Facebook is great fun, and can even be a great way to keep in touch with not only your friends and family but your work mates as well. Facebook because of its very nature needs to be used with caution and a good dose of common sense, as the following article clearly proves.
Security officials from Trend Micro caution that malware creators are taking misusing the buzz made by the latest Facebook profiles to push harmful program on to user’s systems with the help of Facebook toolbar.
The toolbar is forged, but is well crafted. The mails appear to have come from Facebook and use the site’s template also. The subject of the mail is “Hello dear friend!” and the message is signed by “The Facebook Team”.
It reads: “Hi dear Friend. Now you can download the Facebook toolbar. Now it will be easier than ever to share and connect with your friends. Thanks”. The message comes with a big green button which says “Download Here”, which on clicking, takes to a site serving a file calledfb.exe for download.
As per Trend Micro, this file is actually a variant of the Zapchast IRC backdoor.
Security expert state that Backdoor.IRC.Zapchast installs IRC scripts and configuration files that enable the infected system to be used as a zombie. The infected machine connects to some IRC channels mentioned in the configuration files and is controlled by the hacker. Also, some Zapchast variants come infected a computer virus called Parite.B.
Cristina Buenviaje, Anti-Spam Research Engineer at Trend Micro said that, lately, Facebook brought in some changes to the profile pages of its users which make it easier for users to display their latest activities and to know about their friends. Also, it is not a matter of concurrence that soon after this change, they started getting fake mails from Facebook, as per the news by blog.trendmicro.com on December 9, 2010.
The security experts claim that it has become an expected pattern. Everytime Facebook initiates some changes; the attackers launch mail campaigns that misuse the change and lure users into installing malware.
Facebook has attempted in the past to increase the security level, but as per from BitDefender, an Internet Security Firm, is filled with Trojan horses, keyloggers and other kinds of malware. The viruses could be found in harmful links and other third-part applications.
You can read the full article here.
Now I was just talking about the best gadgets to pick up this holiday season and this morning I found Tom’s Top Five on Revision3 listing his, which ironically are very simular to mine and finding the Roku Player on his list of tech goodies. If are you still searching for that special someone (me perhaps) you can find lots of tech goodness here. You will also notice that although Tom has the IPAD listed at #1 he does throw some love at my new Samsung Galaxy Tablet.
I was so happy to see CNET give the Roku box some love this holiday season. I have had one of these little amazing boxes for about 16 months and I truly love it. With this little box you can access not only your Netflix account, but Hulu Plus, amazon on demand, Sirius radio, Pandora Radio, Revision3 TV and much much more. Check out the quick review here and perhaps I will write up a full review after the holidays. At about 100 bucks just about anybody can afford one of these tech beauties.
The holidays can be a dangerous time out there on the internet. Protect yourself by educating yourself and beware of what seems to good to be true, because it probably is. Especially if you heard about it on the internet!
The holiday shopping season is a great time to get tech products at discounted prices, but it also creates a golden opportunity for the Web’s scam artists. The FBI, McAfee, the Better Business Bureau and F-Secure are all warning about cybercriminals who will try to take you for a ride this holiday season. Here are their most pertinent warnings and tips for staying safe:
The Infamous Free iPad
Bogus free iPad offers started popping up immediately after Apple’s tablet went on sale, and they’ve since been banned from Facebook. Still, you might see similar offers around the Web, McAfee says, prompting you to buy other products as a condition of getting the free iPad. By now, you should realize it’s too good to be true.
Gift Card Scams
That free $1,000 gift card offer you saw on Facebook? Bogus, of course. McAfee says that cybercrooks lure people into giving away their personal information or taking quizzes in exchange for these cards, which never arrive. The information is then sold to marketers or used for identity theft.
The FBI also says to use caution when purchasing gift cards through auction sites or classified ads. These can be fraudulent, and you won’t get your money back. Buy directly from retailers instead.
Bogus Auctions and Classifieds
Here’s a particularly tricky scheme pointed out by the FBI: On auction and classified sites, fraudsters use their own order forms to get payment details from holiday gift buyers. Then, they charge the victim’s credit card and use a stolen credit card to buy the actual item, which is sent directly to the victim. In other words, you’ll still get the product, but you might be liable for receiving stolen goods. To avoid this scam, be sure to use legitimate payment services like Paypal instead of providing money directly to the seller.
The feds also warn of a related scam for free or reduced-price shipping offered on auction and classified sites. The fraudsters provide fake shipping labels to the victim, and the product ends up being intercepted in transit, never delivered to its destination.
For cybercriminals, spamming Google with bogus holiday gift pages is a yearly tradition. These pages could be loaded with malware or payment forms intended to steal your identity. F-Secure has created a list of what it thinks will be the highly targeted search terms this year, including Kinect for Xbox, Call of Duty: Black Ops, Amazon Kindle and Apple iPad. Visit retailers’ websites directly when possible, use Internet security software if you must and always check for “https” in the URL bar before ordering online to ensure that the page is secure.
Public Wi-Fi networks will get a workout this holiday season as people travel, McAfee notes. This is especially true with Google offering free Wi-Fi on domestic flights from three major airlines. Check out our security tips from Google’s free Wi-Fi offer at airports last year, most of which are still relevant in the skies. Number one tip: Avoid shopping and paying bills over a public network.
The read the full article from PC World click here.
The fictitious DLH and FedEx delivery email messages continue to plague computer inboxes everywhere. Although our filtering system (Postini) does a good job blocking most of these messages a few do make it to inboxes here and there. Below is some information you should be aware of regarding these messages.
Recently, security researchers at AppRiver (security firm) have warned of a fake malware infected DHL delivery status e-mails that are targeting innocent internet users.
The “From” column of the e-mails is spoofed as if it had come from “DHL Services” and the complete content of the message is written in Spanish. These emails are quite different from all other DHL spoofs as they exploit a real DHL email template, which comprise the company’s logo, color schemes, images, and contact information.
These fake e-mails states that a package could not be delivered on time due to unclear or badly written shipping address. The e-mail further informs recipients that the parcel can be collected from the local post office. To collect the parcel, the e-mail asks the users to carry along a print of the shipping label enclosed in the attachment.
The shipping label attachment is named Etiqueta_ID#####.zip (# being a random digit) and encloses a folder with a malicious .exe file. The file contains a fake Excel document icon, which installs an Oficla variant. The Oficla family of malware is called droppers. As the name suggests, their main aim is to penetrate into systems and drop malware that can further damage the system.
Commenting on the issue, Fred Touchette, Security Researcher at AppRiver stated on his blog post that, he was not sure that who would like to get into all of these troubles by clicking on several links and attachments, but one thing he was sure of is that, this trick works. He further said that, he could only presume that those files were foldered and zipped to avoid detection by anti-virus software, which doesn’t check that thoroughly, as reported by AppRiver on October 25, 2010.
Finally, users can apply their common sense approach and keep in mind the following suggestions to avoid falling prey to such malware attacks. First and foremost, if the user doesn’t speak Spanish, he should immediately delete from their inbox. In case, if the user speaks the language, but not expecting some DHL shipment, then also he should immediately delete the e-mail.
But in case, if the user is expecting a shipment from DHL and speaks Spanish, then he should think for a while regarding the poorly written message and understand that a reputable company would not sent such a badly written thing or file attachment like this (via e-mail).
You can read the original article here.
Many of you, my co-workers have forwarded me email message “alerts” these past few weeks which always refer to a reliable person “in the know” who has information about a major virus on the horizon. These messages can almost always be ignored. The email message you received from the “reliable source” asking you to forward it on is the “virus” itself. We will talk about these messages in more detail during next week’s IT classes.
Here is some more detail about the history of these types of email “hoaxes”.
Email hoaxes are nothing new, dating back at least as far as 1994 with what is widely believed to have been the first email hoax—referred to as the “Goodtimes virus” or the “Goodtimes virus hoax” after the subject of the email. The message in the early version was short and to the point, advising recipients not to open email messages with the subject “Good Times” because doing so would ruin their files. This, of course, was not true, but in cases where the recipient complied with the warning, it obviously had the effect of ruining their chances of actually reading any legitimate email messages with that very subject.
Before email, normal postal mail (known fondly by many as “snail-mail”) chain-letter hoaxes regularly did the rounds, and sometimes still do even today. The difference between a simple hoax and a chain-letter hoax is that the latter encourages the recipient to forward the letter or email on to others, usually family and friends. Sometimes the hoax email claims that something good will happen to the sender if they send the letter on to at least 5 or 10 or 15 or 20 people, whereas others take the darker path of sternly informing the recipient that failing to forward the message to others will result in something bad happening. This could be illness, loss of income, the sky falling, or whatever the case may be (insert evil consequence here). Of course, both the “carrot” and the “stick” versions prey on people’s natural desires for good things to happen in their lives, and their equally natural desire to prevent or avoid “bad luck.” I’m sure most people don’t truly believe that something bad will result if they fail to forward the message, but many people are superstitious and probably take the view, “Well, it can’t hurt, so just in case…”
A minor variation of one particular hoax that dates back to at least 2006 (and possibly before) has recently resurfaced and is scaring people once again. The email looks like this:
FYI TO ALL.
Dave's brother is a very advanced programmer who does
computer work for a living and has a high up status with Microsoft. He
doesn't send these if they aren't real. If he says this is for
real, it for sure is. Be aware.
VIRUS COMING !
I checked with Norton Anti-Virus, and they are gearing up
for this virus!
I checked Snopes, and it is for real. Get this E-mail
message sent around to your contacts ASAP.
PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND
You should be alert during the next few days. Do not open
any message with an attachment entitled 'POSTCARD FROM
HALLMARK,'regardless of who sent it to you. It is a virus which opens A
POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer.
This virus will be received from someone who has your e-mail
address in his/her contact list. This is the reason why you need to
send this e-mail to all your contacts. It is better to receive this
message 25 times than to receive the virus and open it.
If you receive a mail called' POSTCARD,' even though sent to
you by a friend, do not open it! Shut down your computer immediately.
This is the worst virus announced by CNN.
It has been classified by Microsoft as the most destructive
virus ever. This virus was discovered by McAfee yesterday, and there is
no repair yet for this kind of virus. This virus simply destroys the
Zero Sector of the Hard Disc, where the vital information is kept.
COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS.
REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US
When sending Excel files to co-workers or associates you should be aware that the recipient will able to change the document. Even if you take the time to save the document with a password, the recipient can save the document with a new name, and then modify the document. Now, if you are aware of this that’s no problem. However if you want to protect the document, save the spreadsheet as a PDF. By doing this you will be protection our work from unauthorized changes.
A new feature of Microsoft Excel 2007 (with Microsoft Office Service Pack 2 installed) is the
ability to create and mail Acrobat Reader PDF files. If you do not wish to install Microsoft
Office SP2, you can install just the add-in. You can download it here :
2007 Microsoft Office Add-in: Microsoft Save as PDF
After the add-in is installed you can use the code below or do a manual Save As PDF.
Office Button >Save As ….PDF
Office Button >Send ….PDF
Note: In Excel 2010 the big round Office Button is replaced by File
Tips / warnings :
1) If you have also installed Acrobat Reader you can change OpenAfterPublish in the code to
True to open the PDF file after you create it.
2) The mail code example is not working with Outlook Express or Windows Mail.
3) If you set OpenAfterPublish in the code to True then you can do a manual send in
Acrobat Reader (also with Outlook Express or Windows Mail).
4) If there is no printer installed the add-in will not work. You only have to install a printer driver
of one of the printers in the default printer list, you not need a real printer to use the add-in.
5) When you use a hyperlink to another place in the workbook or if you use the Hyperlink
worksheet function the hyperlinks are not working in the PDF.
If your workstation still have Microsoft Office 2003 and you would like the upgrade to 2007 please create a Track-It work order requesting an upgrade.