Some of you may get this newsletter from SANS, however, I thought that general populace of the GS will benefit from this.
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 2, No. July 01, 2005
Major threats this month:
Microsoft releases 10 New Patches - 3 Critical
Three of the software patches released by Microsoft correct problems rated as “critical”
Where you can read more on this story:
http://www.computerworld.com/printthis/2005/0,4814,102569,00.html
Also see section VIII below for equally critical Apple vulnerabilities.
Good news on updating if you use Windows XP or Windows 2000 (XP1). You no longer have to update the operating system and Microsoft Office separately. To use the new combined service, go to:
You still need to patch other software yourself. For example there were several critical vulnerabilities in RealPlayer announced this month. To fix them, open the software, click on Help and then on Check For Update and follow directions to download the free update.
Other Patch Sites:
Windows Update:
http://windowsupdate.microsoft.com
Office Update:
http://office.microsoft.com/en-us/officeupdate/default.aspx
Several Patch Sites for various applications and Windows Updates:
And two others that may be accessed only by people using .mil addresses:
https://patches.mont.disa.mil/index.jsp (.mil address only)
https://ceds.ssg.gunter.af.mil/enosc/index.asp (.mil address only)
Phishing Alerts - What To Avoid This Month (currently there are
approximately 161 alerts) information also available at
http://www.millersmiles.co.uk/archives/current
I. Top Rated Phishing Threats These are e-mails often trying to steal
your identity (and your money)
I.1 Navy Federal Credit Union Phishing Scam
I.2 Update Your PayPal Account Information
I.3 Bank Of Oklahoma
I.4 Message from eBay Member (eBay)
I.5 Smith Barney: Security Maintenance
II. Virus and Hoax Alerts
II.1 W32/Mytob-BI (virus)
II.2 W32/Mytob-CV (virus)
II.3 W32/Chode-C (virus)
II.4 Skulls.L (Trojan)
II.5 BagleDl-R (Trojan)
II.6 Nokia phone promotion hoax
III. General Phishing/E-mail Information
III.1 Phishers are Exploiting MasterCard Breach
III.2 British government hit by e-mail attack
IV. Hackers plot to create massive botnet
V. Nuclear power plant secrets leaked by computer virus
VI. New worm hits AIM network
VII. Adobe flaw puts PCs at risk
VIII. Apple Patches 11 Security Flaws
IX. Arrests/Convictions
IX.1 Sasser Worm Trial Set to Begin on July 5
IX.2 Man Sentenced for Signing Boss Up for Unwanted E-mail
IX.3 Japanese Police Arrest Phishing Suspect
X. Confused about Phishing and Pharming?
XI. It is Quiz Time
More Details About Things To Avoid
I. E-mail from people trying to steal your identity (and your money)
I.1 Navy Federal Credit Union Phishing Scam
The Bait: Warning you that you have unauthorized ATM activity on
your account and to log in to their secure site to verify your
information.
The Goal: To get you to enter personal and account information.
Where you can see how it actually appears:
http://www.navyfcu.org/01/aa/em_phs-v1.html
I.2 Update Your PayPal Account Information
The Bait: E-mail asks you to confirm and/or update your account
information by visiting the link within e-mail
The Goal: To capture your account information
Where you can see how it actually appears:
http://www.millersmiles.co.uk/report/746
I.3 Bank Of Oklahoma
The Bait: E-mail asking you to verify your account information due to
unusual login attempts.
The Goal: Persuade you to provide your credit card and other personal
information.
Where you can see how it actually appears:
http://www.millersmiles.co.uk/report/732
I.4 Message from eBay Member (eBay)
The Bait: Message from eBay member for Unauthorized Account Access
The Goal: Persuade you to provide your user id and password along with
other information on your eBay account.
Where you can see how it actually appears:
http://www.millersmiles.co.uk/report/727
I.5 Smith Barney: Security Maintenance
The Bait: E-mail telling you that Smith Barney is updating its
software and asking you to confirm your account details
The Goal: Persuade you to provide your user id and password along with
other information on your SmithBarney account.
Where you can see how it actually appears:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=68326
II. Virus and Hoax Alerts:
II.1 W32/Mytob-BI (virus)
Delivery Method: Pretends to have an enclosure of an error message
from an IT administrator warning users that their accounts are
about to be suspended and asks the user for validation.
Effects of Infection: This particular one allows others to access the
computer, sends copies of itself to e-mail addresses found on the
infected computer and forges the sender’s e-mail address.
Where you can read more on this:
http://www.sophos.com/virusinfo/analyses/w32mytobbi.html
II.2 W32/Mytob-CV (virus)
Delivery Method: E-mail sent to you with various subject lines and
attachment names
Effects of Infection: Turns off anti-virus applications, allows others
to access the computer, sends itself to e-mail addresses found on
the infected computer, records keystrokes.
Where you can read more on this:
http://www.sophos.com/virusinfo/analyses/w32mytobcv.html
II.3 W32/Chode-C (virus)
Delivery Method: It can be delivered through chat programs.
Effects of Infection: Turns off anti-virus applications, allows others
to access the computer, downloads code from the internet, this
particular one is used in denial of service attacks.
Where you can read more on this:
http://www.sophos.com/virusinfo/analyses/w32chodec.html
II.4 Skulls.L (Trojan)
Delivery Method: You must install this on your phone, delivered by
e-mail.
Effects of Infection: Turns off anti-virus applications, allows others
to access the phone, downloads code from the internet. This
particular one is used in denial of service attacks.
Where you can read more on this:
http://www.f-secure.com/v-descs/skulls_l.shtml
II.5 BagleDl-R (Trojan)
Delivery Method: Troj/BagleDl-R is a downloader Trojan which will
download, install and run new software without notification that it
is doing so.
Effects of Infection: This Trojan will turn off anti-virus
applications, modify data on the infected computer, download code
from the internet and install itself into the registry of the
system.
Where you can read more on this:
http://www.sophos.com/virusinfo/analyses/trojbagledlr.html
II.6 Nokia phone promotion hoax (hoax)
Delivery Method: Sent by e-mail about a Free Nokia Phone Giveaway
Effects of Infection: This hoax is trying to get you to pass it on
to everyone stating you will receive a free phone. It is a hoax.
Where you can read more on this:
http://www.datafellows.com/hoaxes/nokiagiv.shtml
III. Phishing Information (see Section X for phishing and pharming definitions):
III.1 Phishers are Exploiting MasterCard Breach
Businesses and consumers are to be on the lookout for suspicious
e-mails supposedly from MasterCard. The bogus e-mails are actually
from a fraudulent (phishing) site that asks users to visit the
phishing site and disclose their account information.
Where you can read more on this story:
http://blogs.washingtonpost.com/securityfix/2005/06/phishers_target.html?referrer=email
III.2 British Government and Companies Hit By Targeted E-mail Attacks
According to NISCC, the British government’s cybersecurity agency,
sophisticated virus writers are targeting computers at the very
heart of Great Britain’s infrastructure.
Where you can read more on this story:
http://www.msnbc.msn.com/id/8244700/
IV. Hackers plot to create massive botnet
According to experts the most recent Bagle variants are actually
part of a three-stage process to create bot nets, or networks of
zombie computers.
Where you can read more on this story:
http://www.theregister.co.uk/2005/06/03/malware_blitz/print.html
V. Nuclear power plant secrets leaked by computer virus
According to the Japanese press, approximately 40MB of
confidential reports, related to nuclear power plant inspections,
was leaked by a virus-infected computer belonging to an employee
of the Mitsubishi Electric Plant Engineering (MPE).
Where you can read more on this story:
http://www.sophos.com/virusinfo/articles/jpnuclear.html
VI. New worm spreads through AIM network
The worm spread in instant messages with the text:
“LOL LOOK AT HIM” and included a Web link to a file
called “picture.pif.”
Where you can read more on this story:
http://techrepublic.com.com/2100-1009_11-5748646.html?tag=fdnews#
VII. Adobe flaw puts PCs at risk
According to Adobe, a security vulnerability exists in the Adobe
License Management Service. This vulnerability can lead to
unauthorized persons gaining access to the user’s computer.
Where you can read more on this story:
http://www.zdnet.com.au/news/security/0,2000061744,39196954,00.htm
VIII. Apple Patches 11 Security Flaws
Apple has released a security update that contains fixes for 11
vulnerabilities in its OS X operating system. Some of the flaws
are buffer overflow problems that can result in denial of service
or unauthorized root access on vulnerable systems. Others are
unauthorized wireless Bluetooth access.
Where you can read more on this story:
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=164302227
IX. Arrests and Convictions
IX.1 Sasser Worm Trial Set to Begin on July 5
The German teenager accused of creating the infamous
Sasser worm faces a July trial for computer sabotage offenses.
This teenager is also suspected of releasing all 28 versions of
the equally notorious NetSky worm.
Where you can read more on this story:
http://www.theregister.co.uk/2005/05/31/sasser_trial_date_set/print.html
http://www.theregister.co.uk/2004/05/10/sasser_worm_arrest/
IX.2 Man Sentenced for Signing Boss Up for Unwanted E-mail
According to the Baltimore Sun, a US man signed his boss up to
various spam lists has been convicted of harassment and sentenced
to probation and 100 hours community service after pleading guilty
to misuse of electronic mail
Where you can read more on this story:
http://www.theregister.co.uk/2005/06/10/spam_harrassement_lawsuit/
IX.3 Japanese Police Arrest Phishing Suspect
Japanese police have arrested Kazuma Yabuno, who is suspected of
creating and operating a web site that appears to be a known
Internet auction site, but which was instead used to harvest
unsuspecting users’ personal information. Police confiscated 12
computers from the home of Mr. Yabuno. This is Japan’s first arrest
related to Phishing.
Where you can read more on this story:
http://informationweek.com/story/showArticle.jhtml?articleID=164302444
X. Confused about Phishing and Pharming?
Phishing - sounds like “fishing” and represents an attempt to steal confidential information from individuals. This is often in the form of login username/password combinations, account numbers or other sensitive details. It often begins with an e-mail message asking someone to visit a website and provide their credentials. Although the website may look legitimate, it is not and the scam artist manages to intercept the confidential information supplied. This usually leads to some sort of fraud. It is almost never true that a legitimate website would send an e-mail message asking someone to login and validate their credentials. Never respond to these sorts of requests.
Pharming - sounds like “farming” and is a more insidious method to obtain confidential information. In this case, a previously legitimate computer server, such as an ecommerce or banking website, is compromised and used to direct visitors to a fraudulent website that asks a visitor to provide confidential information. Again, the desired outcome is fraud.
For more details visit: http://www.antiphishing.org
XI. It is Quiz Time
Here are two quizzes that I have found on the net that have good
information for you, your coworkers and family to help them with
Phishing and staying safe online.
http://www.bankrate.com/brm/news/advice/20040331a1.asp
http://www.javelinstrategy.com/IDSAFETYQUIZ.htm
==end==
Copyright 2005, The SANS Institute. Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product.