Date: Sat, 12 Mar 2005 14:57:15 -0500 (EST) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET NEWS: SANS "OUCH" Report March 10, 2005 --------------------------------------------- SANS INSTITUTE OUCH REPORT FOR MARCH 10, 2005 --------------------------------------------- The "OUCH Report" is a monthly security alert e-newsletter published by the SANS Institute (www.sans.org) for redistribution to non-technical customers and staff. The latest issue of OUCH is below. We hope you find it informative. **************************************************************** OUCH: The Report On Identity Theft and Attacks On Computer Users Volume 2, No. 3. March 10, 2005 **************************************************************** Major threat this month: A new variant of the Sober worm, Sober-K, is currently hitting inboxes around the world. A frightening aspect of this worm is that it may arrive as an email attachment that pretends to be from America's Federal Bureau of Investigation (FBI). Where you can read more on this story: http://www.cnn.com/2005/TECH/internet/02/22/fbi.warning/ http://www.theregister.co.uk/2005/02/24/sober_worm_fbi_warning/ ************************ Important Note: When you update your Windows computer, you usually must get both the Windows updates and Microsoft Office updates. They are at different sites, which are: Windows Update: http://windowsupdate.microsoft.com Office Update: http://office.microsoft.com/en-us/officeupdate/default.aspx Another Patch Site for various applications: http://www.softwarepatch.com ************************ What To Avoid This Month I. Email from people trying to get you to divulge private details These are often trying to steal your identity (and your money) I.1 Washington Mutual Bank - 'Unauthorized Access to Your Washington Mutual Account' I.2 SouthTrust Bank - 'Notification From SouthTrust Online Banking' I.3 Huntington Bank - 'Huntington Bank Security Update Notification' I.4 Paypal - 'Unauthorized Access...' I.5 MSN - 'Microsoft Network customer data verification' I.6 KeyBank - 'SECURE YOUR ACCOUNT NOW' I.7 Google - Email Lottery International II. Virus/Hoax Alerts II.1 Fake Tsunami Photo (hoax) II.2 W32/Sober.I II.3 W32/Inforyou.A@mm III. Important Information III.1 Mozilla fixes security hole III.2 Security holes affect multiple Linux/Unix products III.3 Security hole in multiple TrendMicro products IV. Avoiding Phishing Scams: Tips from Fraud.org V. Email Worm Spoofing: Spoofing Explained VI. SP2 fix not your typical security update VII. Arrests and Convictions VII.1 IM spammer arrested VII.2 T-Mobile server hacker caught ****************************** More Details About Things To Avoid I. Email from people trying to steal your identity (and your money) I.1 Washington Mutual Bank - 'Unauthorized Access To Your Washington Mutual Account' The Bait: An email sent to you for Unauthorized Access to your account. What it tries to make you do: Click on the link within the email. Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-24-05_Wamu/02-24-05_Wamu.html I.2 SouthTrust Bank - 'Notification From SouthTrust Online Banking' The Bait: Email stating that your account may have been accessed by someone else. What it tries to make you do: Click on the suspect link. Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-22-05_SouthTrust/02-22-05_SouthTrust.html I.3 Huntington Bank - 'Huntington Bank Security Update Notification' The Bait: New payment security for the bank. What it tries to make you do: click on the link within the email. Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-18-05_Huntington/02-18-05_Huntington.html I.4 Paypal - 'Unauthorized Access...' The Bait: An email that alerts you to unauthorized access to your PayPal account. What it tries to make you do: Click on the link it provides Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-17-05_Paypal/02-17-05_Paypal.html I.5 MSN - 'Microsoft Network customer data verification' The Bait: Email sent to you to verify your information on your account. What it tries to make you do: Click on the link within the email Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-15-05_MSN/02-15-05_MSN.html I.6 KeyBank - 'SECURE YOUR ACCOUNT NOW' The Bait: Create a secure code for access to KeyBank. What it tries to make you do: Click on the picture link Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/02-08-05_Key/02-01-05_Key.html I.7 Google - Email Lottery International The Bait: Google Lottery Winner What it tries to make you do: Reply to the email and take money from you. Where you can see how it actually appears: http://www.hoax-slayer.com/google-lottery-scam.html ****************************** II. Virus/Hoax Alerts: According to experts a number of email scams have been distributed since the Indian Ocean tsunami disaster. II.1 Fake Tsunami Photo (hoax) The Bait: Photo depicts the Asian tsunami about to engulf a city. What it tries to make you do: Forward the email (2MB in size) in hopes to slow down your network. Where you can read more on this story: http://www.hoax-slayer.com/current-issue.html#five II.2 W32/Sober.I (McAfee) The Bait: Tries to get you to open the email attachment. Where you can read more on this story: http://vil.nai.com/vil/content/v_131869.htm II.3 W32/Inforyou.A@mm The Bait: Downloading the attachment Where you can read more on this story: http://tinyurl.com/5365x ****************************** III. Important Information: III.1 Mozilla has fixed a security hole that can allow an attacker to spoof the URL in your address bar and play similar tricks with SSL certificates and status bars. Where you can read more on this story: http://tinyurl.com/46an8 III.2 Attackers could launch malicious code by exploiting vulnerabilities in a file transferring tool used in many Linux and Unix systems, according to two security firms. Where you can read more on this story: http://www.linuxsecurity.com/content/view/118414/65/ III.3 TrendMicro recommends customers upgrade their scanning engine In order to fix a critical security hole in multiple widely used products. Where you can read more on this story: http://tinyurl.com/4ozgl ****************************** IV. Avoiding Phishing Scams: Tips from Fraud.org: Information, tips and contact information for avoiding and reporting phishing. Where you can read more on this story: http://www.fraud.org/tips/internet/phishing.htm ****************************** V. Email Worm Spoofing: Spoofing Explained: Easy-to-understand information on how worms use spoofing to spread. Where you can read more on this story: http://www.hoax-slayer.com/email-worm-spoofing.html ****************************** VI. SP2 fix not your typical security update Microsoft released a patch for SP2 that surprised some users, given that it breaks with the patch release on a Tuesday cycle and was unaccompanied by a security bulletin. Where you can read more on this story: http://tinyurl.com/6xjj7 ****************************** VII. Arrests and Convictions VII.1 Anthony Greco has been arrested on charges of sending 1.5 million unsolicited instant messages, known as "spim," to members of the MySpace.com online networking service. Where you can read more on this story: http://tinyurl.com/6598n VII.2 Nicolas Jacobsen has pleaded guilty to intentionally accessing a protected computer and recklessly causing damage for breaking into T-Mobile servers. Where you can read more on this story: http://www.securityfocus.com/printable/news/10516 ==end== Copyright 2005, The SANS Institute. Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product.