A number of phishing sites have cropped up within the last day using domains previously attributed to the Storm worm botnet. Last fall, Storm was used in a series of pump-and-dump stock spam blasts, including a unique MP3-based spam blast, but researchers at F-Secure don't think the original authors of Storm are necessarily trying something new. F-Secure said Tuesday that "October brought evidence of Storm variations using unique security keys. The unique keys...allow the botnet to be segmented allowing 'space for rent.'" They think phishers are leasing parts of the larger botnet.
F-Secure cites a Halifax … Read more
First though, let's consider what happens when DNS breaks. As noted previously, the DNS system translates computer names into IP addresses. So if it breaks, it may seem that your Internet connection is broken when in fact, it's fully functional. That is, from your ISP's perspective everything can be working fine, all the lights on your modem and router* can be normal, but still, you can't get to any Web sites … Read more
OpenDNS is a free online service that offers an extra layer of safety on the Internet. Technically, the service is DNS resolution, which I'll explain below. The main defensive computing advantage it provides is protection from bad Web sites, most importantly from phishing scams. ID theft is, to me at least, the worst thing that can happen to a computer user, so any extra protection helps. You also get some flexibility in deciding which other types of Web sites should be restricted.
You don't have to register to use the service, and there is no software to download … Read more
Malicious attackers are increasingly setting their sights on targeted phishing attacks, or "spear" phishing, and custom-built applications, pushing these two areas into Sans' Top 20 Internet Security Risks of 2007.
The report, released Tuesday, provides a glimpse into the nefarious activities of online attackers and the issues faced by security firms.
"Spear phishing has had its most critical and damaging impact in military and civilian government organizations and military contractors who build weapons and more," said Alan Paller, Sans Institute research director.
He estimated that 90 percent of the attacks that caused the greatest damage over … Read more
My clients often ask my opinion on whether an e-mail message is legitimate or not. The message below, asking for credit card information and claiming to come from Register.com, was a doozy, and a lot can be learned from analyzing it.
First, it addressed my client, who is a Register.com customer, by name and was sent to an e-mail address associated with a domain registered there. Both my clients' name and e-mail address are publicly available. The message did not contain anything private such as an account number at Register.com.
I left out the Register.com logo … Read more
So you can test if your e-mail program (or Webmail system) falls for this type of forgery, I created a test e-mail message.
To receive my test e-mail message, send an e-mail to:
It does not matter what, if anything, is in the subject or the body of your message.
The test e-mail message contains a link that appears to go to CNET, but really goes to my personal … Read more
I previously made the case that Windows users should use Thunderbird for email. When I got a fraudulent e-mail message on Saturday claiming to come from PayPal, Thunderbird offered two lines of defense.
The first was the big warning that the message might be a scam. Indeed it was.
The body of the message was a pretty standard phishing scam, with the usual typos and the true destination of the link hidden.
Scams designed to steal identities, data and ultimately money from Internet users continued to rise steeply in the first half of this year, according to a report released on Tuesday by Microsoft.
The company's Security Intelligence Report, a broad look at the computer threat landscape, shows a continued focus on attacks aimed at making a profit, rather than simply generating fear or gaining notoriety.
According to the study, there were 31.6 million detected phishing scams, more than double those found in the prior six months. There was a more than five-fold increase in the types of malicious code … Read more
Do you consider yourself to be a privacy aware Internet user? Are you concerned about your security online?
You've installed antivirus and spyware software, which you also keep updated. You regularly update your operating system for any security patches. You have a firewall on your home computer and have locked down your home wireless network with a WPA2 password. Most importantly, you've ditched Internet Explorer and jumped on the Firefox bandwagon.
Your job is done, right? Think again.
While installing Firefox (and not using IE) is one of the most important steps users can take towards a safe online experience, Firefox is (alas) not totally safe out of the box. Luckily, Firefox provides a very flexible framework for open-source programmers and commercial vendors to create their own software add-ons for the browser. A number of these software extensions fix critical design flaws in Firefox--or simply improve transparency so that users have a better idea of where they are and which sites they're interacting with. I've selected a few of the best ones, which I highlight below.