Just thought this would be valuable for the forum members.

****************************************************************
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 2, No. 1. January 01, 2005
****************************************************************

Many people were fooled by the Christmas Greeting worm:

A new virus has been going around wishing everyone a Merry Christmas.
Anti-virus vendors have several names for this virus, including
W32.Erkez.D@mm (Symantec) or W32/Zafi.d@MM (McAfee, Trend Micro). This
virus will use several subject lines to try to get you to open up an
enclosed file. Be extra careful with this one because it will send itself
to email addresses gathered from the infected computer. The worm may also
attempt to lower security settings, terminate processes, and open a back
door onto the computer.

Where you can read more on this story:
http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.d@mm.html


************************
Important Note: When you update your Windows computer, you usually must
get both the Windows updates and Microsoft Office updates. They are at
different sites, which are:

Windows Update:
http://windowsupdate.microsoft.com

Office Update:
http://office.microsoft.com/en-us/officeupdate/default.aspx


************************
What To Avoid This Month
************************

I. Email from people trying to get you to divulge private details.
These are often trying to steal your identity (and your money)
I.1 eBay Billing Information Update
I.2 eBay Safe Harbor Notice
I.3 Please Save My Situation
I.4 SunTrust Phishing email-"Security Alert on Microsoft Internet
Explorer"
I.5 Washington Mutual Phishing email - "Confirm your Online Banking
account"
I.6 eBay email - "Credit/Debit card Update."
I.7 Debit Card Alert

II. Virus/Hoax Alerts
II.1 W32.Atak.F@mm
II.2 VBS.Sorpe.B@mm
II.3 VBS.Sorpe.A@mm

III. Covert Phishing scam lies in wait for its victims

IV. Important Phishing Information
IV.1 Canada has interesting information on what Internet users should
do about Phishing schemes
IV.2 Let's take the Phishing Quiz Again for the Holidays

V. Phishing Web Sites Grew by 33 Percent in November

VI. Internet Fraud Complaint Center

VII. Hacked Web Sites Used To Install Parasites

**********************************
More Details About Things To Avoid
**********************************

I. Email from people trying to steal your identity (and your money)

I.1 eBay Billing Information Update:

The Bait: An email sent to you stating that your eBay billing updates are
out of order and to update your personal information.

What it tries to make you do: Get you to fill our your personal
information such as name and credit card information.

Where you can see how it actually appears: http://www.millersmiles.co.uk/identitytheft/121904-eBay-Billing-Information-Update.php

I.2 eBay Safe Harbor Notice

The Bait: An email stating your eBay account will be suspended within 48
hours after receiving the email.

What it tries to make you do: Get you to change your personal information
due to unauthorized access on your account

Where you can see how it actually appears: http://www.millersmiles.co.uk/identitytheft/121704-Safe-Harbor-Notice.php

I.3 Please Save My Situation

The Bait: An email falsely promising to pass along large amounts of money
to you, while in fact just gathering lots of personal information about
you. This is in the same style as the Nigerian '419' scams you may have
read about.

Where you can see how it actually appears: http://www.millersmiles.co.uk/identitytheft/121704-PLEASE-SAVE-MY-SITUATION.php

I.4 SunTrust Phishing email-"Security Alert on Microsoft Internet
Explorer"

The Bait: An email that arrives in your mailbox promising to add better
security features for your online banking.

What it tries to make you do: Click on a link in the email to update your
security installation.

Where you can see how it actually appears: http://www.fraudwatchinternational.com/fraud_alerts/041111_3503_suntrust.htm

I.5 Washington Mutual Phishing email-"Confirm your Online Banking
account"

The Bait: An unexpected email that arrives in your mailbox explaining
that your account was accessed multiple times.

What it tries to make you do: Open the link and verify your personal
information.

Where you can see how it actually appears: http://www.fraudwatchinternational.com/fraudalerts2/0412/pages/041218_4546_wamu.htm

I.6 eBay email - "Credit/Debit card Update."

The Bait: Multiple login failures to your account

What it tries to make you do: Click on a link within the email to
update your account.

Where you can see how it actually appears: http://www.fraudwatchinternational.com/fraudalerts2/0412/pages/041218_4534_ebay.htm

I.7 Debit Card Alert

The Bait: Update your ATM card information

What it tries to make you do: Fill out the form in email

Where you can see how it actually appears: http://www.millersmiles.co.uk/identitytheft/121904-Debit-Card-Alert.php


******************************
II. Virus/Hoax Alerts:

II.1 W32.Atak.F@mm

The Bait: An unexpected email that arrives in your mailbox with
various subject lines such as 'Merry X-Mas', 'Happy New Year'

What it tries to make you do: Open the attached file. When you open it
you are infected with this virus.

Where you can see how it actually appears: http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.f@mm.html

II.2 VBS.Sorpe.B@mm

The Bait: An email that arrives in your mailbox with various subject
lines such as 'A friendly reminder to ALL online bank users', 'Fw:
Reminder to be aware of internet scams' and numerous others.

What it tries to make you do: Open the attached file. Opening the
attachment causes the virus to infect your computer.

Where you can read more on this story: http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.b@mm.html

II.3 VBS.Sorpe.A@mm

The Bait: An email that arrives in your mailbox with various subject
lines such as 'Microsoft Updates News ', 'Service Pack 2 Updates
News' and numerous others.

Where you can read more on this story: http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.a@mm.html

*** Remember that Microsoft never sends patches or updates through the
email; they are available for download only through the links above,
or through the Automated Update Service on your Windows System Tray.


******************************
III. Covert Phishing scam lies in wait for its victims:

According to experts, this is a low risk for now, but this could be a sign
of worse things to come. Experts have stated that a phishing scam has
been detected which will not require you to click on a link in the email
in order to gather your personal data while banking online.

Where you can read more on this story: http://software.silicon.com/security/0,39024655,39125549,00.htm


******************************
IV. Important Phishing Information:

IV.1 The United States and Canada have jointly issued a publication
describing phishing and giving the public information on what to do
about it. This is an excellent overview and well worth a look.

It has some really good information on what Internet users should do
about phishing schemes as well as some facts and how phishing occurs.

Where you can read more on this story: http://www.psepc.gc.ca/publications/policing/phishing_e.asp

IV.2 Let's take the Phishing Quiz for the Holidays:

There are some things that should be repeated during the holidays,
like the Phishing Quiz. This quiz will test your phishing knowledge.

Where you can take the quiz: http://survey.mailfrontier.com/survey/quiztest.html


******************************
V. Phishing Web Sites Grew by 33 Percent in November:

According to a recent article published by InfoWorld it states that
the number of phishing web sites associated with online identity
theft scams grew by 33 percent in November.

Where you can read more on this story: http://enterprisesecurity.symantec.com/content.cfm?articleid=5125&PID=182998&EID=815


******************************
VI. Do you want to be sure that you really are at the right web page? Is
it a scam?

Here is a simple and easy way for anyone to check to see if the site
they are visiting is actually a real site or a scam site.

Where you can read more on this story: http://www.millersmiles.co.uk/identitytheft/spoof-link-checker.php


******************************
VII. Hacked Web Sites Used To Install Parasites

Security researchers are warning of a new method of installing
unwanted parasitic software onto the computers of unsuspecting
victims who use Microsoft Internet Explorer (MSIE).

The two best ways to avoid having your computer compromised by this
threat are to make certain you are completely up-to-date with all
Microsoft patches (using the links above), and consider using a
Browser other than Internet Explorer. Other options include Mozilla
Firefox, Netscape and Opera. This made the news back in June as seen
in the following link:
http://edition.cnn.com/2004/TECH/internet/06/25/internet.attack/index.html

Those who are interested in the technical details may wish to read
the more technical write-up here:
http://www.vitalsecurity.org/xpire-splitinfinity-serverhack_malwareinstall-condensed.pdf


==end==

Copyright 2004, The SANS Institute. Permission is hereby granted for
any person to redistribute this in whole or in part to any other persons
as long as the distribution is FOR PERSONAL USE, OR INTERNALLY WITHIN A
COMMERCIAL ORGANIZATION, AND not being made as part of any commercial
service or as part of a promotion or marketing effort for any commercial
service or product.

Gary