There’s a new worm in town, and it’s called “Stuxnet”. Unlike previous worms, which required the user to run a program, have “autorun” enabled, load a document into a spreadsheet or word processor, or at least look at the file in some manner, this worm is triggered by simply viewing the folder. The vulnerability even affects Windows 7, and as of today there is no fix yet from Microsoft.
For example, placing an infected USB stick into the computer on Windows 7 will, by default, ask you what you want to do. Being a smart person, you know to avoid the “autorun” option, and instead opt for “open folder” choice, to see what sort of files are on it. That act alone will trigger the worm. Same thing with “My computer” and then double-clicking the USB stick, or navigating to any folder with the infection in it.
According to an article from Microsoft: Continue reading ‘The Stuxnet worm’ »
Posted by admin on July 26, 2010 at 3:26 pm under Uncategorized.
1 Comment.
Another common type of e-mail fraud is called “phishing”. Basically, they pretend to be someone else, in an attempt to get you to reveal personal information, just as login and password, or your social security number. (Or both.) Many of these can be rather sophisticated, mimicking the real website down to the slightest detail.
Some, on the other hand, are so poorly done, you have to wonder why they bother. The reason is simple… because people fall for it. When you send out a million phishing e-mails, it only takes a very small fraction to fall for it to make it worth their effort.
Here is a recent example of a “so poorly done, it’s gotta be obvious that it’s a fake” phishing e-mails:
Subject: Business Online Banking Account Alert!
—–
You must submit verification documents to continue using your account without interruption. To view the details of this request and submit the required information, click on the following link (or copy & paste it into your web browser):
http://[elided]/Upload_documents_blank.exe
We thank you for your assistance in this matter.
So, let’s take the 30-second “what red flags does this raise” tour:
Continue reading ‘Do people really fall for this? Part 2’ »
Posted by admin on July 20, 2010 at 9:15 pm under Uncategorized.
Comment on this post.
It’s hard to imagine, but people still fall for scams like this all the time.
I just got another “you won the lottery” spam e-mails. This one was supposedly from “MICROSOFT CORPORATIONS”(sic), and contained the following message:
You have been awarded the sum of £1,625,000.00GBP in the MICROSOFT EMAIL PROMOTI
ON AWARD 2010.Cont Mr Mark Anderson with your names,address,phone and Country to
[elided]@w.cn.cn or call +4470-[elided] for moreinformation on t
his award.
With the exception of removing the username part of the e-mail address, and the rest of the phone number, that is the exact contents of the e-mail, spelling and line breaks as-is.
With so many obvious “this isn’t real” warning signs, I find it hard to imagine that people still fall for this. Yet they do.
Continue reading ‘Do people really fall for this?’ »
Posted by admin on July 20, 2010 at 4:28 pm under Uncategorized.
Comment on this post.
A recent article in eWeek tells how the FBI has indicted 3 people in a $100 million rogue antivirus scam. While it’s only an indictment, and not an arrest or conviction, at least it’s a start.
Three men have been indicted in what the FBI described as an international cybercrime operation that sold $100 million in rogue antivirus software to victims in more than 60 countries.
Can you imagine the number of victims, and the number of infected systems, from $100 million in sales?
Remember, if you get a popup from a program you don’t remember installing, with a link to buy a program to clean the infection, it’s probably a scam. Don’t click on the link!
Posted by admin on June 28, 2010 at 1:42 pm under Uncategorized.
Comment on this post.
Oh well. Kristina did well at Challenge of Champions XXVIII, but not enough to earn a trophy.
She went up against two high-brown belts (the highest belt before black), and beat the first one. And, while she defended herself quite well against the second, getting out of several near-submissions, it wasn’t enough to win.
She’s looking forward to December’s tournament.
http://www.ChallengeOfChampions.com
Posted by admin on June 10, 2010 at 2:10 pm under Uncategorized.
Comment on this post.
You’ve probably seen the ads. ”My name is Todd Davis. This is my Social Security Number…” It’s from the CEO of LifeLock, a company that offers “identity theft protection”. The service must be pretty darn good if the CEO is announcing his Social Security Number to the world, with a “just try to steal my identity” arrogance.
Well, you’d be wrong.
Continue reading ‘Identity theft “protection” — does it work?’ »
Posted by admin on June 4, 2010 at 2:51 pm under Uncategorized.
Tags: FTC, identity theft
Comment on this post.
Just a reminder that there is no BlogTalkRadio show this week for the Memorial Day weekend, nor next week, due to Kristina’s competition at the Challenge of Champions.
Posted by admin on May 30, 2010 at 4:37 am under Uncategorized.
Tags: BTR
Comment on this post.
You’re at a conference for information security. You pass the IBM booth where they’re giving out free USB thumb drives with some marketing material, and you pick one up. Think you’re safe? Think again.
Even IBM can make mistakes.
Continue reading ‘Even IBM can make mistakes’ »
Posted by admin on May 28, 2010 at 5:32 pm under Uncategorized.
Tags: malware, trojan, virus
Comment on this post.
Sorry, but we moved servers and upgraded our WordPress software at the same time, and I haven’t found the right magic incantation to import the old blog files. For now, we’ll just have to start from fresh. Sorry about that. I have everything backed up here, so nothing was lost. It’s just not available online yet.
You will also have to re-register to post comments.
Well, as we like to say, “you’ll do it better the second time around”. :-)
Posted by admin on May 25, 2010 at 8:43 pm under Uncategorized.
Comment on this post.