Malware Spam Messages Related to Microsoft Outlook, SSL Certificates
US-CERT is aware of public reports of an increased number of spam messages related to Microsoft Outlook or SSL certificates. These messages contain a malicious file or link that claims to provide an update, but in reality, attempts to launch malware on a user’s system. Typically, the messages instruct the user to click on a link to save a file or to open an attachment, either of which could infect the user’s system.
To help protect against this type of attack, US-CERT recommends that users avoid opening attachments or links contained in unsolicited email messages. Additional tips regarding email attachments can be found in the US-CERT Cyber Security Tip Using Caution with Email Attachments.
Comments Off
Federal Bureau of Investigation Warns Public of Fraudulent Spam Email
The Federal Bureau of Investigation (FBI) has released information warning the public about fraudulent email messages purporting to come from the FBI or the Department of Homeland Security. These email messages contain a malicious attachment that claims to provide an intelligence report or bulletin, but in reality attempts to launch malware on the user’s system.
More information regarding these messages can be found in the Federal Bureau of Investigation’s New E-Scams and Warnings web site.
To help protect against this type of attack, US-CERT recommends that users avoid opening attachments contained in unsolicited email messages. Additional tips regarding email attachments can be found in the US-CERT Cyber Security Tip – Using Caution with Email Attachments.
Comments Off
Alert — There has been a resurgence of an email virus that installs malware on the victim’s computer. The email claims to be from a delivery company, such as, the UPS, FedEx or DHL. Do not open the email. Definitely, do not unzip the email attachment.
The email usually looks something like this:
Hello!
Unfortunately we were not able to deliver the postal package you have sent on the 5th of June in time
because the addressee’s address is erroneous.
Please print out the invoice copy attached and collect the package at our department.
DHL Express Services.
Attachment Converted: “c:\FILE_Xfecf.zip”
Comments Off
I was just attacked by a virus (ANTIVIRUS PRO 2009), it masked itself as a antiviral program. I did not download it. It downloaded itself. I may have exposed myself with a few websites I viewed. I’m thinking that’s how i got it. I’ts some sort… of rouge. I didn’t wanna try and delete it manually, for fear of damage. So, I ran my Norton and Spyware Doctor, and it identified it and claims its removed now. Do you think its really gone? i just hope it didn’t burrow in there. Anyway, let me know if you can help.
ANSWER
It sounds like you are good to go. Watch for strange activity as described here:
Antivirus Pro 2009 configures itself to start automatically when you start your computer. It will also create a variety of fake malware files that are harmless. The Antivirus Pro installs these so they are “detected”. When AntivirusPro scans your computer, it will list a variety of infections that cannot be removed unless you buy the program. Most of the infections are the fake files, as well as, legitimate Windows files that are being called infections. The idea is to scare you into buying their product.
While bwosing the web, you may find that your Internet Explorer has become hijacked. Antivirus Pro will randomly display a screen stating that there has been insecure internet activity and there is a threat of a virus attack. You then are prompted to either get protection or continue to the site. Regardless of the option you select, you will instead directed to a webpage that tries to sell you their program. Yet, another scare tactic that should be ignored.
Comments Off
The Financial Services Information Sharing and Analysis Center represents some of the largest banks in the United States of America. They have issued a report that recommends to commercial banking customers to take rigorous steps in securing online bank accounts.
The report recommends to “carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.” The best method would be to use a Linux based operating system. Even better yet would be to use a version of Linux, such as Knoppix, that can be booted from DVD. This would prevent a hacker, virus, malicious websites or other threats from making permanent changes.
It is estimated that 491 million computers will be infected within the next year with almost all of them running Microsoft.
Comments Off
Hackers planted malware onto the network of the U.S. electrical grid. It is likely their intent was to cripple the power infrastructure. According to security researcher Roger Thompson the hackers probably gained access like many others by exploiting holes in software, such as, Windows.
“Any computer connected to the Internet is potentially vulnerable. Getting to the actual infrastructure devices directly — that’s always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised.”
There is debate over whether the owner of a compromised computer can be held criminally responsible for allowing their PC to be taken-over.