Date: Mon, 31 Jan 2005 13:39:45 -0500 (EST) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET NEWS: SANS "OUCH" Report February 1, 2005 ----------------------------------------------- SANS INSTITUTE OUCH REPORT FOR FEBRUARY 1, 2005 ----------------------------------------------- The "OUCH Report" is a monthly security alert e-newsletter published by the SANS Institute (www.sans.org) for redistribution to non-technical customers and staff. The latest issue of OUCH is below. We hope you find it informative. **************************************************************** OUCH: The Report On Identity Theft and Attacks On Computer Users Volume 2, No. 2. February 01, 2005 **************************************************************** Major threat this month: Microsoft Releases Two Security Fixes for Windows That Carry Its Most Severe Threat Rating Both flaws affect versions of the Windows operating system going back to Windows 98, and both could allow an attacker to take control of another person's computer. Where you can read more on this story: http://abcnews.go.com/Business/wireStory?id=405508&CMP=OTC-RSSFeeds0312 ************************ Important Note: It is equally important to update software packages as well as the computer's operating system, only the operating system is updated when you visit the Windows Update web site. Other software packages, like Microsoft Office and your anti-virus software should be update on a regular basis. Some common update sites are: Windows Update: http://windowsupdate.microsoft.com Office Update: http://office.microsoft.com/en-us/officeupdate/default.aspx Another Patch Site for various applications: http://www.softwarepatch.com ************************ What To Avoid This Month I. Email from people trying to get you to divulge private details. These emails are often used to try to steal your identity (and your money) I.1 KeyBank - 'Keybank Internet Banking Account Suspension Notice!' I.2 AOL - 'You've Got (2) Pictures@AOL.com' I.3 eBay - 'Account Verification' I.4 Citizens Bank - 'Important Online Banking Alert' I.5 Paypal - 'New email address added to your account' I.6 TCF Bank - 'TCF express checking card alert' I.7 Washington Mutual Bank - 'Re-Submit: wamu.com Urgent requirementvu' II. Virus/Hoax Alerts II.1 Letter from tsunami victim (hoax) II.2 Unidentified tsunami boy (hoax) II.3 W32/Zafi-D II.4 W32/Baba-C III. Experts Warn of Trick to Bypass Internet Explorer Download Warnings IV. Important Information IV.1 Adobe update in Adobe Reader and other products IV.2 Apple security updates V. Phishers Drop Hooks Into Smaller Streams VI. Phishers Migrating to Trojan Horse Attacks VII. Help Protect Against Phishing Attacks VIII. Phishing Information ****************************** More Details About Things To Avoid I. Email from people trying to steal your identity (and your money) I.1 KeyBank - 'Keybank Internet Banking Account Suspension Notice!' The Bait: An email sent to you stating that your account may have been hijacked by another person. What it tries to make you do: Get you to supply your personal information such as keybank.com account information, credit card information, SSN, email address. Where you can see how it actually appears: http://tinyurl.com/5ny44 I.2 AOL - 'You've Got (2) Pictures@AOL.com' The Bait: An email stating you have (2) two pictures from another AOL user. What it tries to make you do: Click on the suspect link. Where you can see how it actually appears: http://tinyurl.com/5uart I.3 eBay - 'Account Verification' The Bait: Email sent to you to verify your eBay account. What it tries to make you do: click on the link within the email. Where you can see how it actually appears: http://tinyurl.com/6xw6p I.4 Citizens Bank - 'Important Online Banking Alert' The Bait: An email that alerts you to an online banking problem. What it tries to make you do: Provide your Citizens Bank login information such as username/password Where you can see how it actually appears: http://tinyurl.com/6mscy I.5 Paypal - 'New email address added to your account' The Bait: An unexpected email that states a new email address was added to your account. What it tries to make you do: Open the link and enter your personal information, including your Paypal username and password, and credit card details. Where you can see how it actually appears: http://tinyurl.com/56kgm I.6 TCF Bank - 'TCF express checking card alert' The Bait: Click on the link within email. What it tries to make you do: Click on the link to confirm your account information, and enter your credit card information. I.7 Washington Mutual Bank - 'Re-Submit: wamu.com Urgent requirementvu' The Bait: Click on the link within the email. What it tries to make you do: Fill out information thus giving your credit card information. Where you can see how it actually appears: http://tinyurl.com/6sats ****************************** II. Virus/Hoax Alerts: According to experts a number of email scams have been distributed since the Indian Ocean tsunami disaster. II.1 Letter from tsunami victim (hoax) The Bait: An email that wants you to transfer money for them (like the Nigerian hoax) What it tries to make you do: Reply to the email Where you can see how it actually appears: http://www.sophos.com/virusinfo/hoaxes/tsunami.html II.2 Unidentified tsunami boy (hoax) The Bait: A picture of a Tsunami victim What it tries to make you do: Forward the email (2MB in size) to slow down your network. Where you can read more on this story: http://www.sophos.com/virusinfo/hoaxes/tsunami_boy.html II.3 W32/Zafi-D (virus) The bait: E-mail with Holiday greetings which tries to get you to open the attachment. What it tries to make you do: Open the attachment to see the card. If you do, it will infect your computer with the Zafi.D virus. Where you can read more on this story: http://www.sophos.com/virusinfo/analyses/w32zafid.html II.4 W32/Baba-C (virus) The Bait: Email tries to trick users into thinking there's pornographic content on their PCs, and then offers to hide the evidence. Where you can read more on this story: http://sophos.com/virusinfo/analyses/w32babac.html ****************************** III. Experts Warn of Trick to Bypass IE Download Warnings: III.1 Microsoft customers are being warned about an unpatched hole in the Internet Explorer Web browser. This hole could allow a remote attacker to bypass security warnings and then download malicious content onto vulnerable systems. Where you can read more on this story: http://tinyurl.com/6vkwc ****************************** IV. Important Information: IV.1 Adobe Systems has made an update generally available for several highly critical security vulnerabilities in versions 6.0.0, 6.0.1, and 6.0.2 of its Adobe Reader 6.0, Acrobat Standard 6.0, and Acrobat Professional 6.0 software for Microsoft Windows. Where you can read more on this story and download patches from: http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679. IV.2 On the basis of multiple third-party reports, some experts have advised that several "less critical" security vulnerabilities in AppleŽ Macintosh OS X versions 10.3.4 and/or 10.3.7 may allow malicious users to execute code, gain escalated privileges, expose the contents of local files, cause a Denial of Service, or crash the operating system. Where you can read more on this story: http://docs.info.apple.com/article.html?artnum=61798 ****************************** V. Phishers Drop Hooks Into Smaller Streams: Online Scam Artists Now Targeting Regional-Bank Customers As the nation's largest financial institutions deploy increasingly sophisticated measures to prevent Internet scams, online fraudsters are targeting smaller, regional U.S. banks whose customers may be less attuned to the threat. According to experts the shift is the latest trend in a technological arms race between Phishers and the e-commerce and banking companies that they target. Where you can read more on this story: http://www.washingtonpost.com/ac2/wp-dyn/A32199-2005Jan24 ****************************** VI. Phishers Migrating to Trojan Horse Attacks: The latest report from the Anti-Phishing Working Group (APWG) suggests that phishing attacks will increase in the year ahead. Where you can read more on this story: http://tinyurl.com/5xqmg ****************************** VII. Help Protect Against Phishing Attacks The Netcraft Toolbar community is effectively a giant neighborhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against Phishing frauds. Where you can read more on this story: http://toolbar.netcraft.com/ ****************************** VIII. Phishing Information Here is a site that points to many links for reporting Phishing: http://ebarrelracing.com/articles/new_file.php?cat=53 ==end== Repository of OUCH issues: http://www.sans.org/newsletters/ouch/ Copyright 2005, The SANS Institute. Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product.