PC-Armor Computer Security News Blog

COMMENTARY: Every Choice you make…has Consequences

Computers are great tools and can also be a great source for entertainment; however, any choice you make with respect to what you install and how you choose to use your computer, will always have consequences. Here are some examples:

Should I upgrade to Vista?
Upgrading to Vista may lead to other unexpected purchases, such as more powerful hardware, as well as hardware that has been tested on Vista and meets the Microsoft Hardware Compatibility Requirements; you may need to upgrade certain software on your computer that has been tested and is compatible with Vista; and you may need to invest some time learning the new operating system interface and how to best work with the new features.

I recently received a pop-up stating my computer was infected and by purchasing the software from the link in the pop-up, it would clean the computer.
By clicking the link, you may further infect your computer and if you provide your credit account information to purchase the “so called” security software, you could be exposing your personal information to identity theft.

When trying to decide which Anti-virus program to use, I look through recommendations posted on various forums.
More often than not, the “so called” experts in forums will recommend “free” security software and tell others their computers are clean of infections. However, you usually get what you pay for and if the cost is free, you probably are not getting the level of protection you would get by spending $20 or $30 for legitimate and superior protection. Good security software is quite affordable…so why do people choose to save a couple of bucks and risk infection? The sad news, is by using the “freebies”, they are probably infected and don’t even realize it.

Firewalls are too difficult to use, so I think I will just do without…
With the state of the Internet today, it is foolish not to use a firewall. Sure, there are some that are more difficult to use than others, but there are some that are user friendly and easy to set up. If you do nothing more than install the firewalls, the incoming ports will be blocked and your computer’s IP Address may be hidden (it depends on the firewall(s) you choose to purchase) However, if you wish to harden your computer further, the firewall will give you additional tools to perform achieve this goal. Every Internet-connected computer should have a Gate/Router/Firewall connected between their modem and computers and a software-based firewall installed on each computer.

I receive many e-mails offering wonderful deals on various products and/or services…should I take advantage of them?
There is a very good rule of thumb to follow here: if you didn’t ask for it, don’t open it. Opening unsolicited e-mails can have serious consequences on the state of security for your computer; your best option is to delete them and then clean out your deleted items folder regularly. Using a good Anti-spam program or service can help protect you against fraudulent e-mails and greatly reduce the amount of spam coming into your Inbox.

Obviously, these are just a handful of possible choices computer users make; but just remember, the choices you make will always have consequences.

Someone@anonymousemail.org

The past couple of days, I have been receiving a number of e-mails originating from the “anonymousemail.org” domain. This appears to be a new wave of scams and you’re better off if you just delete the messages without opening them. Here is a sample of the message contained within one of them:

Hi, I hate to be the one to mention this, but people
at work are talking about your weight issue and it just
disgusts me. Whether you know it by now, people are
always chattering about each other at work but you come
up more than enough. I feel the right thing to do is to
letyou know now before this gets worse. I wasn’t the
happiest or best-fit a year ago or so but I managed to
change that thanks to my sister-in-law(of all people).
Anyhow, it was for the best. What I am saying is that
you need to do something different and maybe you can
make the same difference I did. Try this stuff I used.
I took it on the idea it’s just more junk but it worked
great. I see more positive reviews on it nowadays and
makes me feel even better. So, I am encouraging a change,
not only in the chatter around here but in you personally
if you are willing.
-Anonymous for now

Here is the website below I have ordered from.

Obviously, I removed the web site for everyone’s protection and all of the e-mails I have seen thus far have come from overseas. As usual, the scammers are banking on human curiosity to lure in their next victims.

Be smart and delete these e-mails.

Cookbook E-Mail Scam

Anyone who reads information security articles or newsletters understands that cyber criminals are constantly refining their techniques to entice unsuspecting or even suspecting computer users to take the bait of their malicious payloads.  For example, I received an e-mail today with the following subject: “Get 4 Cookbooks For A Dollar Each (see details)”.  Now if the recipient enjoys cooking, they may be enticed to take advantage of this wonderful deal, after all, they would probably save a descent amount of money on getting four cookbooks for only $1.00.  Well, always remember to question everything and do not believe what you read or hear until you have confirmed the information.  As I suspected, this particular e-mail did not appear legitimate and here are some reasons why…

First, I use the iHateSpam e-mail filtering program on my personal computers and this particular e-mail was immediately routed to my “Deleted Items” folder by the iHateSpam program because it matched the iHateSpam Blacklist.  The following lines show information contained in the header of this e-mail:

X-Header-Overseas: Mail.from.Overseas.source.58.26.98.162
X-Header-NoReverseIP: IP.name.lookup.failed[58.26.98.162]
X-Originating-IP: [58.26.98.162]
Received: from nejd.mtier2kylix2kitedifc.clean-credit-score.net ([58.26.98.162])

Obviously, the first line shows that the e-mail originated somewhere overseas and after looking up the IP address of 58.26.98.162, the country of origin is Malaysia.

The second line shows that the originating address of this e-mail did not have a reverse IP Address or CNAME entry in the DNS lookup tables, which makes the DNS Server unable to resolve the address and could have been the reason it was blacklisted.

The forth line shows that this email came from the “clean-credit-score.net” domain, which makes me wonder why a domain in the business of credit would be selling cook books.

Some interesting things worth noting in the body of the e-mail included numerous links to various web pages on the “clean-credit-score.net” domain; and there was an “Opt Out” message with an address in Mechanicsburg, PA (obviously not in Malaysia).

Who knows what would have happened if I would have clicked any of the links…for all I know, they could have tried to install a backdoor Trojan or Rootkit on to my computer.  If you would like to learn how you can identify e-mail properties as demonstrated here, you will find some examples and suggestions in our eBook, “Home Network Security”, as well as some valuable resources to help you investigate the validity of e-mails.

Just remember, human curiosity is the foundation upon which cyber criminals use to build their malicious content and with millions of computer users on the Internet, they have plenty of victims to entice.

E-mails without a subject or body

I don’t know what is going on here, but I received many e-mails today from different sources that did not have a subject or anything within the body of the message.

Many of the e-mails came from overseas and I suspect these e-mails are seeking out addresses that are “alive” and also to see if anyone is opening them. I suspect the e-mails are conveying this information back to the sender(s), who will in turn bombard those who opened them with additional spam and/or malicious content.

According to Spamhaus.org, there are approximately 1 million to 100 million spam e-mails sent every day and the spammers don’t know which addresses are “live” and which aren’t; but if the recipient replies or opens the e-mail, they just gave them the information they were seeking. You can read more about this type of technique on the Spamhaus website at:

http://www.spamhaus.org/removeisformugs.html

Do as we do and delete these types of messages!

Virginia Tech Phishing Scams

The SANS Internet Storm Center reported that there are a large number of new domains being registered today in connection with the Virginia Tech massacre yesterday.  If you think back to Hurricane Catrina, there were numerous scams that came out of the wood work hoping to take advantage of caring and giving individuals who donated money with the intent of providing assistance to the unfortunate victims.

If you are looking to donate to the victims of the Virginia Tech tragedy, do some research before freely giving out your personal information and donations over the Internet.  You can read the story at:

http://isc.sans.org/diary.html

Beware of IRS Tax Phishing Scams

Warnings have been issued over the past couple of months regarding IRS Tax Phishing Scams and now that the tax deadline is almost here, there may be one last wave of attacks.

There are reports of Web sites claiming to be legitimate places where tax payers can file their returns electronically for free…but for the informed and Internet savvy, we all know that this is simply not true.

Do not become another victim and if you wish to file for free, the IRS does have a “Free File Program” located on the IRS.gov site.  You would be well-advised to type the address IRS.gov in to your browser, rather than trusting a link.  You can read more on this story at:

http://www.pcworld.com/printable/article/id,130789/printable.html

Commentary: Think Before you Click

As you probably know, the Internet has become a playground for the criminally inclined, who are looking for easier ways to steal your money.  Fortunately, using some good judgment will go a long way in not becoming one of the countless statistics of those who opened an infected attachment or clicked the wrong links.

The first thing everyone should realize is that having security software designed to protect your computer only goes so far; many people believe they are impervious to attacks because of their level of protection.  This kind of thinking is dangerous and may lead to a computer compromise if the users become reckless when surfing the Internet and opening e-mail.  It is important to realize that security software is usually limited to providing protection against “known” threats and because of this misconception, zero-day threats are often successful because the protection has not yet been developed and released to the end user.

Secondly, for most exploits to be successful, the user must initiate the action by opening an infected attachment; opening an infected e-mail; clicking a malicious link; or visiting a compromised or infected web site.  The best rule of thumb is to question every mouse click BEFORE you make an irreversible mistake that could cost you your identity and financial security.  If you receive an attachment in an e-mail, you should always scan it with your virus program before you open it; because if it is a known threat, chances are good your anti-virus program will be able to alert you.  Just remember, your virus definitions must be up-to-date to provide you with the highest level of protection.

Thirdly, read all e-mails in “Plain Text” instead of html.  Many e-mails have harmful code embedded within them and by simply opening them, you can become infected.  However, if you read your e-mail in plain text, your chance of becoming infected will be greatly reduced.  The things to look out for are pictures and other graphic images that have harmful code embedded within them; these types of attacks are becoming more popular with the bad guys.  By reading e-mail in plain text, the images will become attachments that can first be scanned before they are opened.

Finally, if you don’t recognize the sender…don’t open it.  Now days, it is very difficult to keep spam from infiltrating your Inbox and a lot of this spam is malicious.  If you delete it and do not open it, you will not get infected by the e-mail.

Just remember, for most attacks to be successful, the end user must initiate the attack.  If you understand these simple rules and exercise countermeasures and good judgment; you will be more successful in not becoming another victim.

Worm Alert!

Wow, the malware just keeps coming! It appears there is a new outbreak of a worm with characteristics similar to the Internet Storm Worm released earlier this year. I received two e-mails today with this malicious payload and there will probably be more to follow.

The SANS Internet Storm Center has received numerous reports of this mass mailing as well and you can read the article at: http://isc.sans.org/diary.html

If you receive e-mails with a subject trying to alert you to an infection, chances are…it is a variant of the Storm worm and you would be well-advised to deleted it.

FYI: F-Secure Anti-virus 2007 detected and removed the harmful attachments in both e-mails I received today. The e-mail subject lines were “Worm Alert!” and “Virus Alert!”

Greeting Card.exe making the Rounds

Today, my F-Secure Anti-virus 2007 e-mail scanner found and removed a harmful attachment named “Greeting Card.exe”. F-Secure Anti-virus 2007 identified the attachment as “Worm:W32/Zhelatin.CQ”, which according to the F-Secure Security Centre, is an E-mail Worm and Rootkit.

The characteristics of this attachment were identical to the W32/Zhelatin.CQ worm that started spreading on April 8th, 2007 using war-related e-mail subjects. This particular e-mail had a subject of “The Time for Love” and if you receive an e-mail with this subject and/or attachment or anything even remotely close to it – you should probably delete it immediately.

Remember, good protection is invaluable and exercising common sense in deciding which e-mails to view and which attachments to open can mean the difference between becoming infected or remaining clean from infection.

UPDATE: JUST RECEIVED ANOTHER SIMILAR E-MAIL…THIS TIME THE SUBJECT WAS “OUR LOVE IS FREE” AND THE ATTACHMENT WAS NAMED “With Love.exe”. This is starting to exhibit symptoms of a new wave of attacks.

UPDATE: Received two more of the same on 4/12…First one had a subject of “I Love You Soo Much” with an attachment named, “Love Card.exe” and the second had a subject of “A Kiss So Gentle” and the attachment was named, “Postcard.exe”

Be Careful!

If you haven’t yet installed the Microsoft Security updates, now is the time

Microsoft released 6 security updates today, three of which patch Zero-day vulnerabilities and exploit code available to those with malicious intent willing to use it to their benefit.

Do yourself a favor and install all available Windows Security updates now!