

Read the full Article here From WindowSecurity.com

On-Demand Security Webcasts

I was checking out  Spyware Warrior this morning and Suzi posted a link for Microsoft's Webcast on spyware. While I found the video to be very good, I had to check out all of the other great webcasts that are available. This is a great resource for Information technology workers that want to do their part to protect their networks from malware.

http://www.microsoft.com/seminar/events/security/ondemand.mspx

Blind Buffer Overflows In ISAPI Extensions

Flurry of Bagle virus activity

There are now three variants of the bagle virus that have surfaced since yesterday. Here are links to information on all of them. I am posting only one antivirus vendors links in order to keep the naming convention confusion to a minimum.

Bagle.BJ

http://vil.nai.com/vil/content/v_131351.htm

Bagle.BK

http://vil.mcafeesecurity.com/vil/content/v_131352.htm

Bagle.BL

http://vil.mcafeesecurity.com/vil/content/v_131353.htm

Great wireless security information

I just found an awesome wireless security resource, but there is a catch. In order to get the link, you will have to read through the BEST PRACTICES - WIRELESS SECURITY thread from the myITforum.com General Security Discussions forum. It has some good information, and you may have some information to add to the thread.

New virus masquerades as message from BitDefender

http://www.bitdefender.com/bd/site/presscenter.php?menu_id=24&n_id=154

Virus hooks onto CNN headlines

http://news.zdnet.com/Virus+hooks+onto+CNN+headlines/2100-1009_22-5544157.html?part=rss&tag=feed&subj=zdnn

E-mails laden with the virus, dubbed "Crowt.A" by Sophos, do not have a typical subject line and other characteristics, Sophos said. Instead, the virus sends out e-mail messages with subject lines, message content and attachment names drawn from the latest news headlines on CNN's Web site, which it gathers as it spreads.

Email Best Practices

http://www.cert.org/features/green/email-attachments.html

Use Care When Reading Email with Attachments
by Larry Rogers

You probably receive lots of mail each day, much of it unsolicited and containing unfamiliar but plausible return addresses. Some of this mail uses social engineering to tell you of a contest that you may have won or the details of a product that you might like. The senders are trying to encourage you to open the letter, read its contents, and interact with them in some way that is financially beneficial - to them. Even today, many of us open letters to learn what we've won or what fantastic deal awaits us. Since there are few consequences, there's no harm in opening them.

Email-borne viruses and worms operate much the same way, except there are consequences, sometimes significant ones. Malicious email often contains a return address of someone we know and often has a provocative Subject line. This is social engineering at its finest – something we want to read from someone we know.

Email viruses and worms are common. If you've not received one, chances are you will. Here are steps you can use to help you decide what to do with every email message with an attachment that you receive. You should only read a message that passes all of these tests.

1. The Know test: Is the email from someone that you know?
2. The Received test: Have you received email from this sender before?
3. The Expect test: Were you expecting email with an attachment from this sender?
4. The Sense test: Does email from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense? For example, would you expect the sender – let's say your Mother – to send you an email message with the Subject line "Here you have, ;o)" that contains a message with attachment – let's say AnnaKournikova.jpg.vbs? A message like that probably doesn't make sense. In fact, it happens to be an instance of the Anna Kournikova worm, and reading it can damage your system.
5. The Virus test: Does this email contain a virus? To determine this, you need to install and use an anti-virus program. That task is described in Task 1 - Install and Use Anti-Virus Programs of "Home Computer Security."

You should apply these five tests – KRESV – to every piece of email with an attachment that you receive. If any test fails, toss that email. If they all pass, then you still need to exercise care and watch for unexpected results as you read it.

Now, given the KRESV tests, imagine that you want to send email with an attachment to someone with whom you've never corresponded – what should you do? Here's a set of steps to follow to begin an email dialogue with someone.

1. Since the recipient doesn't already Know you, you need to send them an introductory email. It must not contain an attachment. Basically, you're introducing yourself and asking their permission to send email with an attachment that they may otherwise be suspicious of. Tell them who you are, what you'd like to do, and ask for permission to continue.
2. This introductory email qualifies as the mail Received from you.
3. Hopefully, they'll respond; and if they do, honor their wishes. If they choose not to receive email with an attachment from you, don't send one. If you never hear from them, try your introductory email one more time.
4. If they accept your offer to receive email with an attachment, send it off. They will Know you and will have Received email from you before. They will also Expect this email with an attachment, so you've satisfied the first three requirements of the KRESV tests.
5. Whatever you send should make Sense to them. Don't use a provocative Subject line or any other social engineering practice to encourage them to read your email.
6. Check the attachments for Viruses. This is again based on having virus-checking programs, and we'll discuss that later.

The KRESV tests help you focus on the most important issues when sending and receiving email with attachments. Use it every time you send email, but be aware that there is no foolproof scheme for working with email, or security in general. You still need to exercise care. While an anti-virus program alerts you to many viruses that may find their way to your home computer, there will always be a lag between when a virus is discovered and when anti-virus program vendors provide the new virus signature. This means that you shouldn't rely entirely on your anti-virus programs. You must continue to exercise care when reading email.

Use the checklist from "Home Computer Security" to help you make decisions about opening email attachments.

Social engineering is the art and science of getting people to comply to your wishes. It is not a way of mind control, it will not allow you to get people to perform tasks wildly outside of their normal behavior and it is far from foolproof. (From http://packetstormsecurity.nl/docs/social-engineering/aaatalk.html )

This article is adapted from task 3 in "Home Computer Security," which can be found at http://www.fedcirc.gov/library/documents/homeusers/index.html and http://www.cert.org/homeusers/HomeComputerSecurity/.
This work was funded by the General Services Agency of the U.S. Government.

PDF (printable) version
Other Features in Security Practices & Evaluations

Trojans masquerade as Microsoft AntiSpyware

http://www.viruslist.com/en/weblog?weblogid=157998516

I just caught this on viruslist.com, There is a trojan claiming to be Microsoft's Antispyware program.

Tiny robots powered by living muscle

http://news.bbc.co.uk/2/hi/science/nature/4181197.stm

This is wild. I can see it now, computer geeks with medical degree's. A virus outbreak could actually kill living organisms.

Microsoft Preparing Anti-Virus Program

http://www.rednova.com/news/display/?id=119634

The company plans to sell an anti-virus program, probably as a subscription service, to compete with Symantec Corp. and McAfee Inc., the Nos. 1 and 2 providers of such software.

Are employees of antivirus companies writing viruses?

http://news.com.com/2102-1025_3-5520278.html?tag=st.util.print

In an interview with CNET News.com, a former virus writer and ex-member of 29A, had some interesting comments about some questions that have been asked for years. I.E. “the authors of viruses are antivirus developers themselves.“

Many Antivirus companies have dismissed these claims as urban legend or a myth. I wonder if there will be a response from the antivirus industry on his comments. If a response is issued, I wonder what the chances are that they will attack his character, suggesting that comments from a known virus writer can not be trusted. Prosecutors in our society rely on other criminals’ testimony quite frequently and I’m putting some weight into Marek Strihavka's claims. I would find it pretty hard to believe that some of the programmers that make a career in the antivirus industry are not interested in writing or researching virus code and methods on their personal time. I do not believe that antivirus companies are coding viruses and they would probably fire anyone that they had knowledge of actively coding viruses.

These are the comments:

Antivirus companies frequently say that no virus writer should ever have a job in security. What are your views of this opinion?
That is funny. Why? Just because a lot of skilled virus writers already have jobs in the antivirus industry. I don't want to cause any problems to my friends, so I won't give concrete examples. But believe me, this is just marketing theater for customers--the truth is a bit different.

In any event, who else should code antivirus programs? Who else has the experience and technical skills for fighting viruses? Some antivirus firms say that I have no moral right to do it, but...almost all ex-members and current members of 29A are employed in the antivirus and information technology security industry.

Veritas BackupExec Agent vulnerability

From The SANS Institute ..............

Veritas BackupExec Agent vulnerability

A remote vulnerability in Veritas BackupExec Agent has been discovered. This vulnerability is especially serious as it does not require any authentication before the service can be exploited, and by their very nature, backup servers tend to both be reachable by, and have access to, a large number of systems within an organization. If you run BackupExec, patches are available for both Version 8.6.x

If you're running Veritas Backup Exec 8.x or 9.x and you aren’t patched or blocking access to port 6101/tcp, you're either 0wn3d or soon will be. On Monday, we mentioned a rise in scans for port 6106, and as of today, "universal" exploit code for the vulnerability is widely available. We are seeing indications of active (ie. non-worm) exploitation of Backup Exec systems but have heard rumblings that a worm may be in the works.

http://seer.support.veritas.com/docs/273422.htm

Document ID: 273420
http://support.veritas.com/docs/273420

9.1.4691 Hotfix 40 - Backup Exec (Buffer overflow creates a security hole in Agent Browser; Licensed Storage Central becomes Eval when Backup Exec 9.1 is uninstalled) *Requires Backup Exec 9.1.4691 Service Pack 1

Details:
To which versions of VERITAS Backup Exec (tm) can this hotfix be applied?

This hotfix can only be applied to the following versions of Backup Exec for Windows Servers:

Backup Exec 9.1 for Windows Servers revision 4691
Backup Exec 9.1 for Windows Servers revision 4691.1

Note:  Backup Exec 9.1 for Windows Servers revision 4691 Service Pack 1 is required to install this hotfix.

This hotfix resolves the following issues:

Buffer overflow can potentially create a security hole in the Backup Exec Agent Browser service.
A Licensed copy of Storage Central becomes an evaluation copy when Backup Exec 9.1 is uninstalled.

Which files does this hotfix replace?

This hotfix replaces the following files:

BEINSTOPS.DLL
BENETNS.EXE

How to install this hotfix:

Click Below to Browse the FTP files by Product:
ftp.support.veritas.com/pub/support/products

Related Documents:

273419: Remote exploitation of a stack-based buffer overflow vulnerability in Backup Exec 8.x and 9.x may allow the unauthorized execution of arbitrary code.
 http://support.veritas.com/docs/273419

Digital Rights Management used to distribute spyware

http://www.securitypipeline.com/57700549

When a user tries to play a protected Windows media file, the anti-piracy technology demands a valid license; if that license is not stored locally, the player looks for it on the Internet so the user can download or purchase it.

However, these Trojans only "pretend to download the corresponding license from certain Web pages," said Panda in its online alert. "What they actually do is redirect the user to other Internet addresses from which they download a large number of adware, spyware, dialers, and other viruses."

Broadcom, HP, Linksys Join Forces on Wi-Fi Security

http://www.reed-electronics.com/eb-mag/index.asp?layout=articlePrint&articleID=CA492696

It would definately be a general security improvement to make wireless configurations easy for the average user. I opened up Netstumbler on my way to work and found 65 wireless networks. Of those networks, 27 were using WEP. The rest were open, many with the default router name, and I am assuming the default configuration.

For tips and information on securing your wireless router follow the link below:

http://65.214.43.26/forums/tm.asp?m=53477&p=1&tmode=1