New Facebook Profiles Invite New Threat

Facebook is great fun, and can even be a great way to keep in touch with not only your friends and family but your work mates as well. Facebook because of its very nature needs to be used with caution and a good dose of common sense, as the following article clearly proves.

Security officials from Trend Micro caution that malware creators are taking misusing the buzz made by the latest Facebook profiles to push harmful program on to user’s systems with the help of Facebook toolbar.

The toolbar is forged, but is well crafted. The mails appear to have come from Facebook and use the site’s template also. The subject of the mail is “Hello dear friend!” and the message is signed by “The Facebook Team”.

It reads: “Hi dear Friend. Now you can download the Facebook toolbar. Now it will be easier than ever to share and connect with your friends. Thanks”. The message comes with a big green button which says “Download Here”, which on clicking, takes to a site serving a file calledfb.exe for download.

As per Trend Micro, this file is actually a variant of the Zapchast IRC backdoor.

Security expert state that Backdoor.IRC.Zapchast installs IRC scripts and configuration files that enable the infected system to be used as a zombie. The infected machine connects to some IRC channels mentioned in the configuration files and is controlled by the hacker. Also, some Zapchast variants come infected a computer virus called Parite.B.

Cristina Buenviaje, Anti-Spam Research Engineer at Trend Micro said that, lately, Facebook brought in some changes to the profile pages of its users which make it easier for users to display their latest activities and to know about their friends. Also, it is not a matter of concurrence that soon after this change, they started getting fake mails from Facebook, as per the news by on December 9, 2010.

The security experts claim that it has become an expected pattern. Everytime Facebook initiates some changes; the attackers launch mail campaigns that misuse the change and lure users into installing malware.

Facebook has attempted in the past to increase the security level, but as per from BitDefender, an Internet Security Firm, is filled with Trojan horses, keyloggers and other kinds of malware. The viruses could be found in harmful links and other third-part applications.

You can read the full article here.

Roku Box – Cnet’s Gadget for the Holidays

I was so happy to see CNET give the Roku box some love this holiday season. I have had one of these little amazing boxes for about 16 months and I truly love it. With this little box you can access not only your Netflix account, but Hulu Plus, amazon on demand, Sirius radio, Pandora Radio, Revision3 TV and much much more. Check out the quick review here and perhaps I will write up a full review after the holidays. At about 100 bucks just about anybody can afford one of these tech beauties.

Tom’s Top 5 Holidays Gift

Now I was just talking about the best gadgets to pick up this holiday season and this morning I found Tom’s Top Five on Revision3 listing his, which ironically are very simular to mine and finding the Roku Player on his list of tech goodies. If are you still searching for that special someone (me perhaps) you can find lots of tech goodness here. You will also notice that although Tom has the IPAD listed at #1 he does throw some love at my new Samsung Galaxy Tablet.

Published with Blogger-droid v1.6.5

Fake DHL / FedEx Delivery Email Messages

The fictitious DLH and FedEx delivery email messages continue to plague computer inboxes everywhere. Although our filtering system (Postini) does a good job blocking most of these messages a few do make it to inboxes here and there. Below is some information you should be aware of regarding these messages.

Recently, security researchers at AppRiver (security firm) have warned of a fake malware infected DHL delivery status e-mails that are targeting innocent internet users.

The “From” column of the e-mails is spoofed as if it had come from “DHL Services” and the complete content of the message is written in Spanish. These emails are quite different from all other DHL spoofs as they exploit a real DHL email template, which comprise the company’s logo, color schemes, images, and contact information.

These fake e-mails states that a package could not be delivered on time due to unclear or badly written shipping address. The e-mail further informs recipients that the parcel can be collected from the local post office. To collect the parcel, the e-mail asks the users to carry along a print of the shipping label enclosed in the attachment.

The shipping label attachment is named (# being a random digit) and encloses a folder with a malicious .exe file. The file contains a fake Excel document icon, which installs an Oficla variant. The Oficla family of malware is called droppers. As the name suggests, their main aim is to penetrate into systems and drop malware that can further damage the system.

Commenting on the issue, Fred Touchette, Security Researcher at AppRiver stated on his blog post that, he was not sure that who would like to get into all of these troubles by clicking on several links and attachments, but one thing he was sure of is that, this trick works. He further said that, he could only presume that those files were foldered and zipped to avoid detection by anti-virus software, which doesn’t check that thoroughly, as reported by AppRiver on October 25, 2010.

Finally, users can apply their common sense approach and keep in mind the following suggestions to avoid falling prey to such malware attacks. First and foremost, if the user doesn’t speak Spanish, he should immediately delete from their inbox. In case, if the user speaks the language, but not expecting some DHL shipment, then also he should immediately delete the e-mail.

But in case, if the user is expecting a shipment from DHL and speaks Spanish, then he should think for a while regarding the poorly written message and understand that a reputable company would not sent such a badly written thing or file attachment like this (via e-mail).

You can read the original article here.

Holiday Tech Scams to Avoid

The holidays can be a dangerous time out there on the internet. Protect yourself by educating yourself and beware of what seems to good to be true, because it probably is. Especially if you heard about it on the internet!

The holiday shopping season is a great time to get tech products at discounted prices, but it also creates a golden opportunity for the Web’s scam artists. The FBIMcAfee, the Better Business Bureau and F-Secure are all warning about cybercriminals who will try to take you for a ride this holiday season. Here are their most pertinent warnings and tips for staying safe:

The Infamous Free iPad

Bogus free iPad offers started popping up immediately after Apple’s tablet went on sale, and they’ve since been banned from Facebook. Still, you might see similar offers around the Web, McAfee says, prompting you to buy other products as a condition of getting the free iPad. By now, you should realize it’s too good to be true.

Gift Card Scams

That free $1,000 gift card offer you saw on Facebook? Bogus, of course. McAfee says that cybercrooks lure people into giving away their personal information or taking quizzes in exchange for these cards, which never arrive. The information is then sold to marketers or used for identity theft.

The FBI also says to use caution when purchasing gift cards through auction sites or classified ads. These can be fraudulent, and you won’t get your money back. Buy directly from retailers instead.

Bogus Auctions and Classifieds

Here’s a particularly tricky scheme pointed out by the FBI: On auction and classified sites, fraudsters use their own order forms to get payment details from holiday gift buyers. Then, they charge the victim’s credit card and use a stolen credit card to buy the actual item, which is sent directly to the victim. In other words, you’ll still get the product, but you might be liable for receiving stolen goods. To avoid this scam, be sure to use legitimate payment services like Paypal instead of providing money directly to the seller.

The feds also warn of a related scam for free or reduced-price shipping offered on auction and classified sites. The fraudsters provide fake shipping labels to the victim, and the product ends up being intercepted in transit, never delivered to its destination.

Malicious websites

For cybercriminals, spamming Google with bogus holiday gift pages is a yearly tradition. These pages could be loaded with malware or payment forms intended to steal your identity. F-Secure has created a list of what it thinks will be the highly targeted search terms this year, including Kinect for Xbox, Call of Duty: Black Ops, Amazon Kindle and Apple iPad. Visit retailers’ websites directly when possible, use Internet security software if you must and always check for “https” in the URL bar before ordering online to ensure that the page is secure.

Wi-Fi Hackers

Public Wi-Fi networks will get a workout this holiday season as people travel, McAfee notes. This is especially true with Google offering free Wi-Fi on domestic flights from three major airlines. Check out our security tips from Google’s free Wi-Fi offer at airports last year, most of which are still relevant in the skies. Number one tip: Avoid shopping and paying bills over a public network.

The read the full article from PC World click here.

Email Message Hoaxes – Don’t Be Afraid

Many of you, my co-workers have forwarded me email message “alerts” these past few weeks which always refer to a reliable person “in fedexthe know” who has information about a major virus on the horizon. These messages can almost always be ignored. The email message you received from the “reliable source” asking you to forward it on is the “virus” itself. We will talk about these messages in more detail during next week’s IT classes.

Here is some more detail about the history of these types of email “hoaxes”.

Email hoaxes are nothing new, dating back at least as far as 1994 with what is widely believed to have been the first email hoax—referred to as the “Goodtimes virus” or the “Goodtimes virus hoax” after the subject of the email. The message in the early version was short and to the point, advising recipients not to open email messages with the subject “Good Times” because doing so would ruin their files. This, of course, was not true, but in cases where the recipient complied with the warning, it obviously had the effect of ruining their chances of actually reading any legitimate email messages with that very subject.

Before email, normal postal mail (known fondly by many as “snail-mail”) chain-letter hoaxes regularly did the rounds, and sometimes still do even today. The difference between a simple hoax and a chain-letter hoax is that the latter encourages the recipient to forward the letter or email on to others, usually family and friends. Sometimes the hoax email claims that something good will happen to the sender if they send the letter on to at least 5 or 10 or 15 or 20 people, whereas others take the darker path of sternly informing the recipient that failing to forward the message to others will result in something bad happening. This could be illness, loss of income, the sky falling, or whatever the case may be (insert evil consequence here). Of course, both the “carrot” and the “stick” versions prey on people’s natural desires for good things to happen in their lives, and their equally natural desire to prevent or avoid “bad luck.” I’m sure most people don’t truly believe that something bad will result if they fail to forward the message, but many people are superstitious and probably take the view, “Well, it can’t hurt, so just in case…”

A minor variation of one particular hoax that dates back to at least 2006 (and possibly before) has recently resurfaced and is scaring people once again. The email looks like this:

            Dave's brother is a very advanced  programmer who does  
computer work for a living and  has a high up status with Microsoft.  He  
  doesn't send these if they aren't real.   If  he  says this is for  
real, it for sure is.   Be  aware.
           VIRUS  COMING ! 

          Hi  All, 
          I  checked with Norton Anti-Virus, and they are  gearing up  
for this  virus! 

          I  checked Snopes, and it is for real. Get this  E-mail  
message sent around to your contacts  ASAP. 

          You  should be alert during the next few days. Do not  open  
any message with an attachment entitled  'POSTCARD FROM  
HALLMARK,'regardless of who sent it  to you. It is a virus which opens A  
POSTCARD  IMAGE, which 'burns' the whole hard disc C of your  computer. 

          This  virus will be received from someone who has your  e-mail  
address in his/her contact list. This is  the reason why you need to  
send this e-mail to all  your contacts. It is better to receive this   
message 25 times than to receive the virus and  open it. 
          If  you receive a mail called' POSTCARD,' even though  sent to  
you by a friend, do not open it! Shut down  your computer immediately.  
This is the worst virus  announced by  CNN. 

          It  has been classified by Microsoft as the most  destructive  
virus ever. This virus was discovered  by McAfee yesterday, and there is  
no repair yet  for this kind of virus. This virus simply destroys  the  
Zero Sector of the Hard Disc, where the vital  information is  kept. 



Create & Mail PDF files from Excel 2007

When sending Excel files to co-workers or associates you should be aware that the recipient will able to change the document. Even if you take the time to save the document with a password, the recipient can save the document with a new name, and then modify the document. Now, if you are aware of this that’s no problem. However if you want to protect the document, save the spreadsheet as a PDF. By doing this you will be protection our work from unauthorized changes.

A new feature of Microsoft Excel 2007 (with Microsoft Office Service Pack 2 installed) is the
ability to create and mail Acrobat Reader PDF files. If you do not wish to install Microsoft
Office SP2, you can install just the add-in. You can download it here :
2007 Microsoft Office Add-in: Microsoft Save as PDF

After the add-in is installed you can use the code below or do a manual Save As PDF.
Office Button >Save As ….PDF
Office Button >Send ….PDF

Note: In Excel 2010 the big round Office Button is replaced by File

Tips / warnings :

1) If you have also installed Acrobat Reader you can change OpenAfterPublish in the code to True to open the PDF file after you create it.
2) The mail code example is not working with Outlook Express or Windows Mail.
3) If you set OpenAfterPublish in the code to True then you can do a manual send in
Acrobat Reader (also with Outlook Express or Windows Mail).
4) If there is no printer installed the add-in will not work. You only have to install a printer driver of one of the printers in the default printer list, you not need a real printer to use the add-in.
5) When you use a hyperlink to another place in the workbook or if you use the Hyperlink. worksheet function the hyperlinks are not working in the PDF.

If your workstation still have Microsoft Office 2003 and you would like the upgrade to 2007 please create a Track-It work order requesting an upgrade.

Weekly Tip: Locking your Computer

Keeping your data secure is critical. Allowing others access to your computer is unwise to say the least. Think of walking away with your computer “open” in the same way as walking away with your open purse or wallet unattended in a public place. Now I am fairly certain most people would never intend to leave their open purse or wallet unattended and your computer should be treated in the same manner.

It is very easy to “lock” your computer when you get up from your desk to walk away.  For example, lets say you want to walk away from your desk, and deliver a hot cup of coffee to your IT Manager. Here are some easy directions to lock your PC while you deliver that much needed cup of coffee:

1. via the keyboard
The easiest way to lock Windows XP is by simply pressing the Windows logo key and the letter (for Lock) on a Microsoft Natural Keyboard or any other compatible keyboard that includes the Window key. Doing so will pop up the Unlock Computer Password box.

2. via a Shortcut.
If you don’t have a keyboard with a Window key or simply don’t like the keyboard method, then here’s how you can make a desktop shortcut to lock your computer. 

Right click an empty area of your desktop, choose New/Shortcut and enter this line as the command line:
rundll32.exe user32.dll, LockWorkStation ClickNext. Name the shortcut whatever you prefer and click Finish. That’s it. Pretty simple wouldn’t you say.

There are other ways to lock your workstation such as simply pressing the [ctrl] [alt] and [delete] keys and selecting “lock computer” so please do yourself a favor and lock your computer when you step away from your work area. The data you save may be your own!