Date: Sun, 17 Apr 2005 09:05:36 -0400 (EDT) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET NEWS: SANS "OUCH" Report April 5, 2005 -------------------------------------------- SANS INSTITUTE OUCH REPORT FOR April 5, 2005 -------------------------------------------- The "OUCH Report" is a monthly security alert e-newsletter published by the SANS Institute (www.sans.org) for redistribution to non-technical customers and staff. The latest issue of OUCH is below. Many of the threats described are blocked by our Barracuda Spam and Virus Firewall, but not all. No firewall can ever be 100% effective so we urge you to be alert for these and other potential threats against you and your computer. **************************************************************** OUCH: The Report On Identity Theft and Attacks On Computer Users Volume 2, No. 4. April 05, 2005 **************************************************************** Major threat this month: Antivirus companies are warning users of Microsoft's popular MSN Messenger application about a host of new worms that spread using instant messaging (IM) over that network. Where you can read more on this story: http://www.pcworld.com/resource/printable/article/0,aid,119930,00.asp One particularly common and damaging worm is Mytob: Symantec reported that multiple variations of the Mytob worm have appeared in the last few weeks, all of them able to plant a backdoor on infected machines and prevent them from updating security software. Source: http://www.informationweek.com/story/showArticle.jhtml?articleID=159907336 ************************ Important Note: When updating your Windows computer, you should apply patches for both the Windows Operating System and the Microsoft Office application. The patches are located at different web sites, which are: Windows Update: http://windowsupdate.microsoft.com Office Update: http://office.microsoft.com/en-us/officeupdate/default.aspx Other software installed on your computer may also need to be updated on a regular basis. Please visit http://www.softwarepatch.com for other application patches that may need to be applied to your computer. ************************ What To Avoid This Month I. Email from people trying to get you to divulge private details. These are often trying to steal your identity (and your money) I.1 'e-Bullion accounts investigations' I.2 'eBay: Account Violate User Agreement' I.3 AOL -'Credit Card Declined Notice' I.4 'Update your Online Banking Records' I.5 'KeyBank Customer Confirm Your Identity' I.6 'Confirmation- PULSE debit card electronic fund transfer' II. Virus/Hoax Alerts II.1 Life is beautiful (hoax) II.2 W32.Sory.A III. Important Information III.1 ID Thieves Breach LexisNexis, Obtain Information on 32,000 III.2 Macintosh Hacker Attacks Are on the Rise - Symantec IV. Avoid Phishing Scams: Tips from Fraud.org V. Three minutes to ID theft VI. Phishers Moving Away From E-Mail 'Lures' VII. Phishing Information VII.1 Woman's Spam Conviction Thrown Out VII.2 Identity Theft Investigation Nets Scottish Police 28 Arrests VII.3 Man Sentenced in 911 Computer Virus ****************************** More Details About Things To Avoid I. Email from people trying to steal your identity (and your money) I.1 'e-Bullion accounts investigations' The Bait: letting you know that your e-Bullion account was stolen or hacked. What it tries to make you do: Click on the link within the email. Where you can see how it actually appears: http://tinyurl.com/6sypr I.2 'eBay: Account Violate User Agreement' The Bait: Your eBay account could be suspended, update your information. What it tries to make you do: Click on the suspect link. Where you can see how it actually appears: http://tinyurl.com/6kun8 I.3 AOL -'Credit Card Declined Notice' The Bait: Trying to charge your account and it was declined What it tries to make you do: Click on the link within the email. Where you can see how it actually appears: http://tinyurl.com/6aem3 I.4 Bank Of Oklahoma - 'Update your Online Banking Records' The Bait: An unsophisticated phish, trying to catch the customers of a bank that hasn't been targeted before, by surprise. What it tries to make you do: Click on the provided link within the email. Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/03-15-05_BOA/03-15-05_BOA.html I.5 'KeyBank Customer Confirm Your Identity' The Bait: Confirm your Account information What it tries to make you do: Click on the link within the email. Where you can see how it actually appears: http://tinyurl.com/5mul9 I.6 'Confirmation- PULSE debit card electronic fund transfer' The Bait: A confirmation email on your account. What it tries to make you do: Click on the URL link Where you can see how it actually appears: http://tinyurl.com/7xmvr ****************************** II. Virus/Hoax Alerts: According to experts a number of email scams have been distributed since the Indian Ocean tsunami disaster. II.1 Life is beautiful (hoax) The Bait: Warning of a computer virus, and to pass it on. Where you can read more on this story: http://www.datafellows.com/hoaxes/lifepps.shtml II.2 W32/Sory.worm Method of Infection: This worm spreads by copying itself to the STARTUP folder of accessible networked systems. Where you can read more on this story: http://vil.nai.com/vil/content/v_100270.htm ****************************** III. Important Information: III.1 Identity thieves have penetrated LexisNexis, a company that sells private information on millions of U.S. consumers, the latest in a series of breaches that is throwing a spotlight on the practices and safeguards of the booming data-collection industry. Where you can read more on this story: http://tinyurl.com/6ocbm III.2 According to experts, hacker attacks on Apple Computer Inc.'s Macintosh OS X operating system, thought by many who use the Mac to be virtually immune to attack, are on the rise. Where you can read more on this story: http://tinyurl.com/627sc ****************************** IV. Avoid Phishing Scams: Tips from Fraud.org Information, tips and contact information for avoiding and reporting phishing. Here's a summary 1. The most common form of phishing is by email. 2. Don't click on the link in an email that asks for your personal information. 3. Phishing can also happen by phone. 4. If someone contacts you and says you've been a victim of fraud, verify the person's identity before you provide any personal information. 5. Job seekers should also be careful. 6. Be suspicious if someone contacts you unexpectedly and asks for your personal information 7. Act immediately if you've been hooked by a phisher 8. Even if you didn't get hooked, report phishing. Where you can read more on this story: http://www.fraud.org/tips/internet/phishing.htm ****************************** V. Three minutes to ID theft Researchers took to London's theater district to ask people about their theater-going habits and attitudes. In exchange for giving away enough information for identity theft, they'd be entered into a drawing for tickets to an upcoming show. 92% provided the private information. Where you can read more on this story: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1071265,00.html ****************************** VI. Phishers Moving Away From E-Mail 'Lures' According to experts, Phishing attacks were up slightly in February. More troubling is the fact that they are working on newer and more devious ways of stealing identities. Where you can read more on this story: http://www.informationweek.com/story/showArticle.jhtml?articleID=159907295 ****************************** VII. Phishing Information VII.1 A Virginia judge dismissed a North Carolina woman's conviction on felony spamming charges. Where you can read more on this story: http://www.washingtonpost.com/ac2/wp-dyn/A64551-2005Mar1?language=printer VII.2 After a multi-month investigation, Scottish police have arrested 28 people on charges of identity theft. Where you can read more on this story: http://tinyurl.com/3tlq8 VII.3 David Jeansonne has been sentenced to six months in prison and ordered to pay US$27,100 in restitution to Microsoft for his role in distributing a Trojan horse program to unwitting WebTV subscribers. Where you can read more on this story: http://tinyurl.com/5rg34 http://www.pcworld.com/resource/printable/article/0,aid,120050,00.asp ==end== Copyright 2005, The SANS Institute. Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product.