Phishing attacks focus on AOL and AOL Instant Messenger users

The latest phishing campaign I have been seeing targets users of AOL Instant Messenger.    Users are sent an e-mail with a subject line reading something like “Your AIM account is flagged as inactive”.  If you open the message, the body of the email will read somehting like this:

Dear AOL Instant Messenger (AIM) user,

Your AIM account is flagged as inactive. Within the following 72 hours it’ll be deleted from the system.

If you plan to use this account in the future, you have to download and launch the latest update for the AIM. This update is critical.

In order to install the update use the following link. This link is generated exclusively for your account and is available within a certain period of time. As soon as this link is not available anymore you will get another letter.

Thank you,

AIM Service Team

This e-mail has been sent from an e-mail address that is not monitored. Please do not reply to this message. We are unable to respond to any replies.

Of course, downloading and running the application at the linked site merely installs a Trojan, which makes your computer a part of a bot-net and can be used to steal you personal and financial information.

Microsoft IE Patch

Happy New Year!  Yes, I know the New Year is almost a month old, but since this is my first blog post this year, I thought I would say it anyway.

Now to the important stuff.  There was a new bug discovered in Microsoft’s Internet Explorer.  This bug was considered to be such a serious security hole that they took the unusual step of issuing an “out of band” hotfix – meaning that they issued it right away, rather than wait until the normal Patch Tuesday release.

According to SC Magazine:

Microsoft on Thursday delivered an emergency patch to correct seven Internet Explorer vulnerabilities, including at least one known to have been used in the highly publicized attacks against more than 30 brand companies.

Microsoft was forced to acknowledge the flaw last week, when McAfee reported that an IE exploit was one of the malware samples being used to spread data-stealing, espionage trojans to Google, Adobe, Northrop Grumman, Juniper and more than 25 other large companies.

If you have your home PC set up to automatically download and install updates, your system should be protected.  However, if you like to manually install updates, you should download and install the update as soon as possible.

There are some reports that this vulnerability is what was used by hackers to compromise the GMail accounts of Chinese dissidents.  However, that attack was accomplished using a piece of malware called the Hydraq trojan.

As always, keeping your system updated and your anti-virus current is your first line of defense.

Avoid the “12 scams of Christmas”

Well, it is that time of year again, the time when our thoughts turn to Christmas, when we give thanks for our blessings, when we look forward to spending time with loved ones – and the time when criminals roll out the latest versions of their scams to separate you from your money.

To help you avoid becoming a victim during this holiday season, McAfee has come up with a list of the “12 scams of Christmas” to be on the lookout for.  You can read the whole list on

I am on vacation this week, so this may be my only post this week. Have a safe and wonderful holiday with your friends and family.


Welcome to the Information Security blog for the Elk Grove Unified School District. In this blog, I hope to discuss ways to make your time on the Internet safer, whether at work or at home. I will address any significant threats currently on the scene, try to debunk hoaxes, and talk about ways to help your kids stay safe online as well.

Please feel free to send me any questions or suggestions for topics that may interest you.