PC-Armor Computer Security News Blog

Toll Continues to Rise in TJX Data Breach

SearchSecurity.com reported March 29 that TJX is admitting to at least 45.7 Million Card numbers being stolen over an 18-month period earlier in the year.

Additionally, approximately 455,000 people who returned merchandise without providing receipts for their purchases, had their driver’s license numbers and other personally identifiable information stolen.

You can read the story here.

It’s quite possible this may be the biggest data breach in history and because of the enormous amount of compromised records; everyone should carefully inspect their financial statements regularly for suspicious activity.

It’s a shame when consumers go to great lengths to protect their own systems and then see businesses mishandle their data and expose it to malicious crooks.

Microsoft Releases Advisory Today

There are reports of targeted attacks exploiting a vulnerability in the way Windows handles animated cursor files.

This could be a Web-based attack where an attacker hosting a Web site could integrate a Web page designed to exploit this vulnerability; the attacker could coerce a user to view a specially crafted e-mail or open an e-mail attachment; or the attacker could compromise a legitimate Web site and set it up to serve Web pages containing malicious content designed to exploit this vulnerability.

Per the usual advice, be very careful and selective when choosing which Web site(s) to visit and which e-mail messages to view and be absolutely certain e-mail attachments are legitimate and safe BEFORE you open them.

You will find the Microsoft advisory at:

http://www.microsoft.com/technet/security/advisory/935423.mspx?pf=true

If you use Vista’s Windows Mail…Be Careful when Clicking Links

ComputerWorld.com warns of a newly discovered “Exploit-for-Sale” that when launched using Windows Mail in Microsoft Vista, could infect the PC with software designed to steal identities or a backdoor Trojan horse.

You can read the story here:

The article reinforces the smart security practice of not opening e-mails from sources you do not know and not clicking links within e-mail messages.

If you use Vista, you should probably read the article.

Phishing scam targets Dell customers

There are reports of new spoofed e-mails being distributed to Dell customers with the intent of obtaining financial gain at the expense of the victim(s).

At least one such e-mail appears as an order confirmation from Dell, complete with an order number, Dell customer number, and an order amount.

The e-mail(s) may contain a virus or have a virus attached to the links contained within the e-mail; therefore, you are advised to delete the e-mail. You should not open, forward, or respond to the e-mail; nor should you click any of the links within the e-mail.

According to the Direct2Dell Blog, it looks similar to Dell order confirmation e-mails; however, the fake e-mail does not contain “Bill to” or “Ship To” information. Legitimate order confirmation e-mails from Dell contain this information. You can read more about this new phishing scam at:

http://direct2dell.com/one2one/archive/2007/03/23/9351.aspx

New Order Process Payment Method: PayPal

PC-Armor customers can now select the PayPal payment method in the order process when ordering the “Home Network Security” eBook using share-it!.

PayPal is an online payment service with over 100 million registered users who take advantage of the service to pay for their orders online, while protecting their financial information.

Use your PayPal account to protect your online transactions!

Gozi Trojan is Raising new Concerns

The SANS NewsBites, Vol. 9, Num. 24 from March 23, 2007 reported that the Gozi Trojan has been stealing data from SSL streams from more than 5,000 computer users since December of 2006.  What raises concerns with this threat, is that the Gozi Trojan has been able to steal confidential information for over 50 days without being detected by any of the of the top anti-virus software programs.  There were some products that reported the intrusion as “suspicious”, but did not automatically quarantine the Trojan.

Secureworks.com has an excellent article illustrating the history of the Gozi Trojan, the methodology used to analyze how it works, suggestions to discover and remove it, and some countermeasures to help protect computer users from infection.  This is a very in depth and informative report and you can find it at:

http://www.secureworks.com/research/threats/gozi/?threat=gozi

This article is definitely worth reading.

Tips Documents for Consumers and Corporations

The Anti-Spyware Coalition has a one-page document with important tips to help home users and corporate users make better decisions that will help them minimize their risk of infecting their computers with malware.

You can find the document, as well as other informative documents at: http://www.antispywarecoalition.org/documents/

The corporate version mainly addresses policies for management and administrators, while the home user version offers valuable tips to exercise safer web surfing and e-mail habits.

Check it out…it’s worth your time!

Unsure about clicking on that link?

I received another e-mail with the following subject and body today:

Subject: Confirmation link

Thank you for your loan request, which we received yesterday, your refinance application has been accepted.  Good Credit or Not, We are ready to give you a $315,000 loan, after further review, our lenders have established the lowest monthly payments.

Approval process will take only 1 minute.  Please visit the confirmation link below and fill-out our short 30 second Secure Web-Form.

Obviously this is another scam, but to reinforce my suspicions, I searched for the location of the originating IP address, which came from Skopje, Macedonia.  Next, I searched for information on the domain the link was pointing to (if I would have been foolish enough to click it), and it just happens the domain was created yesterday, on 03-19-2007. 

First off, I never applied for any loans over the Internet.  But more importantly, when a domain is registered 1 day before the spam made it into my Inbox, odds are quite high it is a phishing scam!

If you have doubts about the validity of any link, you can research them at http://www.dnsstuff.com/.  You will be able to find out to whom the domain is registered, when it was created, when it expires, the country or origin, and other important information.

Be smart and do your homework BEFORE you make a big mistake!

SANS State of Malware Webcast this Wednesday

The SANS “Ask the Expert Webcast” will be featuring “The State of Malware Today” this coming Wednesday, March 21, 2007 at 1:00 PM EDT.

SANS has many webcasts in their archives and this new webcast will reveal the latest threats and offer suggestions to protect yourself against them.  If you are unable to view it live, you will be able to view it at a later date from the SANS archives.

If you are concerned with malware and how it can negatively impact you and/or your network, we encourage you to view this webcast Wednesday at:

https://www.sans.org/webcasts/show.php?webcastid=90986

In case you miss the webcast on Wednesday, you will find it in the archives.

Security webcast - not just a technical problem

The F-Secure Blog mentioned this webcast today and I decided to view it to see what it was all about.  This is a great report and comes from bt.com’s “BT’s Big Thinker Series“.

The webcast is hosted by Bruce Schneier and the panelists include Risto Siilasmaa – Chairman of the Board, F-Secure Corporation and Michael Barrett – Chief Information Security Officer, PayPal.

This informative video focuses on the non-technical (social, political and human) aspects of computer security, such as:

- How to deal with security
- How much security is enough
- How to help consumers understand security
- How to help businesses better deal with security

If you have an hour to watch this webcast, it is will be worth your time and can be found at:

http://www.networked.bt.com/bigthinkers_security.php

The panel brings up many good points about why phishing scams and other attacks are successful, from a human factor perspective.  If you take the time to watch this video, you will learn how to make better decisions that could ultimately mean the difference between protecting your identity or having it stolen via an online attack.