In the past few weeks we have been hearing a lot about companies having their customer data compromised by SQL injection attacks.  Barracuda Networks, RSA, Comodo, and HB Gary to name a few have all been compromised and now we await the fallout of those exploits.  One way hackers use that data is to create targeted phishing attacks aimed at those customers posing as the company they have a relationship with.  Obtaining names, addresses, phone numbers, security answers, and email addresses is more than enough data to trick people into making huge mistakes.

Data Compromised, Now What?
With this data a phisher can craft an HTML email campaign disguised as a company you normally deal with. The correspondence usually comes in the form of an email explaining to you that a compromise has occurred and that you should log into their system immediately to change your password. The fake link looks authentic but clicking that link brings you to a dummy site where to collect your username and password. Usually after you enter that data and click login it will tell you the breach did not affect your account and no further action is necessary.

The damage has been done.  The phisher has successfully acquired your username and password.  If you are like most people, you use a common variation of your password, a word + a year, a word + a number, etc.  So with one password a hacker can then brute force other accounts to obtain access to those other sites you might belong to.

So Phishing Is?
Phishing is the act of a hacker disguising himself as some other entity or web site purely to obtain additional information, whether it be passwords or other secure information.

What do I do now? What don’t I do now?
In all honesty, stop doing things online that you probably shouldn’t.  Online banking and mobile banking are bad ideas.  They are convenient but extremely risky and any bank that tells you they are safe are misinformed.  Some banks say they log your IP address and will not let anyone in unless the IP matches. Unfortunately, the phisher can pull your IP out of their web logs of the site you were tricked into going to. Spoofing their IP address with yours takes about 5 secs from the command line.

1. Don’t bank online or on a mobile
2. Any data you keep online is at risk of being compromised
3. If they want it, they get it
4. Do not click on links in an email posing to be your bank, auto dealer, etc, just go to the main site yourself by typing it in your browser address field
5. Never click an attachment from someone you do not know, even if its a word doc or a PDF or Flash file
6. Use a SPAM FILTER, if you don’t have one get one. Most email apps include a rudimentary one, turn it on
7. If you think your account(s) has/have been compromised call your vendor’s tech support and change your security settings over the phone or in person (ie at your local bank)
8. If your PC/Mac is acting funny, your friends complain that you send them gibberish emails or ads, or your internet is super slow, bring it to someone who can properly diagnose whether you have malware, a virus or something else

Barracuda Networks

Security vendor Barracuda Networks recently exposed themselves to an attack when they put their own web filtering firewall appliance in maintenance mode.  Hackers took only minutes to recognize the vulnerability and quickly went to work scanning, finding and pwning their website.

Hackers were able to pull off an SQL-injection attack allowing them to expose sensitive login data of Barracuda’s partners and customers.

Unlike most other lame security vendors, Barracuda actually owned up to the screw-up.  Not that that helps any.

Adobe Flash Vulnerability

Adobe announced that its popular Flash media player has a security flaw that has been exploited by embedding a malicious flash file in a Microsoft Word document.  This vulnerability could allow an attacker to crash and/or take control of a users computer.  The flaw affects Adobe Flash media player for Windows, Macintosh, Linux, Solaris as well as Chrome and Android.

Adobe has acknowledged the flaw and is working on fix but there is no date scheduled for this update.  Adobe has also acknowledged that Adobe Reader and Acrobat running on Windows and Macintosh are also affected.  A fixed release for Adobe Reader for Windows will not be made available until June 14th.  Adobe Reader and Acrobat for Unix and Android OS are not affected by these flaws.

Please make sure if you are aware of any suspicious emails containing word attachments.

Well, as many of you may or may not know I am a huge Mac guy.  I know more and more people who are switching from the PC to a Mac whether it be at home or in their offices so I wanted to post a product review that can help you conquer SPAM on your Mac.

The product is called SpamSieve and I have been a long time user for some 4 years now.  It’s a very simple program that embeds itself in whatever Mail application you are using on the Mac, I use Apple’s Mail app.  It’s fast, efficient and has everything I want in a mail program.

You can download SpamSieve and install it on your Mac in no time at all.

1) Download SpamSieve -> you can download the free trial or spend the $30 for the real thing, I highly recommend getting the real thing as it is very worth it.

2) Drag the Application to your Applications Folder

Installing SpamSieve from the DMG file

3) Quit your mail program and open the SpamSieve Application
4) From the SpamSieve Menu -> Click to install the appropriate plugin for the mail app you are using

Select the Mail Program you want to use SpamSieve with

5) Run your Mail Program

Once you run your mail program from now on SpamSieve will automatically start and place a SpamSieve Window on your screen that looks something like this…

This window will give you up to date stats on exactly what is happening with your spam scanning process.  We’re not done yet though.

Training SpamSieve…

We’re not done yet… Now we have to train your SpamSieve.  If you keep all of your emails like I do, even junkmail then this step can probably be done in a couple of minutes.  If you are a deleter of your mail then you will have to train your SpamSieve over time.

Basically, every time an email or a few emails come into your inbox you can train SpamSievce to recognize them as Spam or recognize them as being Good.  To do this, click on the email or any number of emails you want to train and then click the Message menu and choose how you want to train the email… like this…

Train your mail in SpamSieve

And that is pretty much all you need to do to get things started.  Now, don’t expect miracles.  The algorithm only works on mail you train as good or spam.  But over time it should get really good at recognizing your mail and putting it where you want it to go.

One note I want to make for those of you with email accounts on your mobile phones, since SpamSieve runs on a desktop if you use an IMAP account it will filter spam and prevent it from going to your iPhone, iPad or other Mobile device automatically.  That said, if you are using a POP3 account your SpamSieve will only take care of the mail on your computer.

I hope this has been helpful, good luck!

For all of you who are actively conducting a job search and there are a lot of you, take note of this warning.  The phishers are actively harvesting private data in very devious ways.

I responded to an ad on Craigslist the other day for a job opening with the following title, Senior IT Executive (North Jersey).  Here is the link…

http://newjersey.craigslist.org/tch/2180772287.html

I wasn’t interested in this job as it only paid $15 – 21 per hour which is a joke if you are looking for a senior person.  That said, I did receive the following reply….

From : Lindsay Slayton <huqazefezaz95@hotmail.com>
Subject: RE: Senior IT Executive (North Jersey)
Date: February 14, 2011 8:43:11 AM EST
To: Mark Moloughney <mark@moloughney.com>

,-=__ -==,-,=,=.=-.=.==_--=.-=_.-==_,_,.
_-_.__=.=,.-,.,,..,,-_=-=.=,==
____=,,_-=,._-=.=.=___==..=..=,,-,,=
_.=.-,—.=.,-_.=,,_..=-,.-_,.,=-=-

Hi Mark,

Thank you for your interest and your recent resume submission. My name is Lindsay Slayton and
I am the Human Resource Manager that is in charge of the hiring process for our company
VSD Property Management. I’ve look over your application and due to the high amount of
replies that we’ve gotten regarding our recent classifieds posting, I wanted to contact
you as soon as possible and see if you would be interested in setting up an interview with us.

Before I continue let me tell you some background information about VSD Property Management:
We are an established Rental Company that was founded back in 1984 and we‘ve grown immensely
since then. Unlike other rental companies, we hope to foster a fun yet efficient environment
for our employees since we have the firm belief that if we provide our employees with a
welcoming work atmosphere we will see an increased return in productivity. Candidates should
consider themselves self-starters and be able to work efficiently with minimum supervision. Other
skills like great interaction with employees of all levels of the firm, strong communication
skills, organization skills etc. are also valued very highly.

Our company aims to build a strong bond with its employees and therefore we offer benefits
packages for you and your family plus we thrive to pay our employees a higher hourly wage than
any of our competitors. We will be discussing compensation and benefits a little bit more in
detail during our interview when we are in a more private environment instead of public emails.

Now due to our policies I will not be able to schedule an interview with you until you have
filled out one of our online applications which can be found on our company website.
Please visit http://vsdmanagement.com/application/ and fill out our short application so we can move on
with the interview process. Each applicant is required to have a personal application code
in order to fill the application.

Your code is: 6MJ5QZgN6X0

Since we have received such a high number of replies to our job posting I will only be able to
hold your application on my desk for 1-2 days more so please do not wait too long to fill out
our online application! I will contact you as soon as I receive your online application!

Now if you have any questions please feel free to contact me!
Hoping to see you here for an interview soon,

Lindsay Slayton
Human Resource Manager
VSD Property Management

,==-,-=._-=–,=-=.,__.,,._-=-.-.–
——.=..==–..==_,=.-.=_–=_.-=.=_=,..,
_-_-,_,-,..-–,_,_.–=-.,..–.
-==,._,=-.=,_-=-.,_.__–_.===,
._=_,___-=-=,._,,_=,..=-==_-_.=.,-_=-___=_.=

So let’s look at this shall we.  First things first.  The FROM says the message is from Lindsay Slayton but the actual email address says huqazefezaz95@hotmail.com.  So there are a couple of no-nos here.  First off the name of the person and the actual email address do not match.  Now this is common if you are emailing with friends but not in a professional environment.  What company would have an HR person respond to a job submission via a Hotmail account.  Unlikely at best.

Next, the first line says that I submitted a resume.  Haha.  I didn’t but for those of you who did, be careful.  Any private information in that resume is now being harvested and used against you.  Hello identity fraud.

Thirdly, she says she works for VSD Property Management which does not meet the description of the original job posting.

Lastly, she (probably not a she by the way) tells you in order to set up an interview you have to fill out a questionnaire online which undoubtedly asks a number of personal questions including your Social Security number.

Oh… One more thing.  I did a whois on the domain name mentioned in the ad and it comes back as being registered to the following individual…

Vsemil Sobolev (VsemilSobolev@pochta.ru)

So this guy is in Russia trying to harvest US data.  BE CAREFUL OUT THERE…  And please pass this on.

Mark

Okay everyone…. I am back with my article today on the various types of SPAM…   We all get SPAM, whether it be an advertisement from one of our credit cards, from a company we ordered something through over the web or from someone or something we have never bought or ever seen before.

Adult Content Spam

These are mass attempts at trying to lure people to webcam or other adult websites where you have to sign up to join a chat or dating service.  Also, links and redirects to other porn sites of various genres.  Adult Content spam is probably the most common type of spam in the world right now.

Health/Pharmaceuticals

Viagra, oops V!@gra, or C1al1s..  C’mon, you have all seen them.  They all show up with various letters and representations of letters in a never ending battle to avoid detection from spam protection software.  Pharmaceutical companies make billions (not millions) billions of dollars a year in revenue from these ads each year.  And when money like that is being talked about, and their enormous lobbying contingent its no wonder why there is no end in sight for these types of emails.

Fraud Letters

These are my favorite form of spam believe it or not.  It amazes me how pathetic and low these people actually are to go through the lengths they go through to ruin people’s lives and to rob them.  Amazing.  Now I know Nigeria, Benin, Ghana and the likes are all poor countries.  I get it.  I do.  But there is simply no reason to try to earn a living this way.  Just so you know, if anyone sends you an email promising you any amount of money in return for a fortune later just delete it.  Believe me.  It’s a scam.  And you will be appended to a long line of idiots who have been taken by low life east african scum.  So just delete it.  Now there are some other clever variations of these letters, some claiming you have won a lottery, some asking for personal banking information to claim long lost money in a banking account you weren’t aware of, etc etc.  We all know the old adage, if it is too good to be true, it probably is.

Well, these are the most common forms of SPAM.  They are probably in your mailbox or junk folder right now.  Be on the lookout and never send money to anyone you do not know.  It’s a scam.

In the coming weeks I will spend time breaking apart known spam and show you how to best protect yourself and your computers from the dangers they pose.

I hope you enjoyed reading… I’ll be back soon…

Mark

Welcome to the wonderful world of combating SPAM, Spyware, Phishing attacks, viruses, trojan horses, malware, email scams, and other attempts at threatening your web and email security.

On a daily basis I will add my take on various anti-spam products, describe their effectiveness and their weaknesses as well as prepare you for your own safety on the internet.

Here are a few things you should never do while reading your emails or browsing the web…

1) Don’t click on any links in emails.  NONE.  NEVER.  Whether it be from your bank, a friend, or someone you do not know.  Don’t click on it.  Links may not be as they appear and they may not be from who the message is supposed to be sent by.  Don’t click them.

2) Don’t open emails from people you do not know.  SPAM works in various ways, sometimes they have elaborate pictures which may be downloaded from an outside website, they may contain malicious code that automatically runs when opened.  So don’t open any email from anyone you do not know.

3) Get protection.  Buy a spam blocker or use the built-in spam blocker or junk-mail filter that comes with your email program.  In the coming days I will thoroughly explain how to download and install products that will protect you from SPAM.

4) Read.  Read this blog, read the RSS articles to the right by Barracuda and Symantec.  These feeds can provide you with valuable information and help you learn about the threats that you face on a daily basis.  They are FREE.  Read them.

Wel, that’s it for now.  Tomorrow I will go through some of the popular forms of SPAM and how to combat them.

I hope this information will help you and protect you while you explore the web and all the wonderful and NOT-SO-WONDERFUL things it can bring you….

Bye for now…

Mark