January 17, 2009

Another worm attack infects over 9 million PC around the world!

Category: Security — David @ 2:57 am

Early Friday on January 16, 2009, the Finnish firm revised its estimate of the number of computers that had fallen victim to a new worm called Confiker (Known as Kido or Downadup as well).

The worm, which is surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008. It disables system restore, blocks access to security websites, and downloads additional malware to infected machines. The worm uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. The worm’s algorithm generates many possible domain names every day. It concern hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org. This functionality makes it impossible and impractical to shut them all down — most of them are never registered in the first place.

Urgent advice: users are strongly recommended to ensure their antivirus databases are up to date. A patch for the windows bug/vulnerability is available from Microsoft: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx It concern Microsoft Security Bulletin MS08-067 – Critical / Vulnerability in Server Service Could Allow Remote Code Execution (958644).

Sources/references of this outbreak alert and background information:

Kaspersky Lab
Guardian.co.uk
Microsoft
ThreatExpert
F-Secure
Symantec
NetworkWorld
DarkReading

Kaspersky Lab disinfection/removal tool: http://support.kaspersky.com/faq/?qid=208279973

October 31, 2008

Be Aware of Phishing Domain Registrars’ E-mail Spam

Category: Security — David @ 11:18 pm

There has been a flood of e-mail spasm around the Net these days asking domain name registrars to login to their accounts and apply some changes to their domain information! The links directs to different URLs and extract your proprietary information!

We have received some e-mails from leading domain name registering networks warning their customers regarding these phishing. A copy of a warning from Network Solutions is enclosed.

Dear Valued Network Solutions(R) Customer:

We’ve recently become aware of a phishing scam targeting domain name customers of a small number of registrars including Network Solutions(R). We wanted to alert you of
this situation. Phishing is the practice of luring unsuspecting Internet users to a fake Web site by using an authentic-looking e-mail in an attempt to steal passwords, account information or other sensitive data.

At this time, we know that fraudulent e-mails are being sent to some domain name customers, regardless who the registrar of record is, which include links to sites that
look like networksolutions.com or other domain provider sites; however they are fake Web sites. These e-mails are attempting to capture login information.

If you believe you have received an e-mail of this type, have clicked on the link, and provided your login information, we recommend the following for security
purposes:

1. Log in to your account from your registrar’s web site.
2. Review your account information for accuracy
3. Choose a new password security question and answer
4. Change your password

June 19, 2008

What is Phishing and how to protect ourselves?

Category: Security — David @ 9:58 pm

Phishing is an attempt to fraudulently acquire sensitive information from your computer / your online accounts, such as usernames, passwords, or credit card details, by masquerading as a trustworthy entity. For example, there are reports of phishing emails that falsely appear to be your trusted networks such as eBay, PayPal, or even your banks and financial institutions. These fraudulent emails ask users to update their information; billing information, take action on a disapproved ad, edit their account, or accept new terms and conditions.  In some cases, the links may lead to websites that install malware applications and scripts onto your computer.

If you’ve receive a phishing email that attempts to fraudulently collect passwords, credit card numbers, or other sensitive information, please report it to your trusted network immediately and make them aware of fraudulent activities in their behalf.

Tips to protect ourselves from phishing:

1. Don’t reply to, or click links within, emails that ask for personal, financial, or account information.

2. Check the message headers. The ‘From:’ address and the ‘Return-path’ should reference the same source. If necessary, look at the expanded header as some phishing use vulnerable email servers to rout their messages.

3. Instead of clicking the links in emails, go to the websites directly by typing the web address into your browser, cut and paste, or use bookmarks.

4. If on a secure page, look for “https” at the beginning of the URL and the padlock icon in the browser.

5. Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).

6. Use strong passwords. A strong password should be unique; include letters, numbers, and symbols; and be changed regularly.

7. If you ever need to change your account information, such as your billing details or your password, you should always sign in to your account from the main login page of your trusted network (i.e. your bank’s main website) and make the changes directly within your account.