The Internet Storm Center is reporting that several AV vendors have confirmed that the recently patch IE 7 vulnerability (MS-09-002 Uninitialized Memory Corruption) has been reverse engineered by the malware writers (so quickly!)
Original release date: February 6, 2009 at 10:03 am Last revised: February 6, 2009 at 10:03 am
US-CERT is aware of public reports indicating that phishing scams are circulating via fraudulent U.S. Internal Revenue Service emails offering users stimulus package payments. These emails include text that attempts to convince users to follow a link to a website or to complete an attached document. The website and document request that the user provide personal information.
US-CERT encourages users to do the following to help mitigate the risks:
* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
(pdf) document for more information on social engineering attacks.
Relevant Url(s):
====
This entry is available at: http://www.us-cert.gov/current/index.html#irs_stimulus_package_phishing_scam
It took less than 3 months for the Spammers to ramp up their production to 90% of where it was pre-McColo takedown in November 2008 according to a number of reports and graphs available online.
Lance Atkinson, a prolific spammer since 2005 as part of ‘HerbalKing’ the
‘#1 worst spam gang of 2007, 2008′ according to the Spamhaus ROSKO list has been fined only $92,715 AUS (about $63,400 USD) by authorities because, according to Justice Christine French of the High Court in Christchurch, of the co-operation and candor of Lance in the early stages of the investigation.
The CAN-SPAM Act was passed into law in the USA in December of 2003 or some 5 years ago. What is the track record of that law? Has it been effective in stopping all spam?
Why leave the door open to a hacker after hours. Using a schedule to block this feature is like pulling down the security bars you see in the mall. Using this same feature you could restrict inbound e-mail to reasonable hours.
Every year at the holidays we see an upsurge of ‘postcard ware’ based malware. They look like a e-card from a loved one so you are enticed to open them up and while some do display a pretty picture or a play a nice tune in the background they are infecting your pc.
The DSBL list which was used by some anti-spam systems to block open relay and proxy servers that could be used by spammers to forward spam has been taken off-line.
Over at IT Business they are reporting that Internet Relay Chat or IRC is again a popular place for Cyber Criminals to hang out and market their ill-gotten gains. With a market estimated at 7 Billion dollars you can be sure that they aren’t going away anytime soon.
Some sites that you go to want you to register and provide a valid e-mail address to send you your password or a signup verification link.
|
Technical Services Manager, and Optrics' point person for email security |
| Shaun Sturby, MCSE | |
