We’ve all seen those phishing e-mails, trying to steal your login information for banks, credit cards, and what-not. They all start “something bad happened, and if you don’t ‘confirm’ your identity within 72 hours, we’re going to delete your account”. So, when an e-mail with the subject “SourceForge.net passwords reset” hit my inbox the other day, I was a bit suspicious.

However, what followed did not look like your typical phishing scheme. In fact, it was a real e-mail from SourceForge.net.  Here’s the main part of the e-mail, along with my thoughts on what they did “right”.  (As well as what they could have done “better”.)

Hello,

We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are
resetting all passwords in the sf.net database -- just in case.  We're
e-mailing all sf.net registered account holders to let you know about this
change to your account.

So far, it’s not much different than all those phishing e-mails we’ve seen. (Well, except for the use of proper English grammar and spelling, that is.) But, it continues… Continue reading ‘SourceForge.net does it right’ »

What’ s the best anti-phishing tool? According to a recent “Ask Leo” article, the answer is “you”. And I heartily agree.

Phishing is interesting, and difficult to protect against.

But I do have a strong recommendation for the absolute best anti-phishing tool.

You

You are the best anti-phishing tool. In fact, in some cases you are the only possible anti-phishing tool.

Click here to read the rest of his article.

The latest mass attack to hit my inbox has been a deluge of fake LinkedIn notifications. Coming in the guise of a new message from one of your LinkedIn contacts, it’s actually an attempt to infect your system with a trojan, which will probably let “the bad guys” steal your passwords, or take remote control of your system, which will be added to their ever-growing botnets.

Now, I don’t have a LinkedIn account, though I do get the occasional “real” e-mail from them with an invitation to join from someone I know. But, even if I did have an account, I would like to think that, upon opening my e-mail in the morning and finding 217 identical messages from overnight, red flags would be going up for just about anyone.

So, what’s the payload?

Continue reading ‘Deluge of fake LinkedIn notifications’ »

Here’s an article on Mobile Redirect with an interesting twist on the recent worm.

This is an amazing by-product of social networks. The ability for users to identify and kill viruses, worms, trojan horses, etc. These types of unique social network ecosystems reflect activity existant in the natural world.

[…]

“Social networks have built-in antibodies…their users,” said Sean Sullivan of the Finnish security company F-Secure. “Compare the Twitter attack to a malicious attack of yesteryear that took weeks or even months to develop. This peaked and ebbed in two and a half hours,” Sullivan said.

That’s not to say that spammers don’t love sites like Twitter, because all they care about is finding some sucker to buy their product. A two-hour flood of spams is “great”, as far as they are concerned. But, it’s an interesting concept regarding worms and other malware on such sites.

Thoughts?  Comments?  Leave them in the comment area below.  Thanks.

In the never-ending fight against spam, we all (hopefully) have some sort of filtering on our inboxes. In the attempt to let less and less spam through, there are the inevitable casualties called “false positives” — legitimate e-mail that our filters treat as spam. One way to help minimize those false positives is called “whitelisting”. Any e-mail that comes from a whitelisted address will be let through without any further checks. This helps assure that important e-mails make it through, and many newsletters that you can subscribe to will tell you the address that the mailings will come from, and suggest that you whitelist that address.

Now, many people often send themselves a copy of important e-mails that they send to others, so they have their own copy in their inbox. And, to prevent such e-mails from possibly hitting their spam traps, they whitelist their own address. While this sounds like a good idea on the surface, it’s actually a bad idea in today’s spam-filled era.

Continue reading ‘Why whitelisting your own e-mail address is a bad idea.’ »

Is this the first case of computer malware causing human deaths? Perhaps. But it certainly won’t be the last.

As noted in a recent MSNBC article:

Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.

An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais.

Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.

As any reader of this blog should be well aware, any significant piece of software has bugs and security holes, which (hopefully) are fixed over time. Keeping your software up-to-date is an important piece of your security.

So, with dozens, or perhaps hundreds, of applications, browser plugins, and so on, not to mention all of the pieces of Windows itself, how can you be sure that everything is up to date? Sure, Windows itself can be set to automatically download and install updates, and many programs have the option to check for updates as well. But, wouldn’t it be easier to have a “one stop shopping” place to check?

Enter Secunia Personal Software Inspector (“Secunia PSI”).

Continue reading ‘Secunia Personal Software Inspector’ »

There was a rather, umm, “interesting” theme in today’s batch of spam that made it through my filters. Here’s a screenshot of the subjects, after deleting the dozens of duplicates.

Of course, the attached  HTML document, supposedly a link to a news report about a plane crash, was instead an obfuscated Javascript program which would attempt to download an infection. (I didn’t bother investigating what, exactly, that infection was.)

We all have numerous plugins in our web browsers. These are small programs which add functionality to your browser “experience”. For example, the Adobe Shockwave plugin is what most people use to view “Flash” animations, or you may have Apple’s QuickTime plugin to watch videos. These plugins, like any other program, sometimes have bugs and security holes which are fixed over time.

How can you tell what plugins you have? The method varies depending on the browser, but here are a few:

  • Internet Explorer. From the menu, select “Tools”, and then “Manage Add-ons”.
  • Firefox. In the address bar, type “about:plugins”.  Or, from the menu, select “Tools” and then “Add-ons”, and select the “Plugins” tab.
  • Safari. From the menu, select “Help”, and then “Installed Plug-ins”.
  • Chrome. (Sorry, but I don’t currently have Chrome installed.)

In my Firefox browser, I currently have 25 plugins installed.

So, how do you figure out which plugins are current, and which have updates available?

Continue reading ‘Keeping your browser plugins up to date’ »

Windows uses what is known as “file extensions” (the letters after the ‘.’ in the filename) to determine how to handle the file. For example, “.exe” files are executable programs, “.doc” are documents (typically MS-Word), and “.qbw” are QuickBooks data files.

Out of the box, Windows defaults to hiding the file extension in folder listings, instead relying on the file’s icon to convey the file type to the user. The “bad guys” have taken advantage of this, by making you think the file is of one type, when it’s really an executable program designed to infect your system.

Icon with extensions hiddenIs this “report” a document you can view,
or a trojan designed to infect your system?

Fortunately, it’s an easy fix.

Continue reading ‘Don’t hide file extensions’ »