Freeware | Freeware From A-Z
| Security
| Virus
Information | Site Updated on 09/06/06
[In
Other Computing News] [Bo's Digital
Tech] [Computing
& Government] Go
Phish? | Family Matters |
Do your have Microsoft's Patch of the day? Not sure?
Check
out Bohunky0's Microsoft Bug
of the Month Page
Think
you may have a virus? Check out the latest virus list and the archive list. See: Bo's Recent Virus List
Find a
borken link? A link that points to a site other than the one intended? Please click
here and tell us about it.
Are
you concerned about Spyware? You should be! Check out our favorite Spyware
eradicator,
Spybot
Search & Dystroy
Q&A: What is a low threat
virus?
Examine
e-mail headers to determine their real origin
Wiping
an infected computer is best for any OS [Spyware triumphant]
from TechRepublic
Security?
Yeah, we got that!
Zero-day
Wednesdays
Why are attacks via unfixed flaws coming out the day after Microsoft's Patch
Tuesday? Think corporate espionage, CNET editor Robert Vamosi says. 
Read
Full Story
Virus
Via Email Pretends It’s From Microsoft - Watch Out For It
Taken from Lockergnome
Bo tip: Microsoft never sends updates or security software through
e-mail
Take note of what is important here, bad grammar or spelling mistakes are
a dead give-away.
Symantec
sees an Achilles' heel in Vista
New networking technologies in Windows Vista will be less stable and secure than
in XP, at least in
the short term, Symantec researchers say.
Security
agency war game tries to teach Net defense
In a less clandestine role, NSA pushes federal agencies--and everyone else--to
master art of guarding networks.
C|Net
| Read
the story
Security
expert dubs July the 'Month of browser bugs'
Each day this month, a prominent security expert will highlight a new
vulnerability in a major browser. Happy surfing.
Security
questions the feds ought to be asking
On the heels of the Veterans Administration's giant data breach, the White House
is reviewing data security practices of several federal agencies. Here are some
questions I hope they're asking.
READ
FULL STORY | ZdNet
Trojan
targets Google hosting service
The Trojan waits for people to log on to banking Web sites, then tries to steal
personal information by capturing keystrokes.
New
Excel zero-day flaw used in attacks
At least one customer reports being the target of a cyberattack that exploits a
new, yet-to-be-patched hole in the spreadsheet software.
More info. on "proof-of-concept macro virus",
AKA: "Virus.StarOffice.Stardust.a"or
"SBasic.Stardust.A!int".
Open Office reports that this is not a real virus as it is not self-replicating.
As is the case with any macro invasion, it must be opened and run by the user.
Never, ever accept documents from someone you do not know and even then, be very
suspicious of any downloaded document. Click this link for more: http://www.openoffice.org/security/
In Other Security News:
Q: I
recently read of a new virus, then found my antivirus software called it a
low-threat, "proof-of-concept" virus. What's that? --
Sally,
A: Security researchers and hackers sometimes write
virus code to see whether something is possible and submit that code. Like a
virus or worm found on the Internet, the code is then named and analyzed by
antivirus researchers. Often there are crippling flaws that prevent the code
from spreading from computer to computer, but the underlying concept is unique
or interesting. These are labeled proof of concept, since their purpose is to
demonstrate that something is theoretically possible rather than to exploit that
possibility with a legitimate threat.
Examine
e-mail headers to determine their real origin
I've mentioned that it's possible to identify forged e-mail by reading the
e-mail headers. This generated a lot of feedback, mostly from readers wanting to
know how to do it.
E-mail headers, as a topic for Internet security,
aren't as exciting as an exploit or the latest Internet worm. But learning how
to quickly determine
the authenticity of e-mail is important-especially if someone is abusing an
open SMTP relay on your network.
Our
Questions and Answers Section on Security and computing:
How
Do I Detect Key-Loggers?
Reader
Jimmy writes: My friend found out that there is an
“eye icon” on the taskbar and we believe that someone may have put a spyware
(bug) to find out what we are e-mailing to each other. Is this possible and how
can we delete such a bug?
Answer:
Your
description is consistent with a range of programs from key-loggers (programs
that track every keystroke) to various malicious programs including an old
version of the Navidad virus, which has a blue eye that gets added to your
Systray (to the left of the clock on the bottom right corner of the screen).
The first step in determining what it may be is to float your mouse over the
top of the icon to see if it gives you a description. If you can get anything to
appear, try typing it exactly as you see it into Google with quotation marks
around it (which tells Google to only bring back sites that have that exact
phrase) to learn more about exactly what you may have installed in your system.
There are a host of key-logger programs that can be installed so that a
record of everything you type (every word in every e-mail, every
username/password in every secured Web site, every Web address, etc.) is sent
via a silent e-mail to a remote e-mail address.
There is no shortage of this type of malicious code designed to help steal
your identity, but many parental control programs also have a component of the
system that is designed to use this process to help parents keep track of what
their kids are doing online from a remote computer. Using a removal tool may
disable this ability. The program may not be able to differentiate between your
parental controls and a malicious key logger.
There are a number of ways that someone can install such a program onto your
computer, but generally, they would need access to your computer. If they were
trying to spy on you, however, they would generally do so without leaving such
an obvious marker (the eye icon).
It's possible that you contracted a RAT (Remote Access Trojan)
via an e-mail attachment (just another in a long list of reasons to be extremely
suspicious of ANY e-mail file attachment), which could allow a remote user to
access your computer or log all of your keystrokes.
Most anti-spyware programs such as Ad-Aware and Spybot Search and Destroy
(both are free and available by visiting www.datadoctors.com/approved)
can detect and remove commonly known key-logging programs.
Not every program that is capable of logging your keystrokes is detectable by
traditional spyware detection programs, but since they all do create a log file
there is a more fundamental way to see if anything is logging your activity.
Another
free program called KL-Detector
(also available at www.datadoctors.com/approved)
is a simple program that, once installed, can monitor disk activity to see if a
log file is created during a test session. (Be sure to follow the directions
exactly or you may get a false positive!)
Identity
theft has become such a big business on the Internet that large organized crime
syndicates are now behind many of the attempts to compromise your personal
information, so always pay attention to what you open or install on the Internet
and keep all of your security software constantly updated!
Q:
If I use a public terminal, is there any way to log in without fear of hidden
keystroke loggers?
--Hunter
A: Yes. You can avoid the keyboard altogether by using the Windows
On-Screen Keyboard and your mouse. Click Start, All Programs, Accessories, then
On-Screen Keyboard. Mouse over the login box, click it, then mouse over and
click the individual keys you want to input. It's slow, but it's more secure.
When you're done with the public terminal, be sure to clear the browser's cache
and history, as well.
Identity Theft a Five Step Stop Plan
You'd almost have to live in a cave not to know about identity theft. It's in
the news on a regular basis. In addition, you may have already been a victim --
or know someone who has been victimized.
Everyone also seems to be aware that electronic identity theft
- through email, online banking or using credit cards online
- costs consumers millions of dollars every year, and the numbers are
escalating.
For the fifth year in a row, identity theft topped the list of complaints
reported to the Federal Trade Commission in 2004, accounting for 39% of all
complaints received annually by the FTC. It also tops our ScamBusters prediction
list of the worst scams for 2005:
The consequences of becoming a victim of identity fraud include: having a
scammer open up accounts in your name (and running up debts to those accounts),
losing your job, being denied insurance, or even being arrested for crimes you
didn't commit.
However, what you may NOT be aware of is that fully 50% of reported identity
fraud is perpetrated by relatives, friends and neighbors, or acquaintances of
the victim.
That's a truly amazing statistic. And whereas many people think that computer
crimes account for most identity theft, computer crimes, in fact, only accounted
for 11.6% of all identity theft where the cause was known in 2004.
According to a survey done by Javelin Strategy & Research, these 'close
encounters' by friends and family are costing much more money -- and time to
resolve -- than 'stranger' fraud would.
Here's an example: the median loss from phishing scams is $2,320. But when
the identity theft is a result of fraud by family and friends, the median loss
is $15,607!
So how do you decrease your chances of your identity being stolen by a
neighbor or a nephew?
Here are 5 tips:
1. Don't give ANYONE access to your PIN #s.
2. Don't leave financial mail or statements lying around your house or your
car -- you'd be appalled at how much information can be gleaned from your
checkbook, bank statements, credit card account statements and tax records.
3. When you are discarding things, shred any personal documents that may
contain personal or financial information.
4. As much as possible, sign up for electronic banking and account
monitoring, and then review your accounts regularly. Any fraud will be
detected sooner -- and more easily -- than if you wait for monthly mail.
5. Review your credit report, bank accounts and credit card bills
frequently. Self detection is the best way to find out about identity fraud
early.
For more tips on how to prevent and detect identity fraud,
visit:
FBI Issues Warnings About New Computer Virus
A new email that looks like it originates from the FBI with a virus attached
surfaced last week.
The email notifies recipients that they have visited illegal Web sites, and
then asks them to answer a set of questions that are supposedly in the
attachment.
For example, one email says: "We have logged your IP address on more
than 40 illegal Web sites. Important: Please answer our questions! The list of
questions are (sic) attached."
Opening the attachment will infect PC computers with the Sober-K worm, which
first appeared last week.
The major virus protection companies have definitions for this virus.
Actions: 1. Recognize that the FBI does not conduct business by notifying
people they are a target or potential target of investigation by email.
2. Update and run your virus protection software.
Q: How do avoid becoming a victim of identity theft from
the Internet?
A: Identity theft is a problem that has been around much longer than the
Internet and is more of a problem offline than on. While the Internet can help criminals
acquire the information they need to steal your identity, it is more often used to take
advantage of victims once the critical information has been acquired.
A much more common method of getting information such as Social Security number, credit
card numbers, or banking information is from your snail-mailbox, personal or business
trash, and lost or stolen wallets. The classic dumpster diving (going through your trash)
method of getting critical information is one of the most common, since it's easy and
relatively safe for the criminal.
If you've ever thrown out a pre-approved credit card offer, old bank statement, old tax
return, or any official form that contained personal information without first destroying
it (ripping it in half won't cut it), then you are ripe for the taking.
A paper shredder is an absolute must in today's information age for both the office and
home and should be used religiously. With a price tag of only $20 to $50 for a basic unit,
it is the single most cost effective tool you can buy to fight identity theft.
Your physical mailbox is another easy target for thieves; if possible, make it
difficult to get mail that has been deposited in your mailbox with a lock or some other
security device.
If you suddenly notice that mail has stopped coming to you, it could be a sign that
someone put in a change of address for you and is collecting all of your mail in order to
carry out an identity theft.
When it comes to the Internet, there are a few simple rules that can help minimize your
chances of identity theft:
- Never reply to or send an e-mail message requesting personal information. E-mail is not
secure and dozens if not hundreds of people along the way could read your message. No
legitimate company would ever ask you to verify or send your personal information via
e-mail.
- Don't do business with a company if you can't contact them by telephone and mail,
especially if they seem to have an offer that looks too good to be true.
- Never participate with any company that uses spam (unsolicited commercial messages) as
their way of marketing to you. Remember, if it's spam, it's probably a scam!
- Use passwords that incorporate both numbers and letters and at least 8 characters.
Thieves often use 'dictionary attacks' to break passwords that use real words.
- Monitor your credit file - the Internet and e-mail have made it much easier, so you will
know when something strange is going on. Equifax, one
of the major credit reporting bureaus, has a service that will allow you access to your
credit file and will e-mail you within 24 hours anytime it changes. You can try it free
for 30 days and pay $70 per year if you like the service.
Family Matters:
when it comes to keeping our children safe online
Kid-Safe
Internet Access
One way to protect your kids from sites they shouldn't see is to restrict
Internet access to the family computer, where you can see what they're up to.
The real danger here isn't that your kids will go where they shouldn't -- it's
that they'll type in the wrong URL and wind up at an adult site instead of
their intended destination.
- Parenting of K-6 Children Guide Kimberly L.
Keith
Sen.
Clinton: Feds must help parents on video games
Hillary Clinton, a longtime critic of video games, calls on the government to do
more to find out how electronic media harms kids.
Is
tech injuring children?
Prolonged exposure to technology use by kids has many expecting a rash of new
repetitive stress injuries.
C|Net
| Read
the story
When
digital kids rule the classroom
Schools aim to turn children's predilection for technology into a learning
opportunity for both student and teacher.
C|Net.com | Read
the story
Kids
outsmart Web filters
At schools around the country, tech-savvy teens are using proxy
sites and software to get to prohibited Web destinations.
C|Net.com | Read
the story
Going Phishing?
Hackers are!
Phishers
come calling on VoIP
Cheaply available VoIP numbers and Net calling are helping crooks launch new
scams aimed at pilfering sensitive information.
PayPal
fixes phishing hole
A Web site flaw was being exploited in a scam to pilfer sensitive information
from PayPal customers.
One
phish, two phish
Robert Vamosi: Think you're too smart to fall for a phishing attack? You
might be surprised by the results of a new survey which finds that the best
fraudulent sites could still fool more than 90 percent of their highly educated
participants.
See also:
Download:
Use this contact list to report phishing incidents
Fight back against phishers by reporting their activities. This list includes
contact information for 50 banks, brokerages, Web sites, and online payment
systems typically used in phishing exploits.
Phishers
try a phone hook
In a new twist, fraudsters are combining e-mail and spoofed phone systems to try
to con people into handing over their details.
C|Net
| Read
the story
Season
over for 'phishing'?
President Bush has signed into law a bill that mandates minimum sentences for ID
fraudsters, including Net-reliant "phishers."
See also:
Neighborhood
watch for phishing launches
A search is on for volunteers to handle reports of suspected online scams and to
help take down fraudulent Web sites.
Why
is Microsoft chasing phishers?
Richard Stiennon: I applaud any effort to prosecute these cyberjerks, but
banks should be deploying more immediate defenses.
READ
FULL STORY | ZdNet.com
Harm on the Pharm
Phishing
vs. pharming
Phishing involves the receipt of an e-mail message that appears to come from a
legitimate enterprise. Pharming attacks compromise at the DNS server level,
re-directing you to a hacker's site when you type in a company's Web address.
