An anti-virus goof; security awareness; and a return visit from some old friends; phishers, and sasser

Published: 2004-11-17
Last Updated: 2004-11-18 03:20:50 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
The day started out with a potential disaster that seemed to avert itself fairly quickly. A report came in regarding an anti-virus package marking java .class files as infected. This could cause a lot of mayhem. Fortunately the vendor caught this fairly quickly and posted an update. So if your AV is behaving in this way then please go check the vendor for an update.

I am not mentioning the vendor since they do not need the publicity and their customers know who they are.

Lets talk about security awareness for a minute. No really, wake up, sit down and read this! The biggest events of the day from where I sit were related to phishing, which brings a useful newsletter to mind. The SANS OUCH! or OUCH: The Report On Identity Theft and Attacks On Computer Users
It is a bi-weekly newsletter covering the latest phishing and social engineering threats. It is addressed to users not technical folks. Go check it out at http://www.sans.org/newsletters/ouch/

Old friends

So the phishing instances I saw targeted Suntrust Bank. The interesting part that I nearly missed (thanks Tom Liston for being more persistent than I) is that they are checking the user agent of the browser. User Agents (browsers) they are not prepared to fool get redirected to the actual back site. But vulnerable browsers such as IE 5.5 and 6 get the full enchilada, a phony bank site. After 2 failed logins (third time is the charm) the user gets sent to a form where they can validate their credit card per the email that directs them there. This is all standard stuff except for the user agent part.

The next phish targeted Paypal users saying:
This email confirms that you have paid phonebuyer
(phonebuyer451@yahoo.com) $278.99 USD using
PayPal.
And provides a bogus link to protest the fee. All in all nothing new. This ends the awareness session.

We had a minor bout of sasser brought to our attention as well late in the day. Serving as a reminder to me, we can not forget yesterday's troubles yet. They are still there and will come back to get us - we have to stay sharp.

Cheers!

Dan Goldberg

dan /at/madjic /dot/net

MADJiC Consulting, Inc
Keywords:
0 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives