M&D Creative Concepts Security Communications

Quick Conficker Update

2009-03-30T08:12:00.002-05:00

I got this from the US-CERT Technical Cyber Security Alert. There is a way to check to see if you are infected with Conficker. Navigate to either:

* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm or

* http://www.mcafee.com

If a user is unable to reach either of these websites, a Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in"

http://support.microsoft.com/kb/962007.

As always, safe surfing,

Darrell

Conflicker Worm Set to Strike on April Fool's Day

2009-03-26T08:09:00.002-05:00

It's already been in the news, so I thought I would share a discussion I had last night with an interested person from LinkedIn.com. I captured the contents of that conversation:

PC World has an article that indicates that the code is set to execute on April 1 - here's an excerpt from the article:

PCs infected with Conficker.c, the third version of the worm that first appeared late last year, will use a new communication scheme on April 1 to establish a link to the command-and-control servers operated by the hackers who seeded the malware. The date is hard-coded into the worm, which in turn polls any of a number of major Web sites, including Yahoo, for the date...

Read the PC World article.

What can be done to avoid infection?

The best thing that can be done is to make sure your virus and malware definitions are up-to-date before the 31st. There is a Microsoft Patch released in October that addressed the vulnerability and should be applied to all business and personal PCs. This should be enough to protect against the Conflicker Worm. On the other hand, personal computers are not much at risk since they are mostly behind firewalls and the Conflicker Worm doesn't attack through firewalls, business on the other hand have been infected by previous variations to the tune of about 9 million.

What are the symptoms of the ConFlicker Worm?

Wikipedia has a good write-up of the symptoms when a computer is infected.

You can review Microsoft posting about this situation at: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx, there is a lot of information as well as a link to the patch.

At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.

As always, safe surfing,

Darrell Mishler

Adobe reader viewer 9.0 and others vulnerable

2009-02-21T16:06:00.003-06:00

I pulled together some resources for this issue. There are some workarounds described in the article, be sure to read the entire thing before taking action. I disabled the automated PDF opening from by web browser and now I get a prompt to open a document of that type. I can make a determination as to the source, friend or foe of any that I might want to take a look at.

Here are the details that I have captured:

Adobe Reader version 9 and earlier

Adobe has released Security Bulletin APSB09-01, which describes a
vulnerability that affects Adobe Reader and Acrobat. This
vulnerability could allow a remote attacker to execute arbitrary
code.

Disable JavaScript in Adobe Reader and Acrobat

Disabling Javascript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript and un-check
Enable Acrobat JavaScript).

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to the safer option of
prompting the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied it may also mitigate future vulnerabilities. To prevent PDF
documents from automatically being opened in a web browser, do the
following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on web sites or delivered as email attachments.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow.

A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

As always, safe surfing,

Darrell

More anti-virus the better!

2008-12-13T14:47:00.001-06:00

In this blog, I talk about protecting you online and there is a service that is free and well thought out. The service is Gmail. I know, you probably already have an email application, outlook or outlook express and you probably use an email anti-virus scanner like AVG (Grisoft), Norton or McAfee and those are all great at doing what they do. Here’s another option to give you another barrier of protection. All Gmail email is scanned for virus infections. All attachments to Gmail messages are scanned for viruses too.

I have several email accounts and have my Gmail account forwarded to my local ISP email account (Frontier.net, Qwest.com, etc.) and not only does my ISP have anti-virus software scan it, my computer has an anti-virus scanner and Gmail has scanned it. Sounds like overkill doesn’t it, but it really isn’t. The more protection you have the better.

One thing that I’ve found about protection of this sort whether it be virus, malware, or Trojans is that if one scanner doesn’t pick up a problem, another might identify one that got through.

I send email using my Gmail settings via Outlook and am comfortable that I’m not sending anyone a virus. Not only does my PC anti-virus application check my outgoing email for a virus, but Gmail checks the contents of the message for viruses as well and will warn if it detects one.

One more option available from Google is they offer a “Google Pack” that includes among other things a spyware scanner and Norton Security Scan. You can select the options you want for you own “Google Pack”, that way you only get the functionality that you need. Oh, by the way, it’s free.

As always, Safe Surfing,

Darrell Mishler

Sun updates JAVA.

2008-12-09T21:40:00.002-06:00

There is one background application that is available on every PC and runs with all the different types of browsers and a lot of games, that application is JAVA. The United States Computer Emergency Readiness Team (US-CERT) just sent out an alert about JAVA.

JAVA is a product of Sun Microsystems and is freely distributed to everyone that has a computer or browser and flaws have been identified. The worst case scenario is that a baddie could execute arbitrary code remotely.

Sun has released 13 notices that reflect their commitment to correct issues surrounding the vulnerabilities and has provided updates for the most commonly used versions of the Sun Java Runtime Environment. (JRE)

Where possible, let your computer select, upload and update your JAVA. You can find out the version of JAVA that you have installed by viewing the list of software packages from the control panel / add remove software.

If you have identified the version of JAVA that you have you can visit www.java.com and download the update for that version. One more item that Sun talks about is the vulnerabilities still available for earlier versions of JAVA. The earlier versions can be removed via the control panel / add remove programs.

If you want to disable JAVA in your browser, there are instructions available from the US-CERT web site navigate to http://www.us-cert.gov/cas/alerts/SA08-340A.html and scroll down to the Disable statement, click on the link and follow the instructions for the type of browser that you have.

As always, safe surfing,

Darrell Mishler

user32.dll is not a Trojan!

2008-11-12T07:13:00.000-06:00

On November 9th, AVG (Grisoft) provided a signature (definitions) file that contained some false information. As a part of the normal update download an error was introduced that could prove "fatal" to the computer using AVG 7 or AVG 8. This error mistakenly identifies one of the necessary root files for operation of windows to be a Trojan and suggests that it be removed. The name of the file that is suspected by the program is user32.dll.

There has been a quite a bit of buz about this on the internet and AVG provides solutions if you have followed the suggestion of the anti-virus program and deleted this "Trojan". This is not a Trojan and sould not be removed. If you have removed this file, your computer will not re-boot correctly and quite possible go into a cycle of boots. Fear not, AVG has provided a couple of ways that this can be fixed. Visit the www.avg.com/support web site for detailed instructions.

Now for the good news. AVG has this fixed in the next download (signature) file. If you are like me and don't run a full systems virus check but about once a month, you are not going to expeirence a problem. Just make sure you download and install the latest update.

Once again, if the file user32.dll is identified as a suspect file by you anti-virus software (AVG), do not delete it. Tell the program to ignore it, download and update the latest definitions and re-run the scan.

Reference: http://securityandthe.net/2008/11/10/avg-virus-scanner-removes-critical-windows-file/ and www.avg.com/support

Darrell Mishler

Save Me From Myself?

2008-10-08T09:35:00.002-05:00

Do you ever wish that you could un-send that email that you emotionally dispatched last night? Been out and about, got home and with a passion, you composed an email to “your boss”, “The Ex” or other personal offenders?

There’s a cure for the irrational sending of emails that have been composed in the throws of emotional fervor, it’s the wait until the morning review. Now that sounds good if you have a constitution of steel and can do that for yourself, but when you are slightly less inhibited, the passion can win out.

Google’s Gmail has an option that will test your rational self and suggest that you “Have a drink of water, go to bed and review this email message in the morning”. Google calls it Mail Googles; it’s an option that can be turned on in your Gmail Settings.

If you are using Gmail, the Mail Googles can be found by clicking on the settings, labs and scroll down until you find the Mail Googles application. All you have to do from there is check the enable to activate it and it will show up on your main settings page. Mail Googles allows you to set up a testing time for email sent from Gmail. The default testing times are Friday and Saturday nights from 10:00 PM to 4:00 AM. You can also pre-determine the difficulty of the “math test”. The default is 1 and gets harder the higher the number. An example of the type of question that you will be asked is the sum of 4 + 5. Not to hard huh?

If you fail the “test”, the email will be put into the drafts folder and a suggestion that you go to bed is printed to the screen. \I sure could have taken advantage of this option in my younger years. It would have saved me from myself.

To read more about Mail Googles, search the internet and there are already at least 114 thousand articles.

Darrell Mishler

Social Networking Worms to Be On the Lookout For

2008-08-27T11:52:00.001-05:00

Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and more. Be on the lookout for these kinds of subjects and messages from “friends” in Facebook and MySpace as they may contain Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b.

The clickable link asks you to download a “fake flash viewer” that contains the file codecsetup.exe to view the video – don’t execute the executable. If you need a flash viewer, go to Macromedia and download the official one. Inside the fake flash viewer is malicious code that contains a botnet. A botnet can send out messages using your email settings, friends list and other account information to propagate the worm itself to all of your associates, friends and family.

I was watching my nephew zoom around Facebook the other day and his dizzying speed of clicking, scrolling and chatting, I got a headache. It just so happened that during that time, Michael Phelps was winning one of his Gold Medals in World Record time. If there was a competition for Facebook surfing, my nephew would have set a new world record then and there.

It didn’t seem that he was doing anything that might be considered “unsafe”, but he was sure enthusiastic about what he was doing. This is probably indicative of the young people that use MySpace and Facebook, lots of friends and multi-tasking. By scrolling, clicking and chatting in super speed, baddies can take advantage of visitors and “slip something in” on one of the links or clickable areas. Please be careful – as they say in automobile jargon, slow down and drive defensively.

Safe Surfing,

Darrell Mishler

Web Design Services

Golden Olympic Spam Threat

2008-08-08T17:09:00.000-05:00

Spammers are working hard to get involved in the “market”. Spammers and cyberbaddies are trying to take advantage of our want to be more informed about the Olympics. Spam emails have been generated and are being sent out with information that seems to be coming from the International Olympic Committee (IOC).

Watch out for what looks like press release and media information that has an attached Adobe Acrobat PDF file. The attachment enables a malicious executable program when it is opened.

The special part of this warning is that the sending email addresses are international.olympic@gmail and international.olympic2008@gmail.com. If you get any email from these two email addresses – delete them, do not open the attachment.

As always, safe surfing,

Darrell Mishler

Just when you thought your passwords were safe

2008-07-26T12:06:00.001-05:00

Microsoft email, the email that most people use has an automatic archive feature – by itself it is a good thing. I read an article about the archive files that made me think about the file and folder structure. The archive files all have an extension of .pst, which stands for Personal Storage Table.

While I was considering the implications of this, I did a search of my email for the word “password” – I found several email messages that contain Userid and password information. I have auto-archive turned on and every now and then my email folders are archived into .pst files. Although the locations for these files are in system folders and as such hidden, the actual location is easily found.

Consider another situation; I don’t have proprietary information other than my Userid and password information in my emails, but attachments are also archived into the .pst files. This would allow me to recover the .pst archive and restore any document that was attached to an email. Anyone that has gotten access to my archive .pst files, copied via unscrupulous means could restore it to any other computer that has Outlook or Outlook Express installed on it and opens any of my stored attachments.

Taking into consideration what has been previously discussed, there are a couple of things that can be done to protect yourself and your computer email, attachments, contacts and tasks. Each Outlook mail folder has an option for auto-archive. Right click on the folder and select properties, click on the AutoArchive tab and you will see the archive options. The archive properties pop-up gives the option turn auto-archive off.

After you select archive options, your email, attachments, contact and tasks can be archived and stored on your computer. After the archive is complete copy the archive.pst to a USB flash drive or CD ROM storage and delete the “on-computer copy”. Store the USB flash drive or CD ROM in a protected place, away from the area of the computer.

If a disaster were to occur and you needed to restore you email, contacts, attachments and tasks, you would have a relatively recent copy to restore.

More details about archive can be found at: Kellog Northwestern Edu

Safe surfing,

Darrell Mishler

Worm Nuwar themes World War III

2008-07-13T00:22:00.002-05:00

The other day I was flipping through the channels on our satellite TV and stopped for a couple of minutes on a FOX news program. I just happened to be the Hannity and Colmes talk show. I was concerned when I heard them talk about the pros and cons of a possible conflict with Iran. With that said, I get email from friends and family about supporting our troops and I appreciate the messages and support the content.

I came across a virus warning from McAfee that talks about how the Storm worm authors are coming up with war themes in order to infect user computers. Watch out for subjects such as The beginning of The World War III, US Army crossed Iran's borders, US Army invaded Iran, US soldiers occupied Iran, USA unleashed war on Iran and War between USA & Iran. This is not a new virus, but it has been renamed "Nuwar" because it uses sensational war themes.

Unsuspecting users who follow the link in the spammed email are directed to a Storm bait page hosting a video that purportedly shows the first minutes of the beginning of WWIII. except that clicking o the video would download an infected program and virus.

Be careful about following links in any email, especially email from someone you don't know. There are Storm bait pages that can be blocked. I have a list of these pages for administrators that might want to block the page URL's. Send me some email with your request and I'll send the ones I know about to you.

As always, safe surfing,

Darrell Mishler

Sun Updates for Multiple Vulnerabilities

2008-07-11T15:13:00.000-05:00

The following is from the National Cyber Alert System - July 11, 2008

Sun Updates for Multiple Vulnerabilities

What to do:

Solution

Apply an update from Sun

Sun has released updates that fix these vulnerabilities. As illustrated on
the Java website, follow these instructions to update your version of
Java:
1. From the Start menu, open the Control Panel.
2. Click the Java icon to open the Java Control Panel. (If you do not see
the icon, Java is probably not installed on your computer.)
3. Select the Update tab and click the Update Now button. (If you do not
see an Update tab, your version of Java does not support updates, or you
must log in as an Administrator.)

We also recommend enabling Automatic Updates for Java. To enable Automatic
Updates, go to the Update tab of the Java Control Panel and select the
Check for Updates Automatically check box.

Leaving older versions of Java on your computer after the update could
expose you to security risks. You may want to remove the older versions by
following Sun's instructions.

If you need more details, view the CERT advisory at:

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

Safe surfing,

Darrell Mishler

The Browser Wars Loses a Player

2008-06-24T12:38:00.000-05:00

A once mighty competitor has decided to go into oblivion. Since just after its first release in October 1994 Netscape has been a household word in the computing world. At one point in time it commanded at least 80% market share.

Netscape was and is merely a teenager, just 14 years old and has now seen its last release. The final release distributed is 9.0.0.6 and will no longer be supported after May 1, 2008.

A little background:

Born in 1994 as Mosaic it became Netscape and was sold to AOL for around $9 billion dollars. By the time Internet Explorer and Netscape had reached the fourth generation it started losing market share. Today the market share of Netscape is less than 1%.

As of July 2003 AOL Mozilla (Mosaic and Netscape based browser) was allowed to become independent and Mozilla became an open source project into a non-profit organization. Since then Mozilla has become an active player in the browser wars.

As a web designer, one of the activities that I perform when building a web site is to make sure the web site views the same in a variety of web browsers. Now I won’t have to be testing with Netscape any more. I’ll still be testing with FireFox (Mozilla), Internet Explorer, Safari and Opera.

It’s time to bid a fond farewell to an application that allowed for the every day internet user and lay person to enjoy the experience of surfing the web.

Darrell Mishler

Automobile identity theft – watch our, your could be next

2008-06-11T20:21:00.000-05:00

After receiving several reports, I thought I would pass this along to you. There is a gas theft scam going on around the country that police agencies are warning about. Being forewarned is being forearmed.

This from the WJON Local News - Saint Cloud, MN. ST. CLOUD -- The St. Cloud police chief is warning you to check your license plates.

Dennis Ballantine says they've seen an increase in cases of people stealing license plates, and then using them to drive-off and not pay for their gas.

Ballantine says they've had six of these cases reported since April 15th.

He says you should check your plates every day, and if you notice that they are missing, contact the police department right away.

Madison Wisconsin has a similar warning on their NBC news station.

If you notice that you license plate is missing, report it to the Sheriffs office right away. If a gas station owner reports a gas theft with a license number, you will avoid a lot of innocent explaining.

Darrell Mishler

Adobe Product Security Incident Response Team (PSIRT): Potential Flash Player issue

2008-05-28T21:11:00.002-05:00

Direct reprint from Adobe - Posted by David Lenoe on May 28, 2008 11:09 AM

Adobe Product Security Incident Response Team (PSIRT): Potential Flash Player issue - update

Potential Flash Player issue - update

Here’s a quick update on our progress investigating the recent reports of a potential Flash Player exploit in the wild. The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0.
Darrell Mishler

LinkedIn Profile

M & D Creative Concepts LLC

Web Design Services

FTC Tightens Regulations on Spammers

2008-05-15T17:52:00.001-05:00

FTC responds to requests for comments on what needs to be done to enhance the CAN-SPAN act of 2003. There were over 30,000 responses that were sorted through, prioritized and evaluated. The results of what the FTC came up with enhance the nature of consumer protection and education.

Here are the items that have been changed (numbered items are taken from the FTC news release):

Four topics are addressed in the new rule provisions:

(1) An e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender.

According to this statement, all a person needs to do going forward is to send a reply to the spam message to be removed from the mailing list.

(2) The definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the act’s opt-out requirements.

A prime example is that of a credit card company that includes offers from stores and movie rental companies. The sender is the initiating source for the specific email message.

(3) A “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under U.S. Postal Service regulations to satisfy the act’s requirement that a commercial e-mail display a “valid physical postal address.”

The previous definition indicated that a business address had to be included with the email in order to identify a location of the entity sending the spam, this has been changed to allow for a USPS identified postal address. The address can now be a post office box or private residence.

(4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

This can be translated to an entity that is in the business of sending marketing material identified as spam.

Summary:

Reply to a spam email to be removed from a mailing list. There can not be a ghost sender for spam that is for a variety of offers, someone has to take responsibility. The sender can identify a valid USPS mailing address other than a just a specific business address and that a business can be identified rather than a specific person.

Darrell Mishler

Package delivery redirect fraud (Credit Card Fraud), Identity Theft

2008-05-11T11:15:00.001-05:00

Somehow, someway my credit card information found its way into the hands of evil. I heard from eCost.com, an online computer shop that someone ordered a computer and verified my “home address” as the deliver to address. What that evil person did not expect was that the eCost would double check the IP geography of the ordered from computer and the geography of my published home address IP location. The evil doer was using an IP from an upper western state and my published home address just happens to be in a mid-west state. Alarm bells went off for eCost and they called me using the telephone number verified with my credit card account. I denied the purchase and they canceled the order. I called my credit card company and reported the incident.

Another situation arose with another credit card; this one involved Dell. There was a $3000.00 computer purchase that was denied by Dell, another purchase of $49.00 and yet another for $99.00. When the fourth purchase was attempted, Dell contacted me and asked if I authorized these purchases. I denied the purchases and contacted that credit card company to report that one too.

Here is the process from what I can discover:

· A credit card number is captured and used to make a purchase
· The evil doer uses an email address other than the credit card holder for information on the purchase order
· The evil doer confirms the credit card holders delivery address
· When shipping conformation is delivered to the evil doers email a redirect, delivery intercept or reroute is ordered from the shipping carrier to cause the delivery of goods to another address (the evil doers)

Solutions to the aforementioned fraud

· Credit Card Company validates customer email address verification anything other than the email of the credit card holder will cause the charge to be denied
· Shipper to maintain an Opt-out of redirect or reroute capability
· Merchant checks the IP address of the order to validate the geography of the order placer and the card holder.

One of the problems that I have encountered is the lack of information that I have gotten from the merchants or credit card companies. I would like to be able to report this to my states attorney general and Sheriffs Office, but do not have the necessary details.

What can be done to protect credit card holders and businesses from this kind of identity theft and credit card fraud? Feedback and comments requested.

Darrell Mishler

Surrender your soul to Grayware?

2008-04-28T13:15:00.001-05:00

What is Grayware? By definition, Grayware is a general term sometimes used to classify applications that behave in a manner that is annoying. These applications aren’t designed to be evil or harmful, just bothersome. According to Wikipedia, The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

I was reading an article about social media and there was a warning about social media applications (widgets, toolbars and other types of downloadable software) passing information about you and your habits to “data collectors”. This information if gleaned from social networks such as Facebook, UTube and other sites that are membership sites where you publish information in a profile can be used to steal your identity.

Tracking user habits is one of the main reasons for Grayware, but it can also be used to capture specific information about the user, such things as name, address, age, sex, location and other interests.

Categories of Grayware:

Adware – usually embedded in freeware applications – load popups and deliver advertisements
Dialers – generally used to make long distance calls or premium 900 numbers to create revenue for a thief
Gaming – provide jokes or nuisance games
Joke – change system settings such as changing the system cursor or background image
Peer-to-Peer – perform file exchanges (illegally swap music, movies or other files)
Spyware – designed to track and analyze users activity and send that information back to the originator’s web site
Key Logger – capture keystrokes made on a keyboard (user id and password information)
Hijackers – reroute URL or destination addresses to malicious web sites or server
Plugins – activity tracker and reporter
Network management – change tools network settings, disrupt network security, firewall settings
BHO – Browser helper object – not all BHOs are or do contain Grayware but are often installed as a part of a software application
Toolbar – can be used to monitor web habits and send information back to the developer or sponsoring company
Download – down loaders allow other software to be downloaded and installed without the user’s knowledge

I have promoted anti-spyware in the past and will recommend once again. There are two popular applications that are available for home and personal use; Ad Aware 2007 and Windows Defender.

Darrell Mishler

Another new update from Firefox

2008-04-17T07:26:00.001-05:00

Due to a reported bug, Mozilla Firefox has issued another browser release. This one fixes a bug that allows for malicious Java scrip execution. If you have Firefox 2.0.0.13, you will need to download and install Firefox 2.0.0.14. Here is the link to the download. Just follow the instructions on the following page to download and install. You might have the automatic updater turned on in your options menu, so if you want to wait for the notification, that will work too.

Safari has the same vulnerability and should be updated - this is a browser primarily an Apple user web browser application but it runs on windows as well. Here is the link to the Safari download.

Once again, safe surfing,

Darrell Mishler

History comes around once again

2008-04-04T09:07:00.001-05:00

In the early days of virus and malware distribution, the most frequently used method of getting the infection into a persons computer was the “floppy disk”, that same methodology is being used today. The difference is that the media is now the USB thumb drive, flash drive or CD-ROM.

The bad guys are targeting your computer now through a major weakness in the Microsoft operating system settings. When a removable media like a thumb drive or CD-ROM are placed into a computer’s USB port or optical drive, respectively, a program can be automatically executed through the autorun.inf file. Windows’ AutoRun facility is programmed to see this file and execute whatever instructions are in it.

How do I avoid this security hole? There is a way to disable the AutoRun facility for the CD-ROM, but I would recommend that this be done by an experienced computer user because it involves changing a parameter in the registry. If you would like more information as to how this can be done, please send me some email and I can send you the process.

While it is possible to shut off AutoRun, iTunes prompts the user to turn it on, so music CDs automatically play when placed in the CD-ROM drive. Users don’t even think about the consequences and say yes. Additionally, it would be reasonable to consider iTunes a potentially dangerous application. The best advice is to have AutoRun shut off and don’t allow the iTunes prompt to automatically turn the AutoRun parameter back on.

A good example of a trusted resource for a CD is an installation from Quicken, Adobe, Microsoft or others respected software resources. If you know that the CD is not a bootlegged copy, be assured that there are protections in place. If you are in doubt or got the copy from your brother-in-law or co-worker, be careful.

To listen to a CD with iTunes with AutoRun turned off, open the iTunes application and import from the CD-ROM and play as usual.

Safe Surfing

Darrell Mishler

Password Reusability

2008-03-29T10:55:00.001-05:00

Oops – I don’t like to hear that I’ve not provided a strong enough password for the site that I’m enrolling in. I like it when I can use “my” password for every site that I visit – I don’t have to remember the combinations of letters, numbers and characters that are often required, consequently, I have one password that I use over and over again. Well, that’s pretty dumb, I’m sure you would agree.

I don’t like to have to carry around a notebook in order to write down the domains and passwords for every place that requires a password. I have post-it notes and 3X5 cards all over the place and when I need the Userid and password for this or that site, I have to search through all of the “important” stored (on my desk or in a drawer, under my keyboard, etc) for information to find the one that is current today – what a pain.

I’ve done some poking around on the internet once again to see if I can find a convenient way to deal with the situation.

Stanford Security Labs has come up with a solution – it’s called Password Hash. Password Hash is a downloadable browser application (FireFox, Internet Explorer and Safari) that will calculate and submit a password based on the web site (domain) and password that you use. It won’t change existing password information for you when you visit a site. You’ll have to go to the password change area and modify your password with the tool in order to have your password hashed.

One of the benefits of this kind of password security is that the hashed password is unique to the web site and password that you are viewing. What that means is – this will be invaluable when you click on a site from some email and it turns out to be a phishing web site. You see the domain of the phishing site can not be the same as the actual web site, voila, phishing protection.

I you happen to be viewing a web site that you have your password hashed for and are on another computer, you can visit pwdhash.com, enter the site domain name (example.com) and your password and get the hashed password to copy and paste into the password prompt for the site.

Visit the Stanford Security Lab at: http://crypto.stanford.edu/PwdHash/ for more information, select your browser type, download and start using the tool for more secure surfing on the world wide web.

Reference: PC World Article by Erik Larken

Darrell Mishler

Free Software - what can the cost really be?

2008-03-15T20:50:00.000-05:00

I was nosing around looking for something that hasn't been exposed to death and I found this report on the US Computer Emergency Readiness Team (US-CERT) - watch out for the "fine print".

By now you’ve heard all about computer viruses, Trojan horses, worms, identity theft, and phishing scams, and you’re taking the necessary steps to secure your computer and privacy when using the internet. One boring little item, however, can undo your good work—if you’re not careful.

That item is the end user license agreement (EULA) covering the software you use. These agreements themselves can’t harm you or your computer. In fact, EULAs can do just the opposite: they highlight things that can put you at risk. The harm comes from ignoring EULAs—and the subtle warnings they might contain—by blindly agreeing to their terms:

• Ignoring EULAs can expose your computer to security risks.
• Ignoring EULAs can put your privacy at risk.

For instance, a EULA might require you to allow the software publisher or a third party to collect information about your internet activity in exchange for use of the software.

This information could include not only the web sites you visit, but also information you supply in online transactions such as your name, address, credit card number, and items purchased. Once collected, the security of this information is out of your control (a fact highlighted by the number of recent, high-profile database attacks).

As this report reflects, make sure you are confident and trust the company that the software comes from before downloading and installing.

Safe Surfing,

Darrell Mishler

Ecard redirect to a malicious web site?

2008-02-22T05:45:00.000-06:00

We received email from a “scammer” the other day and I decided to pursue finding out if it was real or not. The scam email was supposedly sent from Hallmark, you know the greeting card company. What caught my attention first was the “Click on this link” to view your card. I looked at the email message and noticed that the email was cleverly crafted to have the look and feel of getting an actual notification from Hallmark. Alarms went off as I looked at the “click here” link.

The one thing I know from past Hallmark cards is that the return email address is always from the person that sent the card and not Hallmark – first clue – I have no idea who the sender is. Second clue – the way the link was created didn’t all the necessary combinations of letters and numbers that normally come with a Hallmark email.

After communicating my concerns with Hallmark their response is as follows:

“If you received a legitimate E-Card from Hallmark, the first line of the e-mail will tell you who has sent you the E-Card and the URL (Uniform Resource Locator) in the message of your e-card notification will begin with:

http://www.hallmark.com/ECardWeb/ECV.jsp?a+

That will be followed by characters that describe your individual E-Card.

If the clickable URL is an EXE file, then do not download it.”

The bottom line is; if you don’t know the sender and don’t recognize the format, delete the email. If you recognize the sender and still have concerns, contact sender and ask if they actually sent the email. Start with a new email message to that person.

Safe Surfing,

Darrell Mishler

Udate your Adobe reader.

2008-02-11T18:20:00.000-06:00

This came from a US-CERT Cyber Security Bulletin: Applications affected -

Adobe -- Acrobat Standard
Adobe -- Acrobat Reader
Adobe -- Acrobat 3D
Adobe -- Acrobat Professional

Problem description:

Multiple unspecified vulnerabilities in Adobe Reader before 8.1.2 have unknown impact and attack vectors.

I already had updated my Adobe Reader to 8.1.2 and only have that done because Adobe notified me that there was a later version available when I opened my copy of Adobe Reader. If you open Adobe reader and there is an update available, go ahead and let the update complete and install.

If you want to be proactive and update to the latest version, click on the button below:

As always, safe surfing,

Darrell Mishler

Valentines Day is quickly approaching.

2008-02-01T07:23:00.000-06:00

I was looking around for good information to pass on and I came across this and thought I would forward it to all of you love lorn folks out there.

Don't fall in love with the Storm Trojan horse, advises Sophos Malicious spam campaign may break your PC's heart

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a widespread email posing as a message of love which has been widely spammed across the internet in an attempt to install malicious code. The 'romantic' email campaign is currently accounting for eight percent, or one in every 12 emails seen by Sophos.

The gang behind the latest incarnation of the Dorf Trojan (also known as Storm) have deliberately spammed out a "romantic" email campaign, luring unsuspecting computer users to dangerous websites.

Subject lines used in the attack are many and varied, but all pose as a romantic message. Some of them include "Falling In Love with You", "Special Romance", "You're In My Thoughts", "Sent with Love", "Our Love Will Last", "Our Love is Strong", "Your Love Has Opened", "You're the One", "A Toast My Love", and "Heavenly Love".

The body of the email contains a link to an IP-address based website, which is actually one of the many compromised PCs in the Storm botnet. The website displays a large red heart, while installing malware onto the vistors' PC.

An image of a heart opens while the malware and malicious code is being downloaded to your computer.

Once again, please don't open an email or attachment if you don't know the sender.....

Safe Surfing,

Darrell Mishler

Watch out if you're using AOL

2008-01-14T11:39:00.000-06:00

This just came in from the National Cyber-Alert System,

Take a look at this alert. Be careful when you are changing or modifying parts or elements in the registry. If you are in doubt, take a look at the

National Cyber-Alert System
Vulnerability Summary CVE-2007-6250
Original release date: 1/9/2008
Last revised: 1/10/2008
Source: US-CERT/NIST

AOL Radio AOLMediaPlaybackControl.exe stack buffer overflow

Overview

The AOL AOLMediaPlaybackControl application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

AOL includes an ActiveX control called AmpX, which is used with AOL Radio for streaming audio in web pages. The AOL AmpX ActiveX control, which is provided by AmpX.dll, uses a program called AOLMediaPlaybackControl.exe. The AOLMediaPlaybackControl application contains a stack buffer overflow that is exploitable via the AmpX ActiveX control's AppendFileToPlayList() method.

II. Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.

III. Solution

Apply an update

This vulnerability is addressed in an unspecified automatic update provided by AOL, which removes the AmpX control and AOLMediaPlaybackControl.exe. The AmpX ActiveX control version 2.6.2.6 also prevents the buffer overflow vulnerability in AOLMediaPlaybackControl.exe from being reached. This update is also available as a manual install as the Unagi update. If you are unable to apply an update, please consider the following workarounds

Disable the AmpX ActiveX control in Internet Explorer

The ActiveX control associated with AOLMediaPlaybackControl.exe can be disabled in Internet Explorer by setting the kill bit for the following CLSIDs:

{B49C4597-8721-4789-9250-315DFBD9F525}
{FA3662C3-B8E8-11D6-A667-0010B556D978}

More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for these controls:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B49C4597-8721-4789-9250-315DFBD9F525}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA3662C3-B8E8-11D6-A667-0010B556D978}]
"Compatibility Flags"=dword:00000400

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document.
Systems Affected
Vendor Status Date Updated
America Online, Inc. Vulnerable 11-Jan-2008

As always, safe surfing,

Darrell Mishler

Scams reported to the FBI and investigated.

2007-11-27T17:50:00.000-06:00

I was doing some research on a report of a telephone scam that involves fraudulent requests for information based on a “Jury Duty” failure to appear. I seems that the caller tries to bully the unsuspecting victim into giving up their social security number and other important private information so they can have a “bench warrant” rescinded for failure to appear. This telephone scam has been reported by the FBI and can be reviewed at: http://www.fbi.gov/page2/june06/jury_scams060206.htm .

I looked it up, it’s from June 2006. Good information provides the best defense against this kind of scam. Ask the caller if you can call the local court jurisdiction in order to verify the “bench warrant” and the caller will generally go away.

I found another more recent scam that is using email as it’s delivery mechanism.. From the FBI web site January 2007.

A new scam cropping up in e-mail boxes across the country is preying not on recipients’ greed or good intentions, but on their fears. The scam e-mail, which first appeared in December, threatens to kill recipients if they do not pay thousands of dollars to the sender, who purports to be a hired assassin.

“This is a hoax, so do yourself a favor and don’t respond,”

In one case, a recipient responded that he wanted to be left alone and threatened to call authorities. The scammer, who was demanding an advance payment of $20,000, e-mailed back and reiterated the threat, this time with some personal details about the recipient—his work address, marital status, and daughter’s full name.

For more information on scams, visit our Common Fraud Schemes page. IC3 also has information on Internet crime schemes and prevention tips. (FBI’s Internet Crime Complaint Center (IC3) – just so you know what the acronym means)

To report Internet crime, contact IC3 or your local FBI field office.

As always, safe surfing,

Darrell Mishler

mndcreativeconcepts store

demphoto site and amazon store

Gourmet Wild Rice

Motreasures

Auction software has flaws, be careful.

2007-11-17T14:29:00.000-06:00

Hi again,

I was doing some poking around for something new to talk about and came across the National Vulnerability Database. I found information that might be valuable to online auction participants and thought I would share it with you.

The National Vulnerability Database has identified a vendor of auction, banner exchange, link and ad management as having a flaws ranging from medium to high. To be brief, the SoftBiz suite of products has been identified to have serious security gaps. I haven’t contacted SoftBiz directly, but there are references to the problem areas in the NVD. The references follow.

Please be careful where you do your business. I’m sure this is an oversight and will be corrected soon, but the SoftBiz web site says that they have over 3000 applications and installations. This is from their web site faq:

“We have an experience of powering 3000+ web sites with our scripts. We have been improving our scripts over the years now. So, you can trust our technical skills. If you ever face any bug in the script, we will correct it for you free of cost. You do not have to wait for any patch to be released. Just notify us the problem and we will correct it as our highest priority. This can be offered only by an organization with full confidence on its script. We fully back our scripts and clients.”

As always, safe surfing,

Darrell Mishler

mndcreativeconcepts store

demphoto site and amazon store

Gourmet Wild Rice

CVE-2007-5999 (Softbiz Auctions Script)
Publish Date: 11/15/2007 CVSS Severity: 7.5 (High)
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-5998 (Ad Management plus Script)
Publish Date: 11/15/2007 CVSS Severity: 6.5 (Medium)
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.

CVE-2007-5997 (Banner Exchange Network Script)
Publish Date: 11/15/2007 CVSS Severity: 6.5 (Medium)
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

CVE-2007-5996 (Link Directory Script)
Publish Date: 11/15/2007 CVSS Severity: 7.5 (High)
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.

Identity theft victim's statement of rights

2007-09-16T10:25:00.000-05:00

Several federal laws protect victims of identity theft. These laws have to do with documenting the theft; dealing with credit reporting companies; dealing with creditors, debt collectors, and merchants; and limiting your financial losses caused by the theft of your identity.

This last week my sister forwarded an email to me relating to self protection from identity theft and it's been a great article for a quite a while now. In that article there are some great ways to protect yourself and recover from identity theft.

First, know what's in your wallet or purse, make copies of both sides of your credit cards, forms of identification and social security card. Know where and how to contact the credit organizations and keep the telephone numbers of them, your bank and other public and police agencies handy.

Know your rights, visit the Federal Trade Commissions explanation of your rights and review the page that describes these in detail.

Once again, safe surfing,

Darrell Mishler

Huh - what's a rootkit ???

2007-08-09T23:06:00.000-05:00

This week, Symantec published an article about “rootkits” and I thought I would expand a little in order to help you understand what the term means and what the impact is on your personal computing.

By definition from Wikipedia, a rootkit is:

“A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Apple Macintosh, Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.”

The primary purpose of a rootkit is to provide access to a “backdoor” into the computer system that it’s installed on. If the computer is a part of an enterprise system, the rootkit will by its nature allow an intruder access to the entire network.

The best protection that you can have in order to prevent a rootkit being installed on your computer or system is to make sure your anti-virus definitions are constantly updated. Schedule them to update when ever you turn on your computer.

If you should become infected with a rootkit, the surest way to resolve the infection is to re-install the operating system. If you have access to ghosting software, make sure it’s run at least once a month in order to have a backup copy of the files on your system that you want to keep.

As always, safe surfing,

Darrell Mishler

Is there strength in your password???

2007-07-15T22:28:00.000-05:00

One of the things that you need to think about from time to time is the strength of your password. I manage passwords for an organization and am always aware of the passwords that people ask to have created for them. Some will ask for suggestions and some of the ones that are the best are at least 8 characters long, have a non-standard character included and are a mix of numbers, lower and upper case letters. Here are a couple of examples that are kinda fun:

Wh0kn0ws - that is replacing the o's with zeros
ID0ntkn0w - mixed upper and lower cases with zeros
N0tOffhand - mixed upper and lower cases with a zero

There is a site that will give you an opportunity to test the strength of your password. Visit the Microsoft password checker site and just plug in your current or future password to get an idea of it's strength.

As always, safe surfing,

Darrell Mishler

New updates from Microsoft.

2007-07-10T19:35:00.000-05:00

It's been a while since I shared with you. Most of the notices I've seen lately have been for virus's, worms and trojans with little impact and if you have updated your definitions regularly, which I know you have been, you have protected yourself, but here's another announcement that just came out today that should be of interest.

"SEATTLE (AP) - Microsoft Corp. (MSFT) published six security fixes - half of them rated "critical" - in its regularly scheduled software update Tuesday.

The three patches with the company's most severe rating are designed to prevent malicious hackers from remotely taking control of computers without permission.

One of the updates targets a vulnerability in the company's spreadsheet program, Excel, that could let hackers break into a PC if its user opened a tainted spreadsheet.

Microsoft also addressed critical holes in its .NET Framework, a massive library of computer code that is part of its newest operating system, Windows Vista, and versions of Windows XP, Windows 2000 and Windows Server 2003.

The third critical update is intended to prevent attacks on Windows 2000 Server and Windows Server 2003.

The company also released patches with less urgent security ratings for the firewall built into Windows Vista, and for Microsoft Office Publisher 2007 and Windows XP Professional.

PC users can visit Microsoft's security Web site to download updates, or sign up for an automatic security update program."

Once again, safe surfing,

Darrell Mishler

Worm threat Trojan.Peacomm

2007-04-13T05:28:00.000-05:00

This just in from Symantec, another worm to be aware of.. It comes in the form of spam.

As of April 12, 2007, Symantec Security Response is monitoring a massive surge of email spam containing the threat Trojan.Peacomm (also known as the Storm Trojan). This spam campaign is one of the largest identified in recent months. This threat was originally discovered in January 2007 but has been repackaged in this particular spam surge.

Symantec suggest steps to help prevent this type of contagion:

To reduce the possibility of being affected by the latest version of Trojan.Peacomm, Symantec Security Response advises users to do the following:

Keep antivirus signatures and antispam updated.
Never click on attachments or web links from unsolicited emails.
Regularly apply security patches and updates to all major software installed on the computer.
Use a security solution that contains antivirus and client firewall technologies, such as Norton 360 for home and home office users and Symantec Client Security for Small Businesses and Enterprises, to protect against today's known and tomorrow's unknown threats.

There are a lot of antivirus programs available, be sure you have the one that works best for you and keep your definitions current.

Safe Surfing,

Darrell Mishler

Another critical update from Microsoft.

2007-04-03T23:06:00.000-05:00

Here's another critical update from Microsoft:

Microsoft Security Bulletin MS07-017

Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

Published: April 3, 2007

Version: 1.0

Summary

Who Should Read this Document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately

Security Update Replacement: This bulletin replaces a prior security update. See the Frequently Asked Questions (FAQ) section of this bulletin for details.

Caveats: Microsoft Knowledge Base Article 925902 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 925902

Tested Software and Security Update Download Locations:

Affected Software:

•	Microsoft Windows 2000 Service Pack 4 — Download the update
•	Microsoft Windows XP Service Pack 2 — Download the update
•	Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 — Download the update
•	Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2 — Download the update
•	Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems — Download the update
•	Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 — Download the update
•	Windows Vista — Download the update
•	Windows Vista x64 Edition — Download the update

Download the update for your operating system and follow the on screen instructions.

Safe Surfing,

Darrell Mishler

www.motreasures.biz
www.mndccnetwork.com

Are you current with your Microsoft patches and fixes?

2007-03-18T13:59:00.001-05:00

I have a new computer (well Christmas new) and have been conscientious about keeping my operating system and office applications up to date, but yesterday I decided to check once again for patches and fixes available for Windows XP Pro and MS Office.

To my surprise, there were 15 patches that dealt with such issues as closing security holes in my Office applications as well as an upgrade to the SP (service pack) 2 installation.

Make sure you automatic updates are turned on and working and you won't run into this kind of a surprise.

Once again, safe surfing,

Darrell Mishler

Protect yourself from online tax fraud!!!

2007-03-11T12:07:00.000-05:00

Once again, there is a lot of fraud on the internet, especially this time of year. The following are good steps to take to avoid tax fraud scams and protect yourself. The article is reproduced from Microsoft.com.

If you file your taxes over the Internet, it's important to remember some common-sense rules about protecting your privacy and helping to prevent identity theft.

The information in your return contains everything that an unscrupulous third party needs to steal your identity, file tax returns on your behalf, steal your refund, and more.

How to recognize and avoid scams

There are many scams associated with filing your taxes. To help avoid some of the more common scams, you should:

Be realistic. If it sounds too good to be true, it probably is. From companies that promise to file your taxes for free, to Web sites that claim you don't have to pay income tax because it's unconstitutional--keep an eye out for deliberately misleading statements.

Be informed. Before you file your taxes online, spend a little time at the Web site for the Internal Revenue Service (IRS). Familiarize yourself with how to use the Internet to file your taxes, and with how the official IRS Web site looks.

Never respond to unsolicited e-mail offers or requests for information. The IRS does not use e-mail to communicate any personal information, and legitimate tax-preparation companies should not approach you with unsolicited e-mail.

These messages are most likely identity-theft phishing scams. For more information, read Recognize phishing scams and fraudulent e-mail.

Choose your tax-preparation software with care. Ask people you trust for software recommendations. For more information about e-file partners and tax software, visit the IRS e-file Partners for Taxpayers page.

Seek the advice of the IRS or a trusted tax professional before you participate in any tax-reduction scheme. Many offers to greatly reduce or eliminate your income tax payments are false.

If you try to take advantage of these so-called tax "opportunities," you could be wasting your money and committing a crime.

For a list of common scams that have been reported to the FBI in recent years, see IRS Announces "Dirty Dozen" Tax Scams for 2006.

What to do if you suspect online tax fraud

If you think there's another person using your Social Security number to file income taxes, call the Social Security Administration at (800) 772-1213.

If you suspect a company or an individual of committing tax fraud or not obeying tax laws, call the IRS at (800) 829-0433.

To find out how to report a specific abuse, see Reporting Abusive Shelters, Fraud & Unscrupulous Tax Preparers.

For more information about reporting a general crime of online fraud, see What to do if you're a victim of fraud.

Darrell Mishler

Another reason to not click on unknown links!

2007-02-28T22:05:00.000-06:00

Today, I got three alerts from Computer Associates that described vulnerabilities with Internet Explorer. The vulnerabilities talk about the possibilities of hackers being able to "insert" code to expand or create a denial of service attack using your personal computer.

This statement is included in all of the warnings:

"An attacker can persuade users to open a malicious link to cause a denial of service condition."

The previous statement re-enforces the need to not click on links that are not from a reliable person or resource. Please be careful when you click on a link in email. If the email is not from someone or somewhere you expected it to be, just be safe and delete the email.

This risk is considered high and wide spread. Be careful.

Safe Surfing,

Darrell Mishler

No call list???

2007-02-23T18:29:00.000-06:00

I just got an email newsletter from my friend and real estate agent and he passed along some great information that you could find very useful. If you registered for the national do-not-call list over 5 years ago, it's time to refresh your listing.

Here are his comments:

I imagine most of you have registered for the Federal Do Not Call list by now. When you registered do you remember that registration was only for five years? Now would be a good time to review that you are still on the list, and what your expiration date is. When you expire telemarketers consider you fair game once again, and it can take 31 days after renewal to have them stopped. For that reason it is a good idea to renew BEFORE you expire.

The process is simple...just go to www.donotcall.gov and check out your numbers. Be aware that you can now register cell numbers as well.

I know that adding his business card is a blatant plug, but if you are looking for an honest and hardworking real estate agent, I sincerely recommend Jerry.

Darrell

Safe Surfing,

Darrell Mishler

E-Card for Valentines?

2007-02-10T10:29:00.000-06:00

Here's a little common sense when it comes to the e cards that you might get for Valentines or any other occasion. This is from an article found on Microsoft Security at Home web site and it's well worth the read.

How to send and receive e-cards more safely

How do e-cards work? For the most part, they are created the same way Web sites are; in other words, they are built on the Internet just like this page. So when you send someone an e-card, you are actually giving them a link to click on, which takes them to the online greeting card you created for them to enjoy.

Unfortunately, hackers, scam artists, and porn purveyors have started to move into e-card territory to trick the unwary.

No one knows how many illegitimate e-cards are being sent, but a variety of problems—some annoying, others potentially destructive—may stem from fake e-cards. A wholesome-looking greeting card, once clicked or downloaded, might actually be:

•	Spam or a spyware installer that displays pornography or other unwanted images on your desktop, launches adult-oriented Web sites, or barrages you with pop-up ads (even when you aren't on the Internet).
•	A computer virus that scans your e-mail addresses and then sends a bogus e-card to your personal and professional contacts—typically without your knowledge. The fake e-card and virus may even appear to be from you.

Don't fret, though. With a little knowledge and prudence, you can avoid fake e-cards and enjoy legitimate ones by applying the same caution you would use with any piece of e-mail you receive.

Safe Surfing,

Darrell Mishler

Microsoft office remote code execution flaw exposed.

2007-02-05T21:35:00.000-06:00

This just in from Microsoft - there is an issue with a remote user being able to take advantage of one of the markup language translators (tech term) and gain control of you computer. A malicious user would be able to access your computer, take over users permissions, make changes and run programs. The threat level for this issue is critical and Microsoft warns to update the corrected software as soon as possible.

Here is Microsoft's threat assessment and description:

Summary

Who Should Read this Document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately

Two suggestions / recommendations:

1. Make sure your automatic updates are turned on and scheduled to run while your computer is turned on. Locate the automatic updater by clicking on the start menu, control panel and Security Center. You can view the settings there for automatic updates and other security considerations for your computer.
2. Download and install the update from Microsoft manually. Surf to the Microsoft Security Bulletin Center, locate the download and when it's done downloading, double click on the downloaded file to install. Follow the on screen directions. Generally for Windows XP with Service pack 2 the download link is:

Microsoft Windows XP Service Pack 2 — Download the update

Once again, safe surfing,

Darrell Mishler

Necessary tools to keep you safe...

2007-02-02T21:07:00.000-06:00

There are three elements to keeping your personal computing safe. At least these are the minimum in todays internet environment. The three things that you need to have in place are an anti virus program, an adware identification and removal program and a fire wall. There are a lot of options for anti virus and a couple of options for adware programs. I have identified a couple that are free for personal home use. If you are in a commercial environment, you'll have to subscribe to another form of protection.

For home / personal use, there is still on excellent anti virus program that is still free. The free version of AVG anti virus can be found by visiting Grisoft.com. It can be optioned to check for virus definitions every time you turn you computer on or connect to the internet.

Another consideration is unwanted ads and adware being unknowingly installed on your computer, there is a free adware program available from LavaSoft. This is another excellent free application that can be updated with definitions at any time. It's a good practice to scan your computer at least once a week for unwanted adware programs installed.

The other thing that needs to be checked is if you have Windows XP, make sure your firewall is activated. If it isn't, you would probably get a warning and a clickable link to the location to turn it on. In the event you want to check for yourself navigate to: click Start, click Control Panel, and then double-click Windows Firewall. There is a lot more information available from you help menu - just search for firewall to get a lot more details.

This is just a reminder of what you probably already know.

Safe Surfing,

Darrell Mishler

Troj/Dorf-Fam - Trojan - Sophos threat analysis

2007-01-20T21:45:00.000-06:00

Two in one day. This was reported just a couple of hours ago via a broadcast warning. This is a widely spread Trojan. Please make sure you have updated your anti-virus definitions. For a more detailed analysis of this virus, please click on the following link.

Troj/Dorf-Fam - Trojan - Sophos threat analysis

Safe Surfing,

Darrell Mishler

From Symantec Security !!

2007-01-19T20:52:00.000-06:00

I just got this in from Symantec and it's a good one for all to be aware of. It's been a while since I posted one of these notices and it's always a good time to remind you not to open attachments from unknown parties.

Darrell

As of January 19, 2007, Symantec Security Response is advising users to be cautious of any unsolicited email which contains attachments that claim to be legitimate or interesting, due to a recent trojan horse named Trojan.Peacomm. The Trojan horse arrives as an attachment to an email purporting to contain a video of one of several different recent news stories. The attachment may be one of the following: FullVideo.exe, FullStory.exe, Video.exe, ReadMore.exe, FullClip.exe.

The attachment is actually a trojan horse that will install itself on the system and download other malicious programs from various computers on the Internet. The attachment and the trojan horse it contains will be detected as Trojan.Peacomm. Other malicious programs that are commonly downloaded by this threat include Trojan.Abwiz.F and W32.Mixor.Q@mm.

Once installed and running, this threat attempts to establish communication with other infected systems on the Internet via a custom peer-to-peer network. This network is used as the distribution source from which the other malicious programs are downloaded.

The only thing that I have to add is to update your definitions and download the files from your anti virus programs to be protected.

Darrell Mishler

Deter. Detect. Defend. Avoid ID Theft

2006-12-29T20:13:00.000-06:00

Hi all,

It's been a quite a while since I posted to the MnD Security Communications Blog, so I thought that with the Holiday season in full swing that I would talk a little bit about identify theft. Here's an excerpt from the FTC's Identity Theft Web Site, please take heed...

Darrell

Deter. Detect. Defend. Avoid ID Theft: "If you think your identity has been stolen, here's what to do:

Contact the fraud departments of any one of the three consumer reporting companies to place a fraud alert on your credit report. A fraud alert tells creditors to follow certain procedures before open any new accounts...
more

Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit (PDF, 56KB) when disputing new unauthorized accounts...
more

File your complaint with the FTC. You may print a copy of your complaint to provide important standardized information for your police report...
more

File a report with your local police or police in the community where the identity theft took place. Give the police a copy of your FTC ID Theft complaint form. Get a copy of the police report (or, at least, the police report number)…
more"

Safe surfing,

Darrell Mishler
www.mndcreativeconcepts.biz
www.motreasures.biz
www.demphoto.biz
www.wild-rice.biz

Troj/Cimuz-AS - Spyware Trojan - Sophos threat analysis

2006-09-12T11:22:00.001-05:00

There are a lot of virus's, worms and trojans running around the internet these days. It seems like there are more than ever. I see 20 or more reports of current security issues daily. Normally I don't report them to you because that is very little penetration in the wild (you world)

Here's one that has just been brought to my attention and it's a wild one that tries to capture key strokes and open a back door into your computer. Just make sure you are aware and have your definitions updated. If there isn't a new definition file ready for an update, please check back with your anti-virus provider frequently for a new one.

Safe Surfing,

Darrell Mishler
www.mndcreativeconcepts.biz
www.toasa.biz
www.demphoto.com

Troj/Cimuz-AS - Spyware Trojan - Sophos threat analysis

Troj/Cimuz-AS - Spyware Trojan - Sophos threat analysis

2006-09-12T11:22:00.000-05:00

Another spam tactic and it's larger impact!

2006-06-28T22:16:00.000-05:00

I found this on one of the Internet news sources and thought I would share it with you. Safe surfing,

Darrell
www.mndcreativeconcepts.biz
www.toasa.org

Spammers Turn to Images to Fool Filters

Jun 28, 5:31 PM (ET)

By ANICK JESDANUN

NEW YORK (AP) - Spammers are increasingly sneaking their messages past e-mail filters by sending their pitches as images rather than text, spam experts say.

The images fool some filters because they have no easy way of knowing whether a graphical file contains an innocent photograph of a friend's birthday party or embedded text pitching Viagra or a company's stock.

The development marks yet another escalation in the battle between spammers and filter developers: As software gets smarter at detecting junk, spammers get smarter at fooling the filters.

Until last year, the use of image spam has been in decline as anti-spam filters figured out how to detect it - often by applying a mathematical formula to known spam images and generating a unique signature that software can use to flag junk, said Craig Sprosts, senior product manager for anti-spam vendor IronPort Systems Inc.

But earlier this year, tools began circulating among spammers to automatically vary images ever so slightly - a change in color here, a slightly larger border there. That changes the signature, helping it escape detection.

"If you are trying to fingerprint that image, it appears different every time," said Dmitri Alperovitch, principal research scientist at anti-spam vendor CipherTrust Inc.

Since April, IronPort has seen a 40 percent increase in image spam sent to so-called "honeypot" accounts set up solely to attract junk messages for analysis. IronPort and CipherTrust both say that image spam now accounts for 15 percent of all spam, up from 1 percent earlier in the year.

Image spam can also tax e-mail systems because each message is about 7.5 times larger than regular spam, Sprosts said.

Watch out for Beagle-Zip

2006-06-27T12:08:00.000-05:00

I just received a warning about the worm Beagle-Zip. Make sure you have updated your anti-virus definitions, this worm is making it's way around the internet and there have been a lot of reports of it infecting PCs and Laptops.

The nature of this worm is to use your email list and propogate itself.

Once again, please update your definitions as soon as possible.

Darrell
www.mndcreativeconcepts.biz
www.toasa.org

Just because I've updated my definitions...

2006-02-15T14:00:00.000-06:00

Hi all,

I wanted you to know that there is another variant of Bagle the worm out there and it's hit a bunch of computers. I know that you have inocculated against Bagle in the past, your definitions have to be updated to include the newest variants that are being distributed in the "wild".

Here are some of the details to be aware of:

Date: 15 February 2006

Sophos has issued protection for W32/Bagle-CO.

Sophos has received several reports of this worm from the wild.

I just checked with Symantec and they are saying the same thing. Even if you have your definitions scheduled to update when you turn your computer on in the morning, check for updates after you get this. Better to be safe than sorry.

Safe Surfing,

Darrell Mishler

dmishle@gmail.com

M & D Creative Concepts

M & D Creative Concepts Store

demphoto on Overstock

Gourmet Wild Rice

M&D's Firemountain Classified Ads

TOASA Member

Just Be Good To Yourself

Another Credit Card Scam !!!

2006-01-14T13:07:00.000-06:00

Here’s another credit card scam that one of the members of this list brought to my attention – another one to watch out for!!

This one is pretty slick since they provide YOU with all the information, except the one piece they want.

WARNING...New Credit Card Scam.

Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA &MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.

One of our employees was called on Wednesday from "VISA", and I was called on Thursday from "MasterCard".

The scam works like this: Person calling says, "This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona?"

When you say "No", the caller continues with, "Then we will be issuing a credit to your account.

This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"

You say "yes". The caller continues - "I will be starting a Fraud investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security.

You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again?"

Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers' that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card.

The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card.

Do you have any other questions?" After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.

You actually say very little, and they never ask for or tell you the Card number.

But after we were called on Wednesday, we called back within 20 minutes to ask a question.

Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.

Long story made short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card . Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost to late and/or more difficult to actually file a fraud report. What makes this more remarkable is that on Thursday, I got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.

This is a good forum to share this kind of information, thank you Roy, keep up the good work....

Darrell Mishler

dmishle@gmail.com

M & D Creative Concepts

M & D Creative Concepts Store

demphoto on Overstock

Gourmet Wild Rice

M&D's Firemountain Classified Ads

TOASA Member

Just Be Good To Yourself

Here's a Phishing story!

2006-01-14T11:06:00.000-06:00

Here’s a Phishing story for you to consider!

I got this the other day in my email inbox and had to laugh – they think they are being slick – it is “good looking” and looks official, but I have never had an account with anyone or anything like the Credit Union National Association. That was the first clue.

Here is the message in full:

Credit Union National Association
Dear Credit Union Member,
During our regulary schedule account maintenance and verification we have detected a slight error in your billing information on file with CUNA. This might be due to either following reasons:

A recent change in your personal information (i.e. change of address)

Submitting invalid information during the initial sign up process.

An inability to accurately verify your selected option of payment due an internal error within our processors.

Your credit card on file with CUNA:
Card number: XXXX-XXXX-XXXX-XXXX (Not shown for security purposes) Expiration date: XX/XX

Please update your billing information here:

http://update.cuna. - - - - Update.htm (I disabled the link! – Darrell)

If your account information is not updated, your credit/debit card access will become restricted.

Thank you.
Credit Union National Association, Inc.

Something to be on the lookout for,

Darrell Mishler

dmishle@gmail.com

M & D Creative Concepts

M & D Creative Concepts Store

demphoto on Overstock

Gourmet Wild Rice

M&D's Firemountain Classified Ads

TOASA Member

Just Be Good To Yourself

Print Story: Critical Flaw Detected in Windows Metafile on Yahoo! News

2005-12-30T14:10:00.000-06:00

This article was passed to me from my designated significant other (in other words - wife). She and I are dedicated to providing current and meaningful information to all that read our blog.

Print Story: Critical Flaw Detected in Windows Metafile on Yahoo! News: "Critical Flaw Detected in Windows Metafile

Jay Wrolstad, newsfactor.comThu Dec 29, 4:10 PM ET

A vulnerability has been discovered in Microsoft Windows that allows hackers to remotely access PCs and install malware through an imaging-handling technology in the operating system.

Microsoft acknowledged the release of exploit code that could allow an attacker to execute arbitrary code when someone visits a Web site that contains a specially crafted Windows Metafile (WMF) image. Security authority Secunia labeled the vulnerability 'extremely critical.'

Malicious Graphics Files

WMF images are graphical files that can contain both vector and bitmap-based picture information. Microsoft Windows contains routines for displaying such files, but a lack of input validation in one of these routines may allow a buffer overflow to occur, which in turn may allow remote code execution.

The vulnerability can also be triggered from the Internet Explorer browser if the malicious file has been saved to a folder and renamed to other image file extensions such as '.jpg,' '.gif,' '.tif,' and '.png.' It has been detected on a patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 systems also are affected.

Microsoft vowed to investigate the vulnerability and to provide a security update when it becomes available. Customers who believe they may have been affected may contact the company's Product Support Services.
________________________________________________________________

As always, don't click on links that are included in emails from people you don't know, or if you get an unexpected email from someone.

As always, safe surfing,

Darrell Mishler

dmishle@gmail.com

M & D Creative Concepts

M & D Creative Concepts Store

demphoto on Overstock

Gourmet Wild Rice

M&D's Firemountain Classified Ads

TOASA Member

Just Be Good To Yourself

Just in case you missed the last post about the Sober virus, read on.

2005-12-19T09:04:00.000-06:00

This is an excerpt from another article in CNET. This reiterates the need to add the list of addresses to be blocked. If you have a software or hardware firewall, these should be added to your list of blocked addresses to send email to. Another way to protect yourself is to download the latest definitions for your antivirus program and run it several times a week.

Security Watch: The next Sober virus attack - CNET reviews: "Prevention
It's important to note that your PC must already be infected with Sober before it becomes a foot soldier in this expected January 5 assault. No infection, no participation. So clean your desktop computer now. For corporate systems, it's also important to create firewall rules that block IP requests to the January 5 addresses. According to F-Secure, the addresses to be contacted on January 5, 2006, include:

home.arcor.de/dixqshv/
people.freenet.de/wjpropqmlpohj/
people.freenet.de/zmnjgmomgbdz/
people.freenet.de/mclvompycem/
home.arcor.de/jmqnqgijmng/
people.freenet.de/urfiqileuq/
home.arcor.de/nhirmvtg/
free.pages.at/emcndvwoemn/
people.freenet.de/fseqepagqfphv/
home.arcor.de/ocllceclbhs/
scifi.pages.at/zzzvmkituktgr/
people.freenet.de/qisezhin/
home.arcor.de/srvziadzvzr/
people.freenet.de/smtmeihf/
home.pages.at/npgwtjgxwthx/

At present, these addresses have not been registered. All correspond to free Web host sites in Germany and Austria. Assuming they are real, someone will have to register these addresses before January 5, 2006. Perhaps the individuals responsible will be dumb enough to give away enough personal information to lead to their arrest."

Just bringing this to your attention once again.

Safe Surfing,

Darrell Mishler

dmishle@gmail.com

M & D Creative Concepts

demphoto on Overstock

Gourmet Wild Rice

M&D's Firemountain Classified Ads

Just Be Good To Yourself

Troublesome Sober has been figured out!

2005-12-09T15:57:00.000-06:00

I got this from CNET just this afternoon. It's a little cryptic, but what it says is that if you can block a few web site addresses in your restricted area in order to not be a part of the "sober network of infected computers". Go to your control pannel, internet options, security tab and restricted sites. From there you will be able to add the following urls:

http://people.freenet.de/gixcihnm/
http://scifi.pages.at/agzytvfbybn/
http://home.pages.at/bdalczxpctcb/
http://free.pages.at/ftvuefbumebug/
http://home.arcor.de/ijdsqkkxuwp/

They will be deemed in-accessable from your computer.

The following is a copy of the article from CNET:

Antivirus companies say they have cracked an algorithm that was being used by the Sober worm to "communicate" with its author.

The latest variant of the Sober worm caused havoc in November by duping users into executing it by masking itself as e-mails from the FBI and CIA. Antivirus companies were aware that the worm somehow knew how to update itself via the Web. The worm's author programmed this functionality to control infected machines and, if required, change their behavior.

On Thursday, Finnish antivirus firm F-Secure revealed that it had cracked the algorithm used by the worm and could now calculate the exact URLs the worm would check on a particular day.

Mikko Hypponen, chief research officer at F-Secure, explained that the virus author has not used a constant URL because authorities would easily be able to block it.

"Sober has been using an algorithm to create pseudorandom URLs which will change based on dates. Ninety-nine percent of the URLs simply don't exist...However, the virus author can pre-calculate the URL for any date, and when he wants to run something on all the infected machines, he just registers the right URL, uploads his program and BANG! It's run globally on hundreds of thousands of machines," Hypponen wrote in his blog.

According to F-Secure's calculations, on Jan. 5, 2006, all computers infected with the latest variant of Sober will look for an updated file located in a list of domains, including:

http://people.freenet.de/gixcihnm/

http://scifi.pages.at/agzytvfbybn/

http://home.pages.at/bdalczxpctcb/

http://free.pages.at/ftvuefbumebug/

http://home.arcor.de/ijdsqkkxuwp/

Hypponen advised administrators to ensure any infected PCs can't upgrade automatically by blocking access to the domains.

Adam Biviano, premium services manager at Trend Micro, said that blocking the URLs could be beneficial, but the safest bet would be to ensure that PCs are safe.

"Blocking those URLs is not a bad idea but administrators need to make sure their machines are not infected in the first place," Biviano said.

As always, safe surfing,

Darrell Mishler

Save an additional $5 off a

Fancy Foods Gourmet Gift Basket;

now only $44.99! (Exp. 12/15)

M & D Creative Concepts

Demphoto

Wild Rice

UPDATE Your Definitions - Sophos virus analysis: Troj/Danmec-F

2005-12-05T16:16:00.000-06:00

I just got notification of this via my email alerts. There are several reports of this coming into the anti-virus and I wanted to notify you as soon as possible update your definitions. Even if you aren't sceduled until the next time you restart your computer, check and see if an update to your definitions are available.

The link below provides a description of this Trojan and lets you know how it behaves if you are interested.

Sophos virus analysis: Troj/Danmec-F

As always, safe surfing,

Darrell Mishler

Save an additional $5 off a

Fancy Foods Gourmet Gift Basket;

now only $44.99! (Exp. 12/15)

M & D Creative Concepts

Demphoto

Wild Rice

Got an email from a friend with a question

2005-11-21T21:36:00.000-06:00

He got an email that said it was from the FBI and to answer a few quesitons after opening an email attachment. The attachment was a .zip file and he was aware enough to delete the .zip file and forwarded the information to me for some investigation.

It has mutated and will mutate again, but the main contents have remained the same. The email contained the worm Sober-K, here are the details.

This is what he received:

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000

Here are the details from Sophos.com:

W32/Sober-K

W32/Sober-K will arrive by email as a ZIP attachment containing an executable file with a double extension.

Subject lines include the following:

You visit illegal websites

Message body texts include the following:

Dear Sir/Madam,

we have logged your IP-address on more than 40 illegal Websites.

Important: Please answer our questions!

The list of questions are attached.

Yours faithfully,

M. John Stellford

Make sure that your definitions are up-to-date and don't open any extensions unless they are expected and come from a trusted source. If they aren't expected, contact the sender and ask if it was really sent by them.

Have a great Thanksgiving and safe surfing,

Darrell Mishler

Gourmet Gifts from California

I'm PayPal Verified

Just be good to yourself!

M & D Creative Concepts

Demphoto

Wild Rice

Another - unhuh, New Scam - Targets Jury Duty!

2005-11-01T07:07:00.000-06:00

Hi all,

I hope your halloween was great for all you kids. 8-)

I got some snail mail from my credit union that I'm sure will interest you. It's about a new scam that is happening now and references the www.fbi.gov as the source.
_____________________________________________________________________

One of the latest telephone scams against consumers involves gathering personal information from people by criminals posing as U. S. court employees. The Federal Bureau of Investigation (FBI) advises consumers to beware of telephone calls aupposedly coming from the U. S. Court System that say teh individual has been selected for jury duty. The person is then asked to verify their name, Social Security number and credit cardnumbers. The caller may be threatened with finds if they do not provide the information.

The U.S. Court System does not call people and request this type of information. If you receive such a call, do not provide the information as it would be used for purposes of identity theft. Victims of this scam are urged to contact their local FBI office which is listed in the government pages of the phone book, or by going online at www.fbi.gov.

Armed with the facts and some added vigilance, you can protect yourself and family against Identity Theft and other scams.
__________________________________________________________________________________

Once again, safe surfing,

Darrell Mishler
A member of TOASA.org

www.wildrice.96mb.com,

Gifts for Chocoholics!

appetizerstogo.com

Malware: Computing's Dirty Dozen

2005-10-22T20:14:00.000-05:00

I thought I would share this with you, you have probably heard a lot of this before, but this is a good article. It's filled with good information and definitions. Darrell

It seems that no sooner do you feel safe turning on your computer than you hear on the news about a new kind of internet security threat. Usually, the security threat is some kind of malware (though the term "security threat" no doubt sells more newspapers). What is malware? Malware is exactly what its name implies: mal (meaning bad, in the sense of malignant or malicious rather than just poorly done) + ware (short for software). More specifically, malware is software that does not benefit the computer's owner, and may even harm it, and so is purely parasitic. The Many Faces of Malware According to Wikipedia, there are in fact eleven distinct types of malware, and even more sub-types of each.

1. Viruses. The malware that's on the news so much, even your grandmother knows what it is. You probably already have heard plenty about why this kind of software is bad for you, so there's no need to belabor the point.

2. Worms. Slight variation on viruses. The difference between viruses and worms is that viruses hide inside the files of real computer programs (for instance, the macros in Word or the VBScript in many other Microsoft applications), while worms do not infect a file or program, but rather stand on their own.

3. Wabbits. Be honest: had you ever even heard of wabbits before (outside of Warner Bros. cartoons)? According to Wikipedia, wabbits are in fact rare, and it's not hard to see why: they don't do anything to spread to other machines. A wabbit, like a virus, replicates itself, but it does not have any instructions to email itself or pass itself through a computer network in order to infect other machines. The least ambitious of all malware, it is content simply to focus on utterly devastating a single machine.

4. Trojans. Arguably the most dangerous kind of malware, at least from a social standpoint. While Trojans rarely destroy computers or even files, that's only because they have bigger targets: your financial information, your computer's system resources, and sometimes even massive denial-of-service attack launched by having thousands of computers all try to connect to a web server at the same time.

5. Spyware. In another instance of creative software naming, spyware is software that spies on you, often tracking your internet activities in order to serve you advertising. (Yes, it's possible to be both adware and spyware at the same time.)

6. Backdoors. Backdoors are much the same as Trojans or worms, except that they do something different: they open a "backdoor" onto a computer, providing a network connection for hackers or other malware to enter or for viruses or sp@m to be sent out through.

7. Exploits. Exploits attack specific security vulnerabilities. You know how Microsoft is always announcing new updates for its operating system? Often enough the updates are really trying to close the security hole targeted in a newly discovered exploit.

8. Rootkit. The malware most likely to have a human touch, rootkits are installed by crackers (bad hackers) on other people's computers. The rootkit is designed to camouflage itself in a system's core processes so as to go undetected. It is the hardest of all malware to detect and therefore to remöve; many experts recommend completely wiping your hard drive and reinstalling everything fresh.

9. Keyloggers. No prïze for guessing what this software does: yes, it logs your keystrokes, i.e., what you type. Typically, the malware kind of keyloggers (as opposed to keyloggers deliberately installed by their owners to use in diagnosing computer problems) are out to log sensitive information such as passwords and financial details.

10. Dialers. Dialers dial telephone numbers via your computer's modem. Like keyloggers, they're only malware if you don't want them. Dialers either dial expensive premium-rate telephone numbers, often located in small countries far from the host computer; or, they dial a hacker's machine to transmit stolen data.

11. URL injectors. This software "injects" a given URL in place of certain URLs when you try to visit them in your browser. Usually, the injected URL is an affïliate link to the target URL. An affïliate link is a special link used to track the traffïc an affïliate (advertiser) has sent to the original website, so that the original website can pay commissions on any salës from that traffïc.

12. Adware. The least dangerous and most lucrative malware (lucrative for its distributors, that is). Adware displays ads on your computer. The Wikipedia entry on malware does not give adware its own category even though adware is commonly called malware. As Wikipedia notes, adware is often a subset of spyware. The implication is that if the user chooses to allow adware on his or her machine, it's not really malware, which is the defense that most adware companies take. In reality, however, the choice to install adware is usually a lëgal farce involving placing a mention of the adware somewhere in the installation materials, and often only in the licensing agreement, which hardly anyone reads.

Are you ready to take on this dirty dozen? Don't go it alone. Make sure you have at least one each of antivirus and antispyware.

By Joel Walsh

Safe surfing,

Darrell Mishler

Gourmet Gifts from California

I'm PayPal Verified

Just be good to yourself!

Sober Worm has been reported all day.

2005-10-06T22:02:00.000-05:00

I figured I should pass this along to you, it's been reported all day and is occuring in 10% of the reports that come into Sophos.

Now that's a really bad high-school photo.

A new variant of the Sober e-mail worm has started spreading as an attachment that claims to be an old class photo sent by a schoolmate. But if recipients open the file, they don't see a picture of themselves in braces. Instead, a worm tries to steal their information and then mail itself to others.

Antivirus software maker Sophos said the Sober variant is now the second most commonly reported virus, accounting for approximately 10 percent of all reports in the last 12 hours.

Stay on your toes and update your definitions as soon as possible.

Safe Surfing,

Darrell Mishler

TOASA Member

M&DCreativeConcepts

Wild Rice a Gourmet Food

Gourmet Gifts from California

I'm PayPal Verified

Just be good to yourself!

It's Back - Troj/Bagle

2005-09-21T09:19:00.000-05:00

The trojan / virus that plagued computers a couple of years ago has returned. I have received several email warnings that there are several variations to Bagel that have returned and are infecting computers world wide.

All of the virus software companies are aware of this trojan, yet there are a lot of reports of computers being infected. Please update your virus definitions today, even if you have them updated automatically, manually request an update just to make sure that yours are current. There have been variations coming out daily and if a virus / trojan infection can be avoided, by all means take care of it.

There are removal and recovery instructions at:

http://www.sophos.com/virusinfo/analyses/trojbagledlu.html .

Please be aware that if you edit your windows registry that it is always wise to back up, just in case something gets edited in the wrong place, at least you will have a means of returning to a know level of settings.

Remember, prevention is the best form of protection.

Safe Surfing,

Darrell Mishler

Just be good to yourself!

Online scams emerge in Katrina's wake

2005-09-01T18:50:00.000-05:00

I just got this today from CNET.com. Be sure you check out the charity you give to before you click or send anything. These are even using PayPal to help take your money.

Phony Web sites and e-mails, purporting to offer help to hurricane victims or provide more news on the destruction, are making their rounds on the Internet, security experts said Thursday.

One spam campaign that's circulating offers breaking news reports but tricks people into clicking a link that takes them to a bogus Web site, according to security firm Sophos. The site attempts to exploit vulnerabilities in Internet Explorer and install malicious code, including the Troj/Cgab-A Trojan horse, on a victim's system Sophos said.

Some of these e-mails carry subject headers such as "re: g8 Tropical storm flooded New Orleans" and "re: q1 Katrina killed as many as 80 people."

"If users click on the link contained inside the e-mail, they will be taken to a malicious Web site which will try and infect their computer," Graham Cluely, senior technology consultant for Sophos, said in a statement. "Once infected, the computer is under the control of remote criminal hackers who can use it to spy, steal or cause disruption."

Other bogus e-mails are circulating that ask people to aid hurricane victims and their families by clicking on a PayPal button to make a donation, said Johannes Ullrich, chief research officer for the Sans Institute.

As much devastation as there is in New Orleans and surrounding area, I would hate to see you hurt by online scams. Once again, please contact the online web site by name in order to contribute.

Examples are: www.redcross.org, http://www.salvationarmyusa.org/USNSAHome.htm and for more detailed information, visit www.fema.gov.

It sems that sometimes the worst situations bring out the worst individuals.

Safe Surfing,

Darrell Mishler