SYNTH ZONE
Visit The Bar For Casual Discussion
Topic Options
#204440 - 03/12/05 04:16 PM And the scams go on and on and on...
travlin'easy Offline
Senior Member

Registered: 12/08/02
Posts: 15556
Loc: Forest Hill, MD USA
Just thought I would share this with the good folks on the Synthzone:

---------------------------------------------
SANS INSTITUTE OUCH REPORT FOR MARCH 10, 2005
---------------------------------------------
The "OUCH Report" is a monthly security alert e-newsletter published by
the SANS Institute (www.sans.org) for redistribution to non-technical
customers and staff. The latest issue of OUCH is below. We hope you find
it informative.

****************************************************************
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 2, No. 3. March 10, 2005
****************************************************************

Major threat this month:

A new variant of the Sober worm, Sober-K, is currently hitting inboxes
around the world. A frightening aspect of this worm is that it may arrive
as an email attachment that pretends to be from America's Federal Bureau
of Investigation (FBI).

Where you can read more on this story: http://www.cnn.com/2005/TECH/internet/02/22/fbi.warning/ http://www.theregister.co.uk/2005/02/24/sober_worm_fbi_warning/

************************

Important Note: When you update your Windows computer, you usually must
get both the Windows updates and Microsoft Office updates. They are at
different sites, which are:

Windows Update:
http://windowsupdate.microsoft.com
Office Update:
http://office.microsoft.com/en-us/officeupdate/default.aspx
Another Patch Site for various applications:
http://www.softwarepatch.com

************************

What To Avoid This Month

I. Email from people trying to get you to divulge private details
These are often trying to steal your identity (and your money)
I.1 Washington Mutual Bank - 'Unauthorized Access to Your Washington
Mutual Account'
I.2 SouthTrust Bank - 'Notification From SouthTrust Online Banking'
I.3 Huntington Bank - 'Huntington Bank Security Update Notification'
I.4 Paypal - 'Unauthorized Access...'
I.5 MSN - 'Microsoft Network customer data verification'
I.6 KeyBank - 'SECURE YOUR ACCOUNT NOW'
I.7 Google - Email Lottery International

II. Virus/Hoax Alerts
II.1 Fake Tsunami Photo (hoax)
II.2 W32/Sober.I
II.3 W32/Inforyou.A@mm

III. Important Information
III.1 Mozilla fixes security hole
III.2 Security holes affect multiple Linux/Unix products
III.3 Security hole in multiple TrendMicro products

IV. Avoiding Phishing Scams: Tips from Fraud.org

V. Email Worm Spoofing: Spoofing Explained

VI. SP2 fix not your typical security update

VII. Arrests and Convictions
VII.1 IM spammer arrested
VII.2 T-Mobile server hacker caught


******************************

More Details About Things To Avoid

I. Email from people trying to steal your identity (and your money)

I.1 Washington Mutual Bank - 'Unauthorized Access To Your Washington
Mutual Account'

The Bait: An email sent to you for Unauthorized Access to your
account.
What it tries to make you do: Click on the link within the email.

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-24-05_Wamu/02-24-05_Wamu.html

I.2 SouthTrust Bank - 'Notification From SouthTrust Online Banking'

The Bait: Email stating that your account may have been accessed by
someone else.
What it tries to make you do: Click on the suspect link.

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-22-05_SouthTrust/02-22-05_SouthTrust.html

I.3 Huntington Bank - 'Huntington Bank Security Update Notification'

The Bait: New payment security for the bank.
What it tries to make you do: click on the link within the email.

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-18-05_Huntington/02-18-05_Huntington.html

I.4 Paypal - 'Unauthorized Access...'

The Bait: An email that alerts you to unauthorized access to your
PayPal account.
What it tries to make you do: Click on the link it provides

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-17-05_Paypal/02-17-05_Paypal.html

I.5 MSN - 'Microsoft Network customer data verification'

The Bait: Email sent to you to verify your information on your
account.
What it tries to make you do: Click on the link within the email

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-15-05_MSN/02-15-05_MSN.html

I.6 KeyBank - 'SECURE YOUR ACCOUNT NOW'

The Bait: Create a secure code for access to KeyBank.
What it tries to make you do: Click on the picture link

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-08-05_Key/02-01-05_Key.html

I.7 Google - Email Lottery International

The Bait: Google Lottery Winner
What it tries to make you do: Reply to the email and take money
from you.

Where you can see how it actually appears: http://www.hoax-slayer.com/google-lottery-scam.html

******************************
II. Virus/Hoax Alerts: According to experts a number of email scams have
been distributed since the Indian Ocean tsunami disaster.

II.1 Fake Tsunami Photo (hoax)

The Bait: Photo depicts the Asian tsunami about to engulf a city.
What it tries to make you do: Forward the email (2MB in size) in
hopes to slow down your network.

Where you can read more on this story: http://www.hoax-slayer.com/current-issue.html#five


II.2 W32/Sober.I (McAfee)

The Bait: Tries to get you to open the email attachment.

Where you can read more on this story: http://vil.nai.com/vil/content/v_131869.htm


II.3 W32/Inforyou.A@mm

The Bait: Downloading the attachment

Where you can read more on this story: http://tinyurl.com/5365x

******************************
III. Important Information:

III.1 Mozilla has fixed a security hole that can allow an attacker
to spoof the URL in your address bar and play similar tricks with
SSL certificates and status bars.

Where you can read more on this story: http://tinyurl.com/46an8

III.2 Attackers could launch malicious code by exploiting
vulnerabilities in a file transferring tool used in many Linux
and Unix systems, according to two security firms.

Where you can read more on this story: http://www.linuxsecurity.com/content/view/118414/65/

III.3 TrendMicro recommends customers upgrade their scanning engine
In order to fix a critical security hole in multiple widely used
products.

Where you can read more on this story: http://tinyurl.com/4ozgl

******************************
IV. Avoiding Phishing Scams: Tips from Fraud.org:

Information, tips and contact information for avoiding and reporting
phishing.

Where you can read more on this story: http://www.fraud.org/tips/internet/phishing.htm

******************************
V. Email Worm Spoofing: Spoofing Explained:

Easy-to-understand information on how worms use spoofing to spread.

Where you can read more on this story: http://www.hoax-slayer.com/email-worm-spoofing.html

******************************
VI. SP2 fix not your typical security update

Microsoft released a patch for SP2 that surprised some users,
given that it breaks with the patch release on a Tuesday cycle
and was unaccompanied by a security bulletin.

Where you can read more on this story: http://tinyurl.com/6xjj7


******************************
VII. Arrests and Convictions

VII.1 Anthony Greco has been arrested on charges of sending 1.5
million unsolicited instant messages, known as "spim," to members
of the MySpace.com online networking service.

Where you can read more on this story: http://tinyurl.com/6598n

VII.2 Nicolas Jacobsen has pleaded guilty to intentionally accessing
a protected computer and recklessly causing damage for breaking
into T-Mobile servers.

Where you can read more on this story: http://www.securityfocus.com/printable/news/10516


==end==

Copyright 2005, The SANS Institute. Permission is hereby granted for any
person to redistribute this in whole or in part to any other persons as
long as the distribution is not being made as part of any commercial
service or as part of a promotion or marketing effort for any commercial
service or product.

Gary
_________________________
PSR-S950, TC Helicon Harmony-M, Digitech VR, Samson Q7, Sennheiser E855, Custom Console, and lots of other silly stuff!

K+E=W (Knowledge Plus Experience = Wisdom.)

Top
#204441 - 03/13/05 01:48 AM Re: And the scams go on and on and on...
Bluezplayer Offline
Senior Member

Registered: 11/10/00
Posts: 2195
Loc: Catskill Mountains, NY
Thanks for these Gary. I used to do quite a few transactions over the 'net. The paypal thing cured me of that. I got one of those recently and I wasn't paying attention. I had already started to reply when I realized something wasn't right.

So, my next step was to go to the real Pay Paypal site and remove my banking info and account #. I don't need Paypal that much that it's worth the chance of being caught off guard and having my bank account cleaned out.

AJ
_________________________
AJ

Top
#204442 - 03/13/05 11:41 AM Re: And the scams go on and on and on...
BEBOP Offline
Senior Member

Registered: 01/02/00
Posts: 3781
Loc: San Jose, California
This is a lot of good info Gary.
Thanks for sharing all this.
I have just copied it and emailed it to all the musicians and friends on my email lists, so now a few hundred more people have this info on hand.
Best to you,
Bebop
_________________________
BEBOP

Top
#204443 - 03/13/05 11:43 AM Re: And the scams go on and on and on...
Tony Rome Offline
Member

Registered: 12/11/04
Posts: 1374
Loc: Cozumel Mexico
Good Post Gary....it's a shame that everyday
someone works twice as hard to beat you out of your money than it is to get a real job and honest folks alone....

Top

Moderator:  Admin, Diki, Kerry 



Help keep Synth Zone Online