Poisoned E-mail From Amazon

Transaction Notice Has Virus Attachment

Cybercriminals have started using an old trick with a new twist -- sending spam e-mails purporting to be from a real company regarding a "recent transaction" (or shipment). The e-mail has an attachment claiming to be a summary, receipt, or 'required' form.

Of course, the attachment is a virus, and "opening" it infects your computer.
(Many security experts would have told you this method was obsolete and no longer being used..)

In this most recent wave of spam attack, the company being spoofed is Amazon.com. It reads:
Your transaction has been processed by WorldPay, on behalf of Amazon Inc.
The invoice file is attached to this message.
This is not a tax receipt.
We processed your payment.
Amazon Inc has received your order,
and will inform you about delivery.
Sincerely,
Amazon Team

This confirmation only indicates that your transaction has been processed successfully.
It does not indicate that your order has been accepted.
It is the responsibility of Amazon Inc to confirm that
your order has been accepted, and to deliver any goods or services you have ordered.

Remember folks, your clicking bypasses your security, so resist your curiousness. Never click the links in unexpected/unsolicited email. Best yet, don't even open them.

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

Second rogue Facebook app spams 'friends'

"Scoundrels have created another rogue Facebook application, the second to hit the social networking site in less than a week.

In the second attack, Facebook users receive notices that they have supposedly being reported for violation of the social networking site's terms of service by someone in their friends list. A link on the notification leads to an application called "f a c e b o o k - - closing down!!!" which, post installation, spams all the affected user’s friends with the same message..."

Read the rest of this article here.

* Thanks to Lee at Technibble

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

Skype Users..

Folks, if you use the very popular VoIP program Skype - as I do - you need to be aware of some recent cybercriminal activities.

1) The fake "Windows needs immediate attention" attack is active again. Please see, Skype — "Windows Requires Immediate Attention".. Not!

2) There's a new attempt - using a trojan - to steal your account information. Please see, SpySkype.C Trojan Wants to Talk to You!

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Hacker Theft Could be the Largest Credit Card Crime in History

Hackers breach Heartland Payment credit card system

Heartland Payment Systems hpy on Tuesday disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. The number of victims is still unknown.

Heartland's disclosure coincides with reports of heightened criminal activities involving stolen payment card numbers. Security firm CardCops has been tracking a 20% year-over-year increase in Internet chat room activity where hackers test batches of payment card numbers to make sure that they're active.

To read the full news story, click here.

My two cents: This is why, folks, you don't want to get all excited about "cloud computing", or allow your governments to create large "databases".. like a "national health registry", or "crime database".. and why I don't use "online backup" to store my files.
Why trust someone else's server? The Conficker outbreak shows you how well servers get patched..

I feel bad for the folks at HPS.. the cost to clean this up is going to be astounding..

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

Potential 'big bad### botnet' spreading fast*

The 'Downadup' worm is spreading quickly and now infects more than 3.5 million PCs, according to the security company F-Secure.

In a blog post on Wednesday, F-Secure put the total number of infected machines at an estimated 3,521,230 — a rise of more than a million machines over the previous day's tally…

Wow. A million new infections in one day..

Folks, to read the rest of this article (clipped from ZDNet) by David Meyer and Tom Espiner, click here.

Tips For Safe Online Shopping*

I think it is a pretty safe bet that quite a few of you are doing some last minute holiday shopping.. and that some of you are going to use the Internet to do some of that shopping.

I would like to remind you that there is a healthy, active, and well-financed underworld of cyber-criminals who are well-aware of the fact that the next few days are prime credit card and "identity" theft opportunities, and are going to be particularly active in trying to GET YOU.

You will see an increase in spam, and bogus pop-opens that tell you you are infected when you're not. (Note: The phraudulent Skype alert is active again, too. see Skype — "Windows Requires Immediate Attention".. Not! )

I am posting the following Basic Internet Shopping Tips in the hopes that Tech--for Everyone readers will not join the 9 million Americans who had their identities stolen last year.

• Download Software Updates -- Regularly!
• Use Complex Passwords (include numerals and @#$%^&*[])
• Use Onetime Credit Cards
• Verify Secure Connections See that little padlock symbol at the bottom of your screen, and in the URL address bar?
• Check Your Credit
• Enter Your Shopping Site's Web Address Manually (embedded links=no!)
• Shop From Your Own computer (not a public 'hotspot')
• Enable your browser's phishing filter, or install a add-on. (such as the super-easy WOT toolbar)
• Don't Send Credit Card Information Over E-mail. Even if you think it's secure. Don't send it over IM either. If you feel uncomfortable about sending personal information online, call up the business.

I would like to direct your attention to the first bulletpoint. The programs on your computer need to be fully "patched" with the latest updates, as exploiting weaknesses is the primary method hackers use to infect your machines. (You visit a website that they've 'poisoned', and if you have an unpatched 'hole', bingo - you're infected.)

How do you know if you have the latest updates? For all your installed programs? Do you think you are patched? Don't guess. Be sure!

Today's free link+download: Secunia offers a tool that I highly recommend. The online scanner (which you should bookmark, btw) will scan your machine for roughly 100 programs and tell you if there is a patch/update you need. If you go this route, you will need to visit once or twice a week.)
Better yet, they offer a download, a Personal Edition, which will scan your system against a database of over 7,000 programs.
Even better yet, it includes direct download links to the missing patches it finds.

I just ran it and it found an old ActiveX plug in, and told me that my Java Runtime Environment was out of date.. and I didn't think I had installed JRE on this machine!

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :