You know the ones – “Package Tracking Details”, “Fedex Shipment Details” or “Express Tracking Notification”.

If you regularly deal with these companies it may not come as a surprise, but if you’re not expecting a shipment, you may be thinking of clicking on the links to check this “shipment”.

As usual, it’s a good idea to not click the links! Try logging into your account on their actual website, or call them to check.

With the coming Holidays, it’s only natural to expect some shipments – and the spammers are taking advantage of this, and even dropping names like “Amazon” or major store names to try and lure you to click on their links and load their malware on your computer.

- Take care when reading these emails, and be careful what you click on.

Some firms do their own spam and virus filtering with an appliance like the Barracuda Spam & Virus Firewall, . However, some don’t have their own I.T. resources, or simply don’t want to manage their own appliance.

That’s the advantage of a “Cloud-Based” Spam Filtering service – it’s set up for you, and managed for you. You also don’t have to bother with updating spam definitions or other subscriptions.

There are several services available on the web, but it’s important to ask yourself some questions like:

Is it important to be able to contact them (and talk to a live person) easily?

Can I add people to my whitelist or blacklist?

It’s a free downloadable guide, so if you want to get some tips on choosing a spam filtering service, you can check it out easily. There an opt-in form on the top right of the site, and after confirming with AWeber, you get a link to the guide.

SPAM, PHISHING & ONLINE SCAMS

–US Financial Crisis Ripe Pickings for Scammers

(October 2, 2008)

The mergers and acquisitions of banks resulting from the US financial crisis have provided new opportunities for online scam artists. Attacks have been seen in which the customers of a bank are asked to provide account information and other personal details to the bank’s new owner for verification purposes. Banks would not ask for such information online; it would be done through paper mail.

http://news.cnet.com/8301-1009_3-10057180-83.html?part=rss&subj=news&tag=2547-1009_3-0-20s

Never supply personal or banking information to someone who asks for it on the Internet or if they call you as both the e-mail address and the caller ID information can be spoofed making you believe you are talking to your friendly neighborhood banker when in actual fact you are talking to a scam artist half the world away. I have a stock phrase memorized that everyone in my family is getting very good at using when someone claiming to be from a bank or financial institution calls.

Commtouch Anti-Spam Cartoon

John never knew how many friends he had…until he opened the door to a truckload of spam. A short, funny movie about Commtouch RPD technology.

SonicWALL Anti-Spam Desktop

Tired of getting loads of spam and phishing emails in your Inbox? SonicWALL has a powerful, yet easy-to-use solution that can help. It’s called SonicWALL Anti-Spam Desktop and it works with Outlook and Outlook Express on your PC. Join Big Al as he provides an overview of this great desktop solution that protects you against spam and phishing emails.

Gmail Theater Act 1

Gmail Theater Act 1: Attack of the Spam

Gmail’s great spam protection in action…puppet action, that is. Learn more at http://www.gmail.com .

This makes sense as some names are more popular and thus easier for the spammers to guess. I happen to know lots of people

–Dutch Police Notify Users Infected with Bot Malware

(August 8, 2008)

Dutch police have notified people whose computers were infected with malware that made them part of a botnet comprising more than 100,000 PCs. People were redirected to a web page containing directions on disabling the malware and a link to an online virus scanner. The police were able to automatically forward the infected users to the help page because they have taken control of the botnet. A 19-year old man was arrested last week when he tried to sell the botnet to someone in Brazil for GBP 25,000 (US $47,839).

You can view the whole article by going to:

www.computerworlduk.com/management/security/cybercrime/news/index.cfm?NewsId=10427

While the computers comprising a botnet are typically left infected but without direction when the bot herder is caught, the action by the Dutch Police in this case is an interesting turn of events.

My question to you is if your PC was infected and there was a way to inform you about it would you like to be informed

With this in mind Watchguard released some nice video tutorials about network security that are entertaining and have some excellent ideas worth showing your average user.

Similar in style to the French children books

Eddie Davidson fugitive Spammer in Murder-Suicide.

• www.theregister.co.uk/2008/07/25/fugitive_spammer_slays_family/

Soloway given 47 month prison term.

• www.theregister.co.uk/2008/07/23/soloway_sentenced/

- Shaun

New Storm Worm Activity Spreading

Original release date: July 29, 2008 at 9:41 am Last revised: July 29, 2008 at 9:41 am

US-CERT is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file “fbi_facebook.exe” to infect the user’s system with malicious code.

Reports, including a posting by Sophos, indicate the following email subject lines are being used. Please note that subject lines can change at any time.

• F.B.I. may strike Facebook
• F.B.I. watching us
• The FBI’s plan to “profile” Facebook
• The FBI has a new way of tracking Facebook
• F.B.I. are spying on your Facebook profiles
• F.B.I. busts alleged Facebook
• Get Facebook’s F.B.I. Files
• Facebook’s F.B.I. ties
• F.B.I. watching you

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Relevant Url(s):

• www.us-cert.gov/cas/tips/ST04-014.html
• www.sophos.com/security/blog/2008/07/1599.html
• www.us-cert.gov/reading_room/emailscams_0905.pdf

====
This entry is available at:

• www.us-cert.gov/current/index.html#new_storm_worm_activity_spreading