OUCH!
SANS Institute Security Newsletter for Computer Users
Volume 5, Number 5 May 2008
************************************************************************
In This Issue
1. Eight Surefire Ways to Become an Identity Theft Victim - 2. Malware
- - 3. Scams and Hoaxes - 4. Microsoft and Apple Security Updates - 5.
Security Newsbytes
************************************************************************
A formatted version of the OUCH newsletter can be found at https://www.sans.org/newsletters/ouch.
You can subscribe to OUCH on the same site. Send your comments to OUCH@sans.org.
************************************************************************
1. Eight Surefire Ways to Become an Identity Theft Victim
- --Practice unsafe surfing. When you purchase a new computer, go online without activating the firewall, or purchasing protective software.
Further expose yourself digitally by sharing a wireless connection with the entire neighborhood. Without digital encryption, you can share the contents of your hard drive with anyone on the street. For maximum risk, do some online banking on a public computer -- like the one at the library or a public cafe. Bonus points are added if your Social Security number is your user ID for any transactions.
- --Skimp on anti-virus and anti-spyware protection. Courting disaster online is easy. Invite malicious code to attack your computer simply by doing nothing. Antivirus programs can be pricey, and the maintenance of constantly downloading updates is time-consuming. Combine that with the security updates from Microsoft or Apple and it's enough to seriously annoy anyone.
- --Passwords are a pain! Make life easy for yourself by using the same password for EVERYTHING, and make it something easy to remember, like your first name or 'password'. Just in case, make sure you write it down on a yellow sticky and put it somewhere easy to see.
And don't forget to have your browser set to 'remember password' to make life easy for you - and the cyberthief.
- --Peek at junk email and open attachments from unknown sources. Open attachments from strangers, secret crushes, long-lost friends saying "what's up," or strangers hawking cheap drugs -- you'll never know unless you peek at that email. One of the many fun things that can happen when you open an attachment containing malicious code is infecting your computer with a Trojan horse or virus, which can easily lead to identity theft.
- --Stuff your wallet with juicy identifying tidbits. Wallets and purses are more than just handy cash-carrying devices. They often have credit cards, identification, insurance information and even Social Security cards. Obviously, more is better if you'd like to become the prey of fraudsters. Losing or misplacing a wallet or purse can cause more problems than just the hassle of replacing all those cards and buying a new bag. Armed with your date of birth, Social Security number and mailing address, there's no limit to the damage thieves could cause.
- --Make your checks payable to criminals. If you're like most people, you wouldn't post your checking account information on your front door, though you should if you'd like to be a victim of fraud. Similarly, checks reflecting the same information can be dropped casually into unsecured mailboxes. Statistically the chances of your mailbox being targeted by criminal elements are low, but not that low. According to the 2008 Identity Fraud Survey Report from Javelin Strategy and Research, almost 1 in 10 victims of identity theft who can pinpoint the scene of the crime say that it happened at the mailbox.
- --Opt out? Opt in! While you're mailing checks from the unlocked mailbox, go ahead and get credit card companies to send you all the pre-approved offers that the postman can cram into the box. Similarly, don't get credit card statements online; leave them on the side of the road so that they're more convenient for fraudsters who lack the technical knowledge or follow-through to launch complicated hacking schemes.
- --Nothing is too good to be true. Everyone wants to feel special and maybe more importantly, filthy rich. When reading an emailed proposition from an African business tycoon, an imperiled prince or downtrodden heiress offering millions of dollars in exchange for some small measure of assistance, it's difficult not to wish it were true. Falling for the story will undoubtedly lead to unpleasantness.
More information:
http://finance.yahoo.com/banking-budgeting/article/104894/7-Surefire-Ways-to
-Become-an-ID-Theft-Victim
************************************************************************
2. Malware
- --Zeus. A Trojan being spread by the so-called "Rock Phish" group of Russian criminals through phishing scams. Zeus is designed not only to trick victims into clicking on a link in a phishing email to give up personal information, but also to drop a Trojan on the victim's computer at the same time. The new attacks combine phishing and the Zeus Trojan to steal personal information and spread financial crimeware. Zeus can steal personal data such as usernames, passwords and Social Security numbers entered by the user while interacting with other websites.
More information:
http://www.scmagazineus.com/Rock-Phish-gang-adds-malware-download-to-attacks
/article/109240/
- -- RaceForTibet. Rootkit* malware that surreptitiously installs a keystroke logger on end users' PCs once they open a Flash movie file which uses a cartoon to mask its malware payload. The captured data is reportedly sent to a computer in China. The cartoon ridicules the effort of a Chinese gymnast and then displays images supporting a free Tibet.
The malware is being distributed as an attachment called RaceForTibet.exe.
More information:
http://www.itpro.co.uk/wireless/news/187935/tibet-supporters-targeted-by-tro
jans.html
* Rootkit: http://en.wikipedia.org/wiki/Rootkit
- -- OSX.RSPlug.A. A Mac Trojan that spreads by spam emails designed to lure users to pornography sites. Visitors are presented with a still image from a salacious video. Clicking on the image to play the video returns the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec." After the linked page loads, malware is downloaded and launches an installer. The installer requires the user to enter the admin password. Once the password has been entered, the malware infection is complete. The Trojan alters network settings, redirecting webpages and funneling advertisements for porn sites to your Mac.
More information:
http://www.geekstogo.com/2007/10/31/osxrspluga-trojan-info-and-removal/
************************************************************************
3. Scams and Hoaxes
- --Economic Stimulus Refund Phishing Scam A number of phishing scam emails are currently targeting US taxpayers by offering bogus refund payments as bait. This email, purporting to be from the Internal Revenue Service (IRS), claims that the recipient is qualified to receive the 2008 Economic Stimulus Refund. The recipient is instructed to follow a link in the message in order to fill in an online form, ostensibly to allow the refund to be processed. The email includes the IRS logo and copyright notice and is from a seemingly genuine IRS email address. However, the email is not from the IRS.
More information:
http://www.hoax-slayer.com/economic-stimulus-refund-scam.shtml
- --United States District Court Subpoena Malware Email This seemingly official email purports to be a subpoena sent by the United States District Court. The message claims that the recipient must testify before a Grand Jury at a specified place and time. The recipient is instructed to follow a link in the message to download and print a complete copy of the subpoena document. However, the message is not from the United States District Court. In fact, the message is an attempt to trick recipients into installing information-stealing malware on their computers.
More information: http://www.uscourts.gov/newsroom/2008/alert.cfm
http://www.hoax-slayer.com/subpoena-phishing-scam.shtml
- --Visa Personal Password Phishing Scam An email claiming that recipients can protect their Visa credit card for online purchases by clicking a link in the message and creating a personal password. However, the message is just another phishing scam and was not sent by Visa. Those who fall for the ruse and click the link will be taken to a very sophisticated, but fraudulent, website that has been designed to closely resemble the genuine Visa website.
More information: http://www.hoax-slayer.com/visa-password-scam.shtml
- --Mail Server Report
According to this warning message, a dangerous virus is being distributed via emails with the subject line "Mail Server Report". The warning claims that opening attachments that come with the email will first display a message saying "It is too late now, your life is no longer beautiful" before destroying all files on the infected computer and stealing personal information. However these claims are untrue.
There is not, nor has there ever been, a virus like the one described in this bogus warning message.
More information: http://www.hoax-slayer.com/mail-server-report-hoax.shtml
************************************************************************
4. Microsoft and Apple Security Updates
Microsoft and Apple provide free security updates for their software products.
Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The next scheduled release date is May 13th. Check manually too, once every two weeks, to make sure all of the updates have been installed.
More information: http://www.microsoft.com/athome/security/default.mspx
OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or Intel).
More information: http://www.apple.com/support/downloads/
iPhones: Must be updated manually:
http://docs.info.apple.com/article.html?artnum=305744
************************************************************************
5. Security Newsbytes
- --Hannaford to Spend Millions on IT Security Upgrades After Breach Executives at Hannaford Bros. Co. have said that the grocer expects to spend millions of dollars on IT security upgrades in the wake of the recent network intrusion that resulted in the theft of up to 4.2 million credit and debit card numbers from its systems. The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its stores, plus the deployment of PIN pad devices with encryption support in store checkout aisles. Hannaford also has signed on IBM to do around-the-clock network security monitoring.
More information:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&;arti
cleId=9079652
- --Microsoft Reports 300% Increase in Trojan Downloaders Computer users are increasingly at risk of being lured to websites that surreptitiously download malicious software onto their machines, but stolen or lost laptops still represent most of the security breaches reported, according to the latest six-month Microsoft Security Intelligence Report. Exploits, malicious software, and hacking accounted for 13% of all security breach notifications recorded in the second half of 2007, while 57% of the breaches publicly disclosed involved lost or stolen equipment. Malicious software attacks via Trojan downloaders and droppers increased by 300% during the same time period.
More information:
http://www.news.com/8301-10784_3-9925077-7.html?tag=nefd.only
- -- Firefox and Safari Updates Tackle "Alternative" Browser Bugs Mozilla has updated its Firefox web browser in response to the discovery of a vulnerability which allows miscreants to take control of vulnerable systems. Apple has pushed out an update for both the Windows and Mac versions of its Safari web browser. The more serious Mac flaws, if left unchecked, create a means for hackers to crash browsers or inject malicious code into vulnerable systems.
More information:
http://www.mozilla.org/security/announce/2008/mfsa2008-20.html
http://support.apple.com/kb/HT1467
************************************************************************
Copyright 2008, SANS Institute ( http://www.sans.org) Editorial Board: Bill Wyman, Alan Reichert, Barbara Rietveld, Alan Paller.
Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product. Readers are invited to subscribe for free at https://www.sans.org/newsletters/ouch
5:30:35 PM 
|
