Friday, November 19, 2004
W32.Sober.I@mm
A new mass-mailing worm has been discovered today, opening rate Level 3.
More info click here
Please update your virus definitions ASAP.
Thursday, November 18, 2004
Dog & Leopard
The Dog and The Leopard
========================
A wealthy man decided to go on a safari in Africa. He took his
faithful pet dog along for company. One day the dog starts
chasing butterflies and before long he discovers that he is
lost. So, wandering about he notices a leopard heading rapidly
in his direction with the obvious intention of having lunch.
The dog thinks, "Boy, I'm in deep doo doo now."
Then he noticed some bones on the ground close by, and
immediately settles down to chew on the bones with his back to
the approaching cat.
Just as the leopard is about to leap, the dog exclaims loudly,
"Man, that was one delicious leopard. I wonder if there are any
more around here?" Hearing this the leopard halts his attack in
mid stride, as a look of terror comes over him, and slinks away
into the trees.
"Whew," says the leopard, "That was close.
That dog nearly had me."
Meanwhile, a monkey who had been watching the whole scene from a
nearby tree, figures he can put this knowledge to good use and
trade it for protection from the leopard.
So, off he goes. But the dog saw him heading after the leopard
with great speed, and figured that something must be up. The
monkey soon catches up with the leopard, spills the beans and
strikes a deal for himself with the leopard.
The leopard is furious at being made a fool of and says,
"Here monkey, hop on my back and see what's going to happen to
that conniving canine."
Now the dog sees the leopard coming with the monkey on his back,
and thinks, "What am I going to do now?"
But instead of running, the dog sits down with his back to his
attackers pretending he hasn't seen them yet.
Just when they get close enough to hear, the dog says,
"Where's that monkey. I just can never trust him.
I sent him off half an hour ago to bring me another leopard,
and he's still not back!!"
Credit Card Scam
Credit Card Scam. By understanding how the scam works, you'll
Be better prepared to protect yourself. Thanks to Dr. Pat Cloney
for passing this on. These con artists get more creative every day.
My husband was called on Wednesday from "VISA", and I was called on
Thursday from "MasterCard". The scam works like this:
Person calling says, "this is
Security and Fraud Department at VISA. My Badge number is
12460. Your card has been flagged for an unusual purchase
pattern, and I'm calling to verify. This would be on your VISA
card which was issued by
Anti-Telemarketing Device for $497.99 from a marketing
company based in Arizona?"
When you say "No", the caller continues with, "Then we will
be issuing a credit to your account. This is a company we have
been watching and the charges range from $297 to $497, just
under the $500 purchase pattern that flags most cards. Before
your next statement, the credit will be sent to (gives you your
address), is that correct?"
You say "yes". The caller continues... "I will be starting a
Fraud investigation. If you have any questions, you should
call the 1-800 number listed on the back of your card (1-800-VISA)
and ask for Security. You will need to refer to this Control #"
The caller then gives you a 6 digit number. "Do you need me to
read it again?"
Here's the IMPORTANT part on how the scam works. The caller then says,
"he needs to verify you are in possession of your card".
He'll ask you to "turn your card over and look for some numbers.
There are 7 numbers; the first 4 are your card number, the next 3
are the 'Security Numbers' that verify you are in possession of the
card. These are the numbers you use to make Internet purchases
to prove you have the card. Read me the 3 numbers". After you
tell the caller the 3 numbers, he'll say ,"That is correct. I just
needed to verify that the card has not been lost or stolen, and that
you still have your card. Do you have any other questions?"
After you say No, the caller then Thanks you and states, "Don't
hesitate to call back if you do", and hangs up.
You actually say very little, and they never ask for or tell you the
card number. But after we were called on Wednesday, we called
back within 20 minutes to ask a question. Are we glad we did! The REAL
VISA Security Department told us it was a scam and in the last 15
minutes a new purchase of $497.99 was charge on on our card.
Long story made short, we made a real fraud report and closed
the VISA card, and they are reissuing us a new number. What the
scammers wants is the 3-digit PIN number on the back of the card.
Don't give it to them. Instead, tell them you'll call VISA or Master
card direct. The real VISA told us that they will never ask for
anything on the card as they already know the information since
they issued the card! If you give the scammers your 3 Digit PIN
Number, you think you're receiving a credit. However, by the time
you get your statement, you'll see charges for purchases you didn't
make, and by then it's almost to late and/or harder to actually file
a fraud report.
What makes this more remarkable is that on Thursday, I got a call from
a "Jason Richardson of MasterCard" with a word-for-word repeat of the
VISA scam. This time I didn't let him finish. I hung up!
We filed a police report, as instructed by VISA. The police said they
are taking several of these reports daily! They also urged us to tell
everybody we know that this scam is happening.
Please pass this on to all your friends. By informing each other, we
protect each other. Thank-You.
Tuesday, November 16, 2004
Mydoom
Reprinted From: Computerworld NOV 15, 2004
The latest version of the Mydoom virus suggests to security experts that a much-anticipated "zero day" attack may have already arrived.
"Zero day" refers to an exploit, either a worm or a virus, that arrives on the heels of, or even before, the public announcement of a vulnerability in a computer system. This week's version of Mydoom appeared only two days after a security flaw in Windows Internet Explorer was made public by two hackers, according to reports.
What's different about this version of the virus is that instead of attaching itself to an e-mail as an executable program, it appears instead as a Web link within the text of an e-mail message. Clicking on the link will direct a person's browser to another Web site that will exploit an IFrames vulnerability in Internet Explorer and thereby infect that person's machine.
"Up until today, every worm that came out had a fix and that fix was out there for some time," said Stuart McClure, president and chief technology officer of Foundstone Strategic Security in Mission Viejo, Calif.
McClure suggests that it will be only a short time before a worm or virus appears exploiting an unknown vulnerability with no mechanism to fix it. The time difference between when security vulnerabilities become known and exploits are created to take advantage of those flaws has been shrinking for some time. Two years ago, that time difference was somewhere between four and six weeks.
"For the first six months of this year, [that difference] was about 5.8 business days, and in this most recent case, it was just two days," said Alfred Huger, senior director of engineering at Symantec Corp. in Calgary, Alberta. "The problem is that it is extremely difficult for a vendor to put out a patch in that short of a time."
Carol Terentiak, security strategy and response manager at Microsoft Canada Co. in Mississauga, Ontario, said this version of Mydoom suggests that virus and worm writers are becoming more sophisticated and going beyond merely tweaking existing virus code. They are doing more sophisticated work by first prying apart and looking for problems in the systems they may want to compromise, she said.
There was some suggestion that the release of the virus was timed to disrupt Microsoft's monthly security bulletin. Each month, Microsoft releases a security bulletin that provides customers with information about security issues, exploits and fixes that are available. The timing of this Mydoom variant indicated to some that its author may have hoped to trip up the bulletin by showing it to be inadequate in providing up-to-date security information and fixes to Microsoft customers.
Terentiak said Microsoft users who have installed Service Pack 2 for Windows XP are already at a reduced risk of having problems with this virus. Service Pack 2 comes with built-in protections against the kinds of exploits that Mydoom tries to perpetrate. Still, Microsoft is working on a separate patch for the vulnerability in Internet Explorer.
Terentiak advised people who are concerned to check online at either www.microsoft.com/security or www.microsoft.com/protect for more information.
Monday, November 15, 2004
Hyperlinks
When I find the extra time all the links to other sites here on the Blog will open in a separate new window, so if you are reading an article and want to check out the link, you will not navigate away from the Blog. No more Back Button...Back Button...Back Button, to return to the Blog.
If the other people with access want to help out the htlm is simple;
after your
a href="where-ever.com"
add in: target="new"
example
a href="where-ever.com " target="new"
Also if anybody wants their own website but is intimidated at the concept of writing one I have a wonderfully simple yet powerful WebPage Designer Software
With 1 hour of instruction you'll have your professional looking site online.
Now what's it cost you ask?
Well I do love Snickers candy bars...
P.S. The Blue Highlighted Words in the posts here are usually what we call a hyperlink, meaning that when you click on there it will take you somewhere else
So if you post here try not to confuse people and post in blue unless it is a link.
Frauds - Spam
or Charges on your phone and Credit Card Bills
There are tons of fraud and spam mail floating around, most is a harmless pain in the butt but(pun), some can rob you of you life savings AND your credit rating. A good website to check people out at is www.bbb.org, the Better Business Boys. Do an internet search on the company...if they are up to no good, they will show up on the internet. Post your findings on the blog, search engines find these posts and can alert people all over to those nasty guys. If you need help tracking the originator of unwanted or fraudulent email do the following things
Right Click on the Inbox Message and choose Properties
Choose the Details Tab
Choose the Message Source Tab
Copy ALL the information there and paste it to an email and click here to send it to me, in around 65% of the cases I can track it back, spammers do have their tricks to hide also...
and REMEMBER - "Real Companies" Already Have Your Personal Info
Theives need "you" to provide it to them....