Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« November 2006 | Main | January 2007 »

December 29, 2006

It's Dangerous Out There Permalink

A story at the Internet Storm Center should send shivers through the spines of everyone who has friends and relatives who don't practice safe computing. If you're not into the techy stuff described there, here's an English language synopsis:

An innocent Web search to find the side effects of a prescription drug yielded a link whose destination could send an unpatched Windows PC into a tailspin. Visiting that page triggers a chain of events that ultimately attempts no fewer than five attacks on your system. The goal of the five attacks is to find at least one way to seize control of the visitor's PC and load bad-bad-bad software on it.

At the time this was discovered, no antivirus software blinked an eye on the downloaded worm. But because the attacks were going after previously known Windows holes, a fully updated Windows operating system was apparently not vulnerable. Even so, with so much happening these days with zero-day exploits (exploits propagated before they're reported and patched), there's no reason why such a Web site couldn't find a way into the Windows PC of even the most vigilant and wary visitor.

The truly scary point here is that clicking the links you find on results from a search engine you know and love can lead to disaster. Search engines do not filter out bad guys who manage to work their way up the search engine results ladder—and belive me, the bad guys are desperately trying to do that so as to capture more and more PCs for use in botnets and to siphon off all email addresses stored on the computers (to spread their crap through spam that links to the same pages—the Circle of Strife).

It's so sad that one of the truly fun things about the Internet—clicking on new links to expand one's mind—has become the avenue to explode one's computer.

Posted on December 29, 2006 at 09:12 AM

December 20, 2006

Websenseless Permalink

A company called Websense makes software that claims to help companies block employees from visiting malicious Web sites. I don't know how good the software/service is, but any tools that can help unsuspecting users from screwing up their computers should be a good thing.

What I don't understand, however, is why the server logs for this Web site—spamwars.com—occasionally list floods of hits from what appear to be Websense installations blocking access to this site. I have emailed Websense support twice about this, but they do not reply to explain what's going on. Is spamwars.com banned? If so, why? Websense and spamwars.com are on the same side.

As the texters thumb, "WTF?"

Posted on December 20, 2006 at 09:52 AM

December 19, 2006

This "Millionaire" Should Buy Some English Lessons Permalink

Saw this lulu of a spam message today:

Subject:I'm the millionaire, everyone can become them!
VPTT is an adaptive trading system, that works with two strategies one for trading range prices (cycle mode) and another for trending mode. By means of this system for last year I have earned 2345290 $! I not greedy, and now this trading system am accessible to all! The truth for the small favor http://[removed]

If you follow the link, you reach a web page with the same text and a graph that is supposed to represent the last month's equity growth. But if you download the file and run it in a PC, you will give your PC away to a crook who loads all kinds of crap onto your machine and takes control.

I not stupid.

Posted on December 19, 2006 at 07:28 AM

December 10, 2006

One Way a Hijacked eBay Account Gets Used Permalink

A friend of mine passed along an email received by a legitimate eBay seller of fine art. The seller had an antique photograph up for auction that also had a "Buy It Now" price of $450.00. Another eBayer bought it now and then sent the following message:

hello ,
One of my client has told me to help him to purhcase your your item .After looking at the adverts on ebay ,i noticed you have it for sale and i have clicked buy it now .BECAUSE THE ITEM IS NEEDED TOWARDS THIS COMING XMAS.Please get back to me i will like to pay you CASHIER CHECK. Send me you NAME .My CLIENT would prepare and send you a CASHIER CHECK for payments as soon as i hear from you.i would also want you to know that you would send any excess funds on the CASHIER CHECK after deducting the totaL cost of your item ,and any excess funds on the CASHIER CHECK would be my own profit +shipping+costom clearance.
I WILL HANDLE THE SHIPPING OF the good myself you do not have to worry your self about the shipping i will send DHL to come and pick the item because the item will be shipped to AFRICA and the funds would be sent to me via western union money transfer.I await your reply with necessary information so payments can be sent immediately. and i will need ur Honest.

The message included a copy of the eBay "end of item" notification that showed the buyer's account name, address (in New York state), and so on.

The problem, however, is that the human buyer who had clicked the "Buy It Now" button and was now sending payment instructions (more on that in a minute) was not the human who originally opened the eBay account. The original account owner had been duped by an eBay phishing message to give up his username/password to crooks. They immediately changed the password and email address on the account so that the original owner could not recover the account and any good feedback ratings that he had accumulated.

Now comes this schmuck with the payment instructions that follow an all-too-familiar advance-fee scam formula. The cashier check arrives for substantially more than the payment; the seller deposits the check; in a couple of days, the bank says the check has cleared; the seller wires the balance of funds to the crook; a couple of weeks later, the cashier's check comes back, having bounced to High Heaven; the seller is out all the money and the expensive item now shipped to Africa; the bank that had told him the check had cleared offers zero sympathy.

The crooks use this stolen account for several of these transactions until bilked sellers complain enough for eBay to kill the account. By then, plenty of items and bucks may have been ripped off from honest sellers who aren't aware of the scam. And even if they are aware of the scam, they have to relist the item and appeal to eBay to recover the listing fees. Aaargh!

Phishers need to be strung up!

Posted on December 10, 2006 at 12:08 AM