Christmas Lures Being Distributed Via Spam

Websense® Security Labs™ ThreatSeeker™ Network has discovered that malware authors are already using Christmas themes this year as a social engineering tactic, in an effort to gain control over compromised machines. This campaign uses email messages in the form of e-greetings, leading to supposed animated postcards. These actually lead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.

The email messages, spoofed to appear as though they have been sent from postcards.org, display an animated Christmas scene. A URL link within the email leads to a malicious file called postcard.exe hosted on various servers.

Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. During the install process an image called xmas.jpg is displayed to the user as a distraction technique.

Example of malicious email:

Thanksgiving

I’d like to give thanks to all of you who have honored me by following my tips here on my blog. Today’s entry will be a little different…It’s all about Thanksgiving.

Thanksgiving Trivia

Here are some interesting facts about Thanksgiving that each of us should know about:

  • The first Thanksgiving celebration can be traced back to the Plymouth Pilgrims in the fall of 1621.
  • The first Thanksgiving feast was held to thank the Lord for sparing the lives of the survivors of the Mayflower, who landed at Plymouth Rock on December 11, 1620. The survivors included four adult women and almost forty percent children.
  • The Wampanoag chief Massasoit and ninety of his tribesmen were also invited to the first thanksgiving feast. Governor William Bradford invited them for helping the Pilgrims surviving and teaching them the skills of cultivating the land.
  • The celebration in 1621 lasted for three days and included games and food.
  • The president to proclaim the first ‘National Day of Thanksgiving’ in 1789 was George Washington.
  • Sarah Josepha Hale, a magazine editor, campaigned to make Thanksgiving a National Holiday in 1827 and succeeded.
  • Abraham Lincoln announced Thanksgiving to be national holiday in his proclamation on October 3, 1863.
  • The ‘wishbone’ of the turkey is used in a good luck ritual on Thanksgiving Day.

The President’s Pardon

The animal lovers determined to counter the animal sacrifice introduced the custom of letting a turkey, pardoned by the President of the United States, free to live a natural life comfortably in a zoo at Herndon. This pardon is given at the last minute before the execution of the Turkey in a ceremony at the White House. Here we reiterate the words of the official pardon:

“By virtue of this pardon, (Turkey of the year’s name) is on her way not to the dinner table but to Kidwell Farm in Herndon, VA. There she’ll live out her days as safe and comfortable as she can be.”

It is said that this tradition was first observed in 1947 and was conceived by Harry Truman. After the Turkey gets the Presidential Pardon, it is transported to Kidwell Farm, a petting zoo at Frying Pan Park in Herndon, Virginia to be welcomed as the chief guest along with the President in a Turkey ‘Roast’ celebration. Here, the Turkey is not ‘roasted’ in the oven but through humor and turkey jokes.

And then, there’s the most important site of all on Thanksgiving – Butterball’s website(http://www.butterball.com/tips-how-tos/tips/thanksgiving-guide), for when you need help with what’s going on.

However, when things go wrong with the food, you can find some quick fixes at http://www.chefrick.com/thanksgiving-food-first-aid/

Enjoy your Thanksgiving, and thank you…

Avoid Online Scams When You’re Shopping for the Holidays

From Trend Micro TrendSetter

Every year we see staggering new statistics about how many people are buying gifts online instead of braving traffic, long lines, and parking nightmares at brick-and-mortar stores. During the holidays, many online retailers will also offer breaks on shipping costs—so the advantages of less physical hassle, no sales tax, and potentially free or cheap shipping make online shopping pretty appealing. However, the risks involved in online shopping are persistent as ever. Here are a few key ways you can protect yourself.

1. Use a virtual account number. This is a service that most credit cards now offer. Here’s how it works: Log onto your credit card account and with one click you can generate a random credit card number that makes it virtually impossible for anyone to steal your account number while shopping online. When your virtual number is generated, simply enter it into the merchant’s form and complete your purchase without revealing your actual card number. This virtual credit card number is only valid for a short period of time-long enough for the retailer to process your transaction, which will be charged to your real credit card account. But if a retailer stores that number and a hacker later breaks into their system, the number will be useless. Please note: Virtual account numbers cannot be used for purchases that require you to show your credit card at time of pick-up (e.g., movie tickets, etc.), because the account numbers will not match.

2. Make sure you’re shopping on a secure site. Look for the padlock icon or a URL that starts with https://. That means your transaction is encrypted.

3. Don’t trust emails from “retailers” claiming you need to verify your credit card information. This is almost certainly a scam. Every year millions of emails go out from hackers pretending to be eBay or PayPal customer service and asking consumers to provide information that the actual service already possesses. If you’re worried that a retailer really has failed to process your order, go to the site and look up your account or contact their customer service center—don’t click on a link in email that could redirect to a dummy site.

Block sales calls to your cell phone

The following article is reprinted from PCWorld.com

Telemarketing is especially annoying when it reaches your mobile phone, costing you money to hear a sales pitch. Be cautious in giving your mobile number to companies, and especially be aware of opting in or out of a company sharing or selling that information.

If you do give out a mobile number, be sure to tell companies that it’s mobile. If someone calls with a pitch, ask them to take you off their list, and also mention that they have called a mobile number. It’s illegal for telemarketers to use autodialers to reach mobile numbers, so they’ll likely respond quickly if you let them know.

The National Do Not Call Registry can add another layer of protection, with caveats. The list is a database of numbers that telemarketers can’t call, but loopholes allow calls from political groups, surveys, and companies with which you’ve established a business relationship. Nearly the same restrictions on sales calls apply to mobile phones already; however, if you’ve begun to receive sales calls on your cell phone, adding your number to the Do Not Call Registry (www.donotcall.gov)can be the easiest way to stop them.

If, after registering your number with the Do Not Call Registry, you continue to receive sales calls on your cell phone, don’t just hang up in exasperation. Instead, gather as much info about the caller as you can, and file a complaint using the online form at donotcall.gov

iPhone Charger Recall

Apple has recalled the ultracompact USB adapters sold with its 3G iPhones, warning that the metal prongs could break off and put owners at risk of electric shock. Apple has urged owners to recharge the phone by connecting it to a computer until they can trade in the faulty charger for a new one. They can initiate such a trade either in person at an Apple Store or through Apple’s Web site, http://www.apple.com/support/usbadapter/exchangeprogram/.  (From PCWorld Magazine)

RadioShack Offers Gift Cards for Old Electronic Devices

From the OCRegister Gadgetress

If you’re about to dump your old iPod, cell phone or other electronic device anyway, you might as well get some money for it, right?

RadioShack now offers an electronics trade-in program, which swaps store gift cards for your old e-junk. A lot of this stuff we shouldn’t be dumping into the trash anyway because they are considered hazardous e-waste.

The program accepts GPS devices, MP3 Players, wireless phones, digital camcorders, car audio head units, digital cameras, notebook computers, game consoles and video games. Not on the list: desktop computers. For those, I suggest using Toshiba’s trade-in program where you get actual CASH (read “Toshiba’s PC recycling program now accepts all e-junk“).

Just plug in your details at RadioShack’s site: RadioShack.com/tradein. If you accept the price, you print out the pre-paid shipping label, package up the gadget and send it in. The gift card is mailed to you. RadioShack says it issues the gift card 10 to 14 days after the product is received.

A Little On Software Firewalls

As part of your online security you need to have a software firewall. I recommended a couple in an earlier post about Internet Security. First, what exactly is a firewall? Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic.  In a nutshell, a firewall examines the traffic/data coming into and going out of a computer, and then makes a decision to permit or deny this traffic, based on pre-set rules or rules that users have set.

If you’ve been using a software firewall, even one that’s built into your antivirus program, you’ve probably noticed that at times it pops up and asks to allow or deny a program that wants to do something at that time. If you see an access request from the firewall when you first run a program that you know is okay, it’s probably safe to grant access. However, if you get an unexpected access request — one that pops up when you didn’t just start a program — then it’s safer to deny access.

To see if your computer is an open door to the bad guys, or to see if your firewall is doing what it’s supposed to do, check your ports at GRC (https://www.grc.com/x/ne.dll?bh0bkyd2). Make sure to check the Windows File Sharing and the Common Ports to see if you’re vulnerable to attack.

Follow

Get every new post delivered to your Inbox.

Join 200 other followers