Christmas Lures Being Distributed Via Spam

Websense® Security Labs™ ThreatSeeker™ Network has discovered that malware authors are already using Christmas themes this year as a social engineering tactic, in an effort to gain control over compromised machines. This campaign uses email messages in the form of e-greetings, leading to supposed animated postcards. These actually lead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.

The email messages, spoofed to appear as though they have been sent from, display an animated Christmas scene. A URL link within the email leads to a malicious file called postcard.exe hosted on various servers.

Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. During the install process an image called xmas.jpg is displayed to the user as a distraction technique.

Example of malicious email:



I’d like to give thanks to all of you who have honored me by following my tips here on my blog. Today’s entry will be a little different…It’s all about Thanksgiving.

Thanksgiving Trivia

Here are some interesting facts about Thanksgiving that each of us should know about:

  • The first Thanksgiving celebration can be traced back to the Plymouth Pilgrims in the fall of 1621.
  • The first Thanksgiving feast was held to thank the Lord for sparing the lives of the survivors of the Mayflower, who landed at Plymouth Rock on December 11, 1620. The survivors included four adult women and almost forty percent children.
  • The Wampanoag chief Massasoit and ninety of his tribesmen were also invited to the first thanksgiving feast. Governor William Bradford invited them for helping the Pilgrims surviving and teaching them the skills of cultivating the land.
  • The celebration in 1621 lasted for three days and included games and food.
  • The president to proclaim the first ‘National Day of Thanksgiving’ in 1789 was George Washington.
  • Sarah Josepha Hale, a magazine editor, campaigned to make Thanksgiving a National Holiday in 1827 and succeeded.
  • Abraham Lincoln announced Thanksgiving to be national holiday in his proclamation on October 3, 1863.
  • The ‘wishbone’ of the turkey is used in a good luck ritual on Thanksgiving Day.

The President’s Pardon

The animal lovers determined to counter the animal sacrifice introduced the custom of letting a turkey, pardoned by the President of the United States, free to live a natural life comfortably in a zoo at Herndon. This pardon is given at the last minute before the execution of the Turkey in a ceremony at the White House. Here we reiterate the words of the official pardon:

“By virtue of this pardon, (Turkey of the year’s name) is on her way not to the dinner table but to Kidwell Farm in Herndon, VA. There she’ll live out her days as safe and comfortable as she can be.”

It is said that this tradition was first observed in 1947 and was conceived by Harry Truman. After the Turkey gets the Presidential Pardon, it is transported to Kidwell Farm, a petting zoo at Frying Pan Park in Herndon, Virginia to be welcomed as the chief guest along with the President in a Turkey ‘Roast’ celebration. Here, the Turkey is not ‘roasted’ in the oven but through humor and turkey jokes.

And then, there’s the most important site of all on Thanksgiving – Butterball’s website(, for when you need help with what’s going on.

However, when things go wrong with the food, you can find some quick fixes at

Enjoy your Thanksgiving, and thank you…

Avoid Online Scams When You’re Shopping for the Holidays

From Trend Micro TrendSetter

Every year we see staggering new statistics about how many people are buying gifts online instead of braving traffic, long lines, and parking nightmares at brick-and-mortar stores. During the holidays, many online retailers will also offer breaks on shipping costs—so the advantages of less physical hassle, no sales tax, and potentially free or cheap shipping make online shopping pretty appealing. However, the risks involved in online shopping are persistent as ever. Here are a few key ways you can protect yourself.

1. Use a virtual account number. This is a service that most credit cards now offer. Here’s how it works: Log onto your credit card account and with one click you can generate a random credit card number that makes it virtually impossible for anyone to steal your account number while shopping online. When your virtual number is generated, simply enter it into the merchant’s form and complete your purchase without revealing your actual card number. This virtual credit card number is only valid for a short period of time-long enough for the retailer to process your transaction, which will be charged to your real credit card account. But if a retailer stores that number and a hacker later breaks into their system, the number will be useless. Please note: Virtual account numbers cannot be used for purchases that require you to show your credit card at time of pick-up (e.g., movie tickets, etc.), because the account numbers will not match.

2. Make sure you’re shopping on a secure site. Look for the padlock icon or a URL that starts with https://. That means your transaction is encrypted.

3. Don’t trust emails from “retailers” claiming you need to verify your credit card information. This is almost certainly a scam. Every year millions of emails go out from hackers pretending to be eBay or PayPal customer service and asking consumers to provide information that the actual service already possesses. If you’re worried that a retailer really has failed to process your order, go to the site and look up your account or contact their customer service center—don’t click on a link in email that could redirect to a dummy site.

Block sales calls to your cell phone

The following article is reprinted from

Telemarketing is especially annoying when it reaches your mobile phone, costing you money to hear a sales pitch. Be cautious in giving your mobile number to companies, and especially be aware of opting in or out of a company sharing or selling that information.

If you do give out a mobile number, be sure to tell companies that it’s mobile. If someone calls with a pitch, ask them to take you off their list, and also mention that they have called a mobile number. It’s illegal for telemarketers to use autodialers to reach mobile numbers, so they’ll likely respond quickly if you let them know.

The National Do Not Call Registry can add another layer of protection, with caveats. The list is a database of numbers that telemarketers can’t call, but loopholes allow calls from political groups, surveys, and companies with which you’ve established a business relationship. Nearly the same restrictions on sales calls apply to mobile phones already; however, if you’ve begun to receive sales calls on your cell phone, adding your number to the Do Not Call Registry ( be the easiest way to stop them.

If, after registering your number with the Do Not Call Registry, you continue to receive sales calls on your cell phone, don’t just hang up in exasperation. Instead, gather as much info about the caller as you can, and file a complaint using the online form at

iPhone Charger Recall

Apple has recalled the ultracompact USB adapters sold with its 3G iPhones, warning that the metal prongs could break off and put owners at risk of electric shock. Apple has urged owners to recharge the phone by connecting it to a computer until they can trade in the faulty charger for a new one. They can initiate such a trade either in person at an Apple Store or through Apple’s Web site,  (From PCWorld Magazine)

RadioShack Offers Gift Cards for Old Electronic Devices

From the OCRegister Gadgetress

If you’re about to dump your old iPod, cell phone or other electronic device anyway, you might as well get some money for it, right?

RadioShack now offers an electronics trade-in program, which swaps store gift cards for your old e-junk. A lot of this stuff we shouldn’t be dumping into the trash anyway because they are considered hazardous e-waste.

The program accepts GPS devices, MP3 Players, wireless phones, digital camcorders, car audio head units, digital cameras, notebook computers, game consoles and video games. Not on the list: desktop computers. For those, I suggest using Toshiba’s trade-in program where you get actual CASH (read “Toshiba’s PC recycling program now accepts all e-junk“).

Just plug in your details at RadioShack’s site: If you accept the price, you print out the pre-paid shipping label, package up the gadget and send it in. The gift card is mailed to you. RadioShack says it issues the gift card 10 to 14 days after the product is received.

A Little On Software Firewalls

As part of your online security you need to have a software firewall. I recommended a couple in an earlier post about Internet Security. First, what exactly is a firewall? Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic.  In a nutshell, a firewall examines the traffic/data coming into and going out of a computer, and then makes a decision to permit or deny this traffic, based on pre-set rules or rules that users have set.

If you’ve been using a software firewall, even one that’s built into your antivirus program, you’ve probably noticed that at times it pops up and asks to allow or deny a program that wants to do something at that time. If you see an access request from the firewall when you first run a program that you know is okay, it’s probably safe to grant access. However, if you get an unexpected access request — one that pops up when you didn’t just start a program — then it’s safer to deny access.

To see if your computer is an open door to the bad guys, or to see if your firewall is doing what it’s supposed to do, check your ports at GRC ( Make sure to check the Windows File Sharing and the Common Ports to see if you’re vulnerable to attack.

Windows Updates – How can I choose what to install?

Microsoft introduced the concept of Patch Tuesday a few years ago. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on the second Tuesday of the month. Windows Update is a service that provides updates for the operating system and its installed components. Microsoft Update is an optional feature that can be enabled to provide updates for other Microsoft software installed on a Windows computer, such as Office. These updates can come anytime throughout the month.

If your computer is setup to automatically download and install updates, you will get any and all updates and patches, both good and bad. By default, the automatic settings will check for updates at 3:00 in the morning, every morning. If you turn your computer off at night, it never has a chance to check for updates so if you want to keep the automatic settings, you should change the settings to a time when you know the computer will be on. To change the settings, open the Control Panel and double click on Security Center. At the bottom, you can choose to manage settings for Automatic Updates.

My recommendation is to change the setting to the second option, which is to download the updates but let me choose when to install them. What happens then is that the updates will download and there will be a yellow shield down on the right by the clock. When I double click on it, I will have the option for an “Express Install” or a “Custom Install”. I always choose the custom install. That choice lets me pick which updates and patches to install.

I will always install security patches and program patches, but I never install new service packs when they’re first available. I’ll uncheck those and install the rest. I’ll continue to uncheck them until I know they are safe to install.

Just to be clear, when I see that shield, I will always check what’s downloaded and install what’s appropriate. The bad guys out there wait for the patches to come out also so they can create programs that hit all computers that aren’t patched. Lately, that attack will come the day after the patches are released so it is very important to install them.

Every so often, you will get a notice from another program, such as Adobe, that it has an update available. Should you install those as well? I’d say yes, since virus writers look for holes in most of the popular programs that people will have on their computers and will attack those programs as well.

I know it’s a hassle to do these updates, but do them since it’s more of a hassle cleaning an infected computer.

NOTE: One other important matter; create a system restore point before doing any updates. That way, if an update messes up the computer, you’ll be able to restore it to the point just before you did the updates. For instructions on creating a restore point in Vista, click here, For XP, click here. You can download a great document from Microsoft for securing your Vista computer here.

Cool Tools to Save on Shipping – From PC World

Whether you’re shipping a holiday gift or an item you’ve sold on eBay, these tips and sites can help keep costs down. – JR Raphael

Oct 16, 2008 5:50 pm

We’ve all been there: You find the perfect present, wrap it up, and take it to the post office–only to discover that the shipping costs as much as the gift itself. As the price of gas has climbed, package carriers have more than doubled their fuel surcharges since last year, and we’re left to foot the bill.

Sending your holiday cheer doesn’t have to break the bank, though. Surfing to the right sites can save you time and money, and spare you needless frustration, so don’t buy a single stamp before reading on.

Read the entire article here (