Para On-Line Forum

UPS/FedEx Delivery Failure - A real Virus

admin — Tue Nov 18, 2008 10:23 am

Author: admin

Posted: Tue Nov 18, 2008 10:23 am

Origins: A common (and unfortunately, effective) technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential
recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity that many people commonly deal with, such as one of the large Internet auction or retailing sites, or a national bank (or other financial institution), or a major provider of a common service.

That last area was in play in July 2008, when e-mail users experienced the onset of a virus spread through messages purporting to come from the United Parcel Service (UPS) or Federal Express (FedEx) parcel delivery companies. The bogus messages informed users about packages they had supposedly sent that could not be delivered due to incorrect recipient addresses and invited them to open and print out attached invoices in order to claim the undelivered packages at UPS offices. The messages included a file attachment called 'ups_invoice.zip' which actually harbored a malicious executable file called 'ups_invoice.exe', but the attachment displayed a Microsoft Word icon to make it appear like a harmless Word document and thereby lure recipients into clicking on it.

A mass mailing of this type was bound to hit quite a few people who had shipped something via UPS in the recent past and therefore might easily be lured into opening the virus-launching attachment, and UPS was quick to put up (and e-mail) a warning about the malicious messages:

Attention Virus Warning

Service Update

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.
Last updated: 11 November 2008

The URL for this page is http://www.snopes.com/computer/virus/ups.asp

Urban Legends Reference Pages � 1995-2008 by Barbara and David P. Mikkelson.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.

Watch out for fake antivirus ads - Called Rogue scanners

admin — Sun Nov 09, 2008 8:01 am

Author: admin

Posted: Sun Nov 09, 2008 8:01 am

I have posted this list before on the forum but I have been reminded again how good these rouges are. I use Google Alerts to send me articles. I got one this morning with a fake trojan alert. My AVG free stopped it but the alert continued to scan my pc without asking using a similiar color symbol like AVG in the shape of a badge not square. It was called antivirus 2009. It looked so real I almost let it continue. DO NOT BE FOOLED, IT WILL COST YOU!!!!

http://www.microsoft.com/protect/computer/viruses/rogue.mspx

Scanners to Avoid
Rogue scanners are a category of scam software sometimes referred to as scareware. Rogue scanners masquerade as antivirus, antispyware, or other security software, claiming the user's system is infected in order to trick them into paying for a full version. Before saying yes to any ad pop-ups read the list below and try to be aware of these names. Never say yes to install any of these!!!!!!

AdwarePunisher
AdwareSheriff
AlphaCleaner
AntiSpyCheck
AntiSpyware Expert
Antispyware Soldier
AntiVermeans
AntiVermins
AntiVerminser
AntiVirGear
Antivirus 2009
Antivirus Lab 2009
Antivirus Master
Antivirus XP 2008
AntivirusGolden
AVGold
BraveSentry
IE Defender
Internet Antivirus
MalwareCrush
MalwareWipe
MalwareWiped
MalwareWipePro
MalwareWiper
Micro Antivirus 2009
MS Antivirus
PestCapture
PestTrap
Power Antivirus 2009
Power Antivirus
PSGuard
Smart Antivirus 2009
SpyAxe
SpyCrush
SpyDown
SpyFalcon
SpyGuard
SpyHeal
SpyHeals
SpyLocked
SpyMarshal
SpySheriff
SpySoldier
Spyware Soft Stop
Spyware Vanisher
SpywareKnight
SpywareLocked
SpywareQuake
SpywareRemover
SpywareSheriff
SpywareStrike
System Antivirus 2008
TitanShield Antispyware
Total Secure 2009
Trust Cleaner
Virtual Maid
Virus Heat
Virus Protect Pro
Virus Protect
VirusBlast
VirusBurst
VirusRay
Vista Antivirus 2008
WinAntiSpyPro
WinHound
XP Antivirus 2008
XP Antivirus 2009
XPert Antivirus

Bread Thread

BillPaul — Tue Oct 28, 2008 6:42 pm

Author: BillPaul

Posted: Tue Oct 28, 2008 6:42 pm

Paul Schroeder wrote:

yummy, with a beer or two.

The Italian bread almost goes better with vino rosso/nero or even coffee.
With the rye- anything but Celray.

URGENT Security Update!

BillPaul — Fri Oct 24, 2008 8:43 am

Author: BillPaul

Posted: Fri Oct 24, 2008 8:43 am

Thanks for the alert Joe.

At 12:22 GMT I installed:

Security Update for Windows Vista (KB958644)

Installation date: ‎10/‎24/‎2008 12:22

Installation status: Successful

Update type: Important

A security issue has been identified that could allow an authenticated remote attacker to compromise your Microsoft Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=130719

Help and Support:
http://support.microsoft.com

AND:

Definition Update for Windows Defender - KB915597 (Definition 1.45.1012.0)

Installation date: ‎10/‎24/‎2008 12:22

Installation status: Successful

Update type: Important

Install this update to revise the definition files used to detect spyware and other potentially unwanted software. Once you have installed this item, it cannot be removed.

More information:
http://www.microsoft.com/athome/security/spyware/software/about/overview.mspx

Help and Support:
http://go.microsoft.com/fwlink/?LinkId=52661

Smart Defrag

admin — Wed Oct 22, 2008 4:39 pm

Author: admin

Posted: Wed Oct 22, 2008 4:39 pm

The Most Efficient Free Defragmenter

Operating System: Designed for Windows 7, Vista�, XP, 2000, and Windows Server Editions
Release Date: Oct 20, 2008
Designed to: Keep your hard disk running at peak performance.

Languages: English, Danish, German, Finnish, Dutch, Hungarian, Italian, Brazilian Portuguese, Turkish, Russian, Spanish, 简体中文

License: Freeware. You may distribute it freely, copy it or include it as a part of a package as long as it is left completely intact and unchanged.

http://www.download.com/Smart-Defrag/3000-2094_4-10759533.html?part=dl-SmartDefr&subj=uo&tag=button&cdlPid=10897113

Advanced Windows Care

admin — Wed Oct 22, 2008 2:55 pm

Author: admin

Posted: Wed Oct 22, 2008 2:55 pm

You don't how good that makes me feel. I see that people are reading what I put online but it's great to hear that someone is really benefiting. Thanks.

Retiree Health insurance

BillPaul — Tue Oct 21, 2008 5:31 pm

Author: BillPaul

Posted: Tue Oct 21, 2008 5:31 pm

Zone Alarm Firewall

admin — Tue Oct 21, 2008 9:46 am

Author: admin

Posted: Tue Oct 21, 2008 9:46 am

ZoneAlarm pioneered the personal computer firewall used by over 60 million people worldwide, and our parent company, Check Point Software, invented the enterprise firewall used by every member of the Fortune 100. We know how to keep the bad guys out.

http://www.download.com/ZoneAlarm-Firewall-Windows-2000-XP-/3000-10435_4-10039884.html?cdlPid=10864451

AVG Anti Virus

admin — Tue Oct 21, 2008 9:41 am

Author: admin

Posted: Tue Oct 21, 2008 9:41 am

Unlike the competition, AVG scans Web pages and documents to ensure they are safe before you open them and are compromised. Hey and it's free!!!

Ensure the safety of...
Search results
Web sites
Web links
Favorites & bookmarks
Downloads

http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-AVGAntiVir&subj=dl&tag=button

Malwarebytes' Anti-Malware

admin — Thu Oct 16, 2008 1:58 pm

Author: admin

Posted: Thu Oct 16, 2008 1:58 pm

Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware. We compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware. Malwarebytes' Anti-Malware can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start. The Realtime Protection Module uses our advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, we have implemented a threats center which will allow you to keep up to date with the latest malware threats.

Activating the full version unlocks realtime protection, scheduled scanning, and scheduled updating. It is a one time fee of $24.95.

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Secunia PSI Program

admin — Thu Oct 16, 2008 12:51 pm

Author: admin

Posted: Thu Oct 16, 2008 12:51 pm

The Secunia PSI is the vulnerability scanner for your personal computer. It is the FREE security tool designed with the sole purpose of helping you secure your computer from software vulnerabilities.

Software vulnerabilities affect all applications installed on your computer, from the Operating System down to your email client, office application, instant messaging, and so on.

What are software vulnerabilities?
A software vulnerability is basically a programming error/flaw in a software application, that can be used by a hacker to perform actions, which have a security impact on your computer. These actions range from disclosure of sensitive information stored on your computer (like credit card numbers and account information) to automatic installation of viruses, trojans, keyloggers, or other code.

http://secunia.com/vulnerability_scanning/personal

Download and run this program, it will scan your hard drive and tell you if any of your programs are a security risk or out of date. The program will provide a link to update each program so you do not have to search the internet to find an update.

Fake Microsoft Patch Tuesday malware campaign spreading

admin — Wed Oct 15, 2008 7:33 pm

Author: admin

Posted: Wed Oct 15, 2008 7:33 pm

Fake Microsoft Patch Tuesday malware campaign spreading

October 14th, 2008
Posted by Dancho Danchev @ 3:00 pm

Malicious attackers are once again taking advantage of event-based social engineering attacks, and are currently mass mailing fake notifications for Microsoft�s Patch Tuesday, attaching a copy of Trojan.Backdoor.Haxdoor, next to a legitimately looking PGP signature which is, of course, fake too :

�We received some questions from customers about an e-mail that�s circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mails posing as Microsoft security notifications with attached malware aren�t new (we�ve seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is not a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor.�

Is timing everything when it comes to the success rate of such malware campaigns? Not necessarily.

Despite the touch points aiming to improve the trust factor, like mentioning a real Microsoft employee, spoofed FROM field as securityassurance AT microsoft.com, next to the PGP signature, given the fact that the emails aren�t personalized and that spam outbreaks spreading malware by capitalizing on Microsoft�s brand have cyclical pattern, namely, they re-appear every year (2005, 2007, 2008) the average end user is supposed to have a basic security awareness of this tactic. More info on the campaign :

Furthermore, this backdoor opens several TCP ports that allow remote attackers to connect to the comprmised PC and execute files, steal information from it, or upload and download files. The attachment�s file name varies, but uses the convention KBxxxxxx.exe, where xxxxxx is a random 6-digit number. Below are some of the file names we�ve seen, and are being used:

KB199250.exe
KB246586.exe
KB535548.exe
KB572906.exe
KB763412.exe

Compared to the recent targeted malware attack against U.S schools, and the massive fake CNN news items campaign taking advantage of client-side vulnerabilities, this one is definitely going to have a lower success rate - no matter the timing.

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.

http://blogs.zdnet.com/security/?p=2027&tag=nl.e550

Clickjacking - Another new threat

admin — Fri Oct 03, 2008 10:47 am

Author: admin

Posted: Fri Oct 03, 2008 10:47 am

September 25th, 2008

Clickjacking: Researchers raise alert for scary new cross-browser exploit
Posted by Ryan Naraine @ 7:50 am

Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms � Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.

The threat, called Clickjacking, was to be discussed at the OWASP NYC AppSec 2008 Conference but, at the request of Adobe and other affected vendors, the talk was nixed until a comprehensive fix is ready.

The two researchers behind the discovery � Robert Hansen (left) and Jeremiah Grossman � have released droplets of information to highlight the severity of this issue.

So, what exactly is Clickjacking?

According to someone who attended the semi-restricted OWASP presentation, the issue is indeed zero-day, affects all the different browsers and has nothing to do with JavaScript:

In a nutshell, it�s when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It�s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you�re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening.

[ SEE: Adobe Flash ads launching clipboard hijack attack ] at end of this story

If that�s not scary enough, consider than the average end user would have no idea what�s going on during a Clickjack attack.

Ebay, for example, would be vulnerable to this since you could embed javascript into the web page, although, javascript is not required to exploit this. �It makes it easier in many ways, but you do not need it.� Use lynx to protect yourself and don�t do dynamic anything. You can �sort of� fill out forms and things like that. The exploit requires DHTML. Not letting yourself be framed (framebusting code) will prevent cross-domain clickjacking, but an attacker can still force you to click any links on their page. Each click by the user equals a clickjacking click so something like a flash game is perfect bait.
According to Hansen, the threat scenario was discussed with both Microsoft and Mozilla and they concur independently that this is a tough problem with no easy solution at the moment.

Grossman confirmed that the latest versions of Internet Explorer (including version and Firefox 3 are affected.

In the meantime, the only fix is to disable browser scripting and plugins. We realize this doesn�t give people much technical detail to go on, but it�s the best we can do right now.

http://blogs.zdnet.com/security/?p=1972&tag=nl.e539

---------------------------------------------------------------------------------------------------------
August 18th, 2008

Adobe Flash ads launching clipboard hijack attack
Posted by Ryan Naraine @ 2:52 pm

Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.

In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine�s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites � including Newsweek, Digg and MSNBC.com.

Here is a Mac OS X user explaining the attack:

This has happened to me twice now, on two separate computers at work. My clipboard has been hijacked with this:

[ malicious URL deleted ]

And once it�s in the clipboard, I can�t copy anything else over it until I�ve restarted the machine.

I�m only going to websites that are directly linked off the main page of digg.com, so they�re not obscure, and I�m surfing in firefox, though the system wide clipboard is getting taken over, so I can�t even copy something over that from a program like TextEdit.

The 5th post on this MSNBC.com forum shows what happens when a victim is tricked into pasting � and spamming � the malicious link to help spread the rogue security software.

Security researcher Aviv Raff has created a proof-of-concept demo to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard. (BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).

http://blogs.zdnet.com/security/?p=1733

Pension Check

admin — Fri Oct 03, 2008 7:18 am

Author: admin

Posted: Fri Oct 03, 2008 7:18 am

You can use mine!

Limitations of I-Bond Inflation Protection?

BillPaul — Sun Sep 28, 2008 10:13 am

Author: BillPaul

Posted: Sun Sep 28, 2008 10:13 am

I think the base rate on newly issued I-Bonds is currently less than 2%. However, between 1999 and 2001, I-Bond base rates ranged
in the neighborhood of 3.0 to 3.6%.

Depending on one's tax bracket and the base rate of an I-Bond, it seems that there are limits to the amount of inflation protection
that can be achieved with I-Bonds.

For example, with 35% taxes (65% after taxes) and a 3.40% base rate, inflation protection ceases to offset inflation when inflation exceeds 6.31%:
(.65 X .034)+.65Infl=Infl --> .0221=.35Infl -->Infl=.0631

Inflation @ 6.2%: After Tax Earn = (.65 x .034) + (.65 x .062) = .0221+.04030 = 6.24% (Inflation adjusted after tax earnings = +0.04%)
Inflation @ 6.5%: After Tax Earn = (.65 x .034) + (.65 x .065) = .0221+.04225 = 6.44% (Inflation adjusted after tax loss = -0.06%)