Just thought I would pass along the lastest warnings that continue to attack our computers and our bank accounts. Lots of stuff to look at, it takes a bit of time, but it's worth the read.

Major threat this month:
Microsoft Releases Two Security Fixes for Windows That Carry Its Most
Severe Threat Rating

Both flaws affect versions of the Windows operating system going back to
Windows 98, and both could allow an attacker to take control of another
person's computer.

Where you can read more on this story:
http://abcnews.go.com/Business/wireStory?id=3D405508&CMP=3DOTC-RSSFeeds0312

************************

Important Note: It is equally important to update software packages as
well as the computer's operating system, only the operating system is
updated when you visit the Windows Update web site. Other software
packages, like Microsoft Office and your anti-virus software should be
update on a regular basis. Some common update sites are:

Windows Update:
http://windowsupdate.microsoft.com
Office Update:
http://office.microsoft.com/en-us/officeupdate/default.aspx

Another Patch Site for various applications:
http://www.softwarepatch.com

************************

What To Avoid This Month

I. Email from people trying to get you to divulge private details.
These emails are often used to try to steal your identity (and your
money)
I.1 KeyBank - 'Keybank Internet Banking Account Suspension Notice!'
I.2 AOL - 'You've Got (2) Pictures@AOL.com'
I.3 eBay - 'Account Verification'
I.4 Citizens Bank - 'Important Online Banking Alert'
I.5 Paypal - 'New email address added to your account'
I.6 TCF Bank - 'TCF express checking card alert'
I.7 Washington Mutual Bank - 'Re-Submit: wamu.com Urgent requirementvu'

II. Virus/Hoax Alerts
II.1 Letter from tsunami victim (hoax)
II.2 Unidentified tsunami boy (hoax)
II.3 W32/Zafi-D
II.4 W32/Baba-C

III. Experts Warn of Trick to Bypass Internet Explorer Download Warnings

IV. Important Information
IV.1 Adobe update in Adobe Reader and other products
IV.2 Apple security updates

V. Phishers Drop Hooks Into Smaller Streams

VI. Phishers Migrating to Trojan Horse Attacks

VII. Help Protect Against Phishing Attacks

VIII. Phishing Information

******************************

More Details About Things To Avoid

I. Email from people trying to steal your identity (and your money)

I.1 KeyBank - 'Keybank Internet Banking Account Suspension Notice!'

The Bait: An email sent to you stating that your account may have
been hijacked by another person.
What it tries to make you do: Get you to supply your personal
information such as keybank.com account information, credit card
information, SSN, email address.

Where you can see how it actually appears: http://tinyurl.com/5ny44


I.2 AOL - 'You've Got (2) Pictures@AOL.com'

The Bait: An email stating you have (2) two pictures from another AOL
user.
What it tries to make you do: Click on the suspect link.

Where you can see how it actually appears:
http://tinyurl.com/5uart


I.3 eBay - 'Account Verification'

The Bait: Email sent to you to verify your eBay account.
What it tries to make you do: click on the link within the email.

Where you can see how it actually appears: http://tinyurl.com/6xw6p


I.4 Citizens Bank - 'Important Online Banking Alert'

The Bait: An email that alerts you to an online banking problem.
What it tries to make you do: Provide your Citizens Bank login
information such as username/password.

Where you can see how it actually appears: http://tinyurl.com/6mscy


I.5 Paypal - 'New email address added to your account'

The Bait: An unexpected email that states a new email address was
added to your account.
What it tries to make you do: Open the link and enter your personal
information, including your Paypal username and password, and credit
card details.

Where you can see how it actually appears: http://tinyurl.com/56kgm


I.6 TCF Bank - 'TCF express checking card alert'

The Bait: Click on the link within email.
What it tries to make you do: Click on the link to confirm your
account information, and enter your credit card information.

I.7 Washington Mutual Bank - 'Re-Submit: wamu.com Urgent requirementvu'

The Bait: Click on the link within the email.
What it tries to make you do: Fill out information thus giving your
credit card information.

Where you can see how it actually appears: http://tinyurl.com/6sats

******************************
II. Virus/Hoax Alerts: According to experts a number of email scams have
been distributed since the Indian Ocean tsunami disaster.

II.1 Letter from tsunami victim (hoax)

The Bait: An email that wants you to transfer money for them (like
the Nigerian hoax)
What it tries to make you do: Reply to the email

Where you can see how it actually appears: http://www.sophos.com/virusinfo/hoaxes/tsunami.html


II.2 Unidentified tsunami boy (hoax)

The Bait: A picture of a Tsunami victim
What it tries to make you do: Forward the email (2MB in size)
to slow down your network.

Where you can read more on this story: http://www.sophos.com/virusinfo/hoaxes/tsunami_boy.html


II.3 W32/Zafi-D (virus)

The bait: E-mail with Holiday greetings which tries to get you to open
the attachment.
What it tries to make you do: Open the attachment to see the card. If
you do, it will infect your computer with the Zafi.D virus.
Where you can read more on this story: http://www.sophos.com/virusinfo/analyses/w32zafid.html


II.4 W32/Baba-C (virus)

The Bait: Email tries to trick users into thinking there's
pornographic content on their PCs, and then offers to hide the
evidence.

Where you can read more on this story: http://sophos.com/virusinfo/analyses/w32babac.html

******************************
III. Experts Warn of Trick to Bypass IE Download Warnings:

III.1 Microsoft customers are being warned about an unpatched hole in
the Internet Explorer Web browser. This hole could allow a remote
attacker to bypass security warnings and then download malicious
content onto vulnerable systems.

Where you can read more on this story: http://tinyurl.com/6vkwc

******************************
IV. Important Information:

IV.1 Adobe Systems has made an update generally available for
several highly critical security vulnerabilities in versions
6.0.0, 6.0.1, and 6.0.2 of its Adobe Reader 6.0, Acrobat
Standard 6.0, and Acrobat Professional 6.0 software for Microsoft
Windows.
Where you can read more on this story and download patches from: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3D2679.

IV.2 On the basis of multiple third-party reports, some experts have
advised that several "less critical" security vulnerabilities in
Apple=AE Macintosh OS X versions 10.3.4 and/or 10.3.7 may allow
malicious users to execute code, gain escalated privileges, expose
the contents of local files, cause a Denial of Service, or crash the
operating system.

Where you can read more on this story: http://docs.info.apple.com/article.html?artnum=3D61798

******************************
V. Phishers Drop Hooks Into Smaller Streams: Online Scam Artists Now
Targeting Regional-Bank Customers

As the nation's largest financial institutions deploy increasingly
sophisticated measures to prevent Internet scams, online fraudsters are
targeting smaller, regional U.S. banks whose customers may be less
attuned to the threat.

According to experts the shift is the latest trend in a technological
arms race between Phishers and the e-commerce and banking companies
that they target.

Where you can read more on this story: http://www.washingtonpost.com/ac2/wp-dyn/A32199-2005Jan24

******************************
VI. Phishers Migrating to Trojan Horse Attacks:

The latest report from the Anti-Phishing Working Group (APWG) suggests
that phishing attacks will increase in the year ahead.

Where you can read more on this story: http://tinyurl.com/5xqmg

******************************
VII. Help Protect Against Phishing Attacks

The Netcraft Toolbar community is effectively a giant neighborhood
watch scheme, empowering the most alert and most expert members to defend
everyone within the community against Phishing frauds.

Where you can read more on this story: http://toolbar.netcraft.com/

******************************
VIII. Phishing Information

Here is a site that points to many links for reporting Phishing: http://ebarrelracing.com/articles/new_file.php?cat=53

Repository of OUCH issues: http://www.sans.org/newsletters/ouch/

Copyright 2005, The SANS Institute. Permission is hereby granted for any
person to redistribute this in whole or in part to any other persons as
long as the distribution is not being made as part of any commercial
service or as part of a promotion or marketing effort for any commercial
service or product.

Gary
_________________________
PSR-S950, TC Helicon Harmony-M, Digitech VR, Samson Q7, Sennheiser E855, Custom Console, and lots of other silly stuff!

K+E=W (Knowledge Plus Experience = Wisdom.)