Tuesday, July 05, 2005
Stupid spam? We all receive it, I'm sure.
I mean the kind of spam email that is so obviously malicious, evil, con artist, or got a computer/network bomb hidden inside it, waiting for some fool to open it, open its attachment, or click-select a link contained in it.
Stupid spam: the false email trying to trick you into opening it.
When you open it to read it, you are sending a signal back to the spammer that your address is valid and active. Then your email address gets sold to other spammers, cyber-vandals, digital bandits, and perhaps computer terrorists.
Don't even open any email from any unknown sender.
Or from a known sender, when it doesn't seem right.
For example, I don't have an eBay account or a PayPal account. So when I see emails in my inbox, with subjects regarding updating or verifying an account, I know it's spam or virus email.
What if I did have a eBay or PayPal account?
First, I would not give them my email address. If you have to, then at least don't open any email from them.
Instead, if you think an email is legit from them, delete the email unread, and visit their site, and check on your account, to see if it needs any attention or correction.
Some stupid spam I've found recently.
I won't make any comments. Just look at these and figure out for yourself why I refused to open and read them, why I deleted them.
SUBJECT: Cheating on your wife?
SUBJECT: Take action now, eliminate the threat
SENDER: (unknown sender)
SUBJECT: (no subject)
SENDER: Dorothy Golden
SUBJECT: Additional Agreement #284-907 Do you wish to see and join sex with porn stars?
SUBJECT: PayPal Security
SENDER: c snell
SENDER: blake [at] spreadfirefox [dot]com
SUBJECT: [spread firefox] Trotz Stellanabbau
SUBJECT: eBay PowerSeller Invitation
SENDER: chris smith
SUBJECT: CAN I TRUST YOU IF SO REPLY,
SUBJECT: Security Update!
Now, let me conclude with an excerpt
from an article at eWEEK.com:
"Email Hoaxes Spread Latest Threats"
by Michael Myser
June 29, 2005
Celebrity trials and current events are again the vector for virus and malware writers hoping to infect distant computer systems.
This week, e-mails claiming Pope John Paul II was murdered, Michael Jackson has died, and Osama bin Laden has been captured all tempt recipients to open the attached file or link for details, which launches the W32/Kedebe-F worm. ADVERTISEMENT
First reported Tuesday by security firm Sophos Plc. in the United Kingdom, the worm disables security software and then creates its own messaging engine to spread itself via e-mail and peer-to-peer networks.
Sophos also said a separate e-mail scam appeared this week, which poses as a virtual postcard but in fact infects users with several Trojan horse programs that can record and pass on personal details and bank passwords.
Although if a system is infected, the results can be devastating, for the most part the hoaxes are utilizing code that's been used previously and hence users are protected if they have updated virus definitions and Microsoft Corp. patches.
PointerRead details here about a smart-phone Trojan horse that poses as an anti-virus application.
"These aren't that much different in behavior from a lot of the others we see, and they're again using some sort of hook to get people to open them," said Ted Anglace, a senior security analyst in Sophos' Boston office. Anglace said enterprises could be a bit more vulnerable, as most do not typically use automatic updates from vendors, leaving a slight window in which systems can be infected.
eWEEK.com Special Report: Worm Attacks
The postcard e-mails tell recipients they've received a postcard and give a Web site link where the user can view the postcard. The site hosts the malicious code and installs the Clsldr-D Trojan and six others that can exploit Microsoft software vulnerabilities.
A third e-mail hoax purports to be a Microsoft Security Bulletin, encouraging users to immediately install the update, which spreads an SDBot variant, potentially giving attackers full unauthorized access to the computer.
The SDBot is designed to help establish botnets, which can be used to send spam or launch distributed denial-of-service attacks against corporations and Web sites. Security firm Websense Inc. reported the scam Tuesday as well.
Social engineering scams have long been a favorite tool of virus writers hoping to create widespread havoc. Mentioning everything from the FBI to famous figures like Paris Hilton and Anna Kournikova, the hoaxes often prey on the fears, desires and popular-culture interests of computer users to draw them into the scams.
[signed] Steven Streight aka Vaspers the Grate
Posted by steven edward streight at 7/05/2005 01:21:00 PM