Archive for the 'botnet' Category

Nov 24 2009


New phishing scam:”Watch for errors on Social Security statement”

A new phishing scam is showing up and being caught by the district’s spam filters.  Please be wary of these scams in your personal e-mail accounts.

 

The scam comes posing as a message ostensibly from the Social Security Administration:

From: [email protected] [mailto:[email protected]]*
Sent: Mon 11/23/2009 5:28 PM
To: [Name Deleted]
Subject: Watch for errors on Social Security statement

Due to possible calculation errors, your annual Social Security statement may contain errors.

Use the link below to review your annual Social Security statement:

——————————————————————
This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.

If you click on the link, it takes you to a page that requests you “verify” your personal information, including your Social Security number. If you are foolish enough to do so, the site will say that it is generating a report on your account status.  You will then be asked to download a file called “statement.exe”, which is presented as a self-extracting ZIP archive.  In reality it is a Trojan called Zeus that will steal any banking information on your computer and turn your machine into a “zombie”, part of a bot-net controlled by criminals without your knowledge.

Pleast note a couple of characteristics of this phishing message.  First, the sender could be from any number of domains, but it will NOT be from “ssa.gov”, the domain of the Social Security Administration.

Second, if you hover your mouse over the link, you will see that the domain address of the link STARTS with “http://statements.ssa.gov”.Sounds official, right?  But remember that the true domain of a web URL is the last two components of the URL before the first “/”.  For example, in the address “http://www.egusd.net/”, the domain is “egusd.net”.  Looking more closely at the URL from the phishing e-mail I examined, the URL was “http://statements.ssa.gov.ujilld.be/”. So the actual domain this URL is directed to is “ujilld.be”, which is located somewhere in Belarus. The scammers added the “statements.ssa.gov” to the beginning of the URL to fool the unwary.

Finally, remember that agencies like the Social Security Administration will neve ask for your information in this manner.  If you receive e-mails like this and are concerned, go to the phone book and look up the number of the agency in question and call them. 

Happy Thanksgiving!

No responses yet

Nov 10 2009


Is “always on” always best?

Filed under botnet,malware

We’ve come a long way from the days of the dial-up modem as a way of accessing the Internet.  Nowadays, most users with home Internet access have a high-speed broadband connection like DSL or a cable modem.  These connections allow us to surf the web quickly, providing access to fast downloads, streaming media and many other great features.

One feature of a broadband connection is that it is “always on”.  That is, rather than requiring you to connect to your Internet Service Provider (ISP) and log in each time you want to access the Internet, your connection is always available.  All you have to do is sit down at your computer and start surfing.  This is a great time-saver, but it can open you up to the possibility of having your system attacked and your personal information stolen or having your computer become part of a “botnet”, to be used for any number of illicit or nefarious schemes.

So how can you protect yourself in these situations?  What are some best practices? Here are a few suggestions: Continue Reading »

No responses yet

Oct 28 2009


Facebook users target of botnet herders

Users of Facebook are being targeted by controllers of a botnet by the name of Pushdo. A “botnet” is a collection of computers connected to the Internet that have had malicious software (called “bots”) installed without the owner’s knowledge. This software allows the botnet “herder” to take control of the computer and issue commands for any number of purposes. These computers with the bots installed (often called “zombies”) may be used as part of denial of service attack, they may be used to steal personal and financial data, or used to crack the encryption on a secures system.

This particular attack takes the form of an e-mail to the Facebook user telling them that their password has been reset. The user is asked to open an attached file which supposedly contains the new Facebook password, but which actually downloads the malicious software. The Pushdo botnet then turns the zombie into a spam server, sending e-mail messages to users around the world. It is believed that this botnet may be responsible for the spam/phishing campaign with e-mails purportedly coming from the FDIC (see previous post).

To minimize the risk of your home computer becoming part of a botnet, you should always keep your anti-virus up to date; utilize any anti-spam features available though your e-mail provider; never click on links or download any software that you did not request; and turn your home computer off or disconnect it from the network when not in use.

For more information, please see:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1372558,00.html.

No responses yet