An Internet Flower For You, A Virtual Card for You, IL PEGGIOR VIRUS DI SEMPRE
inutile dire che è solo una bufala… cancellare immediatamente e non diffondete questo messaggio per nessun motivo…
Subject: Re: Fw: COMUNICAZIONE SCOPERTA NUOVO VIRUS
IL PEGGIOR VIRUS DI SEMPRE (CNN announced)
È appena stato scoperto un nuovo virus, classificato dalla Microsoft come il peggiore mai apparso in rete. Scoperto ieri pomeriggio dalla McAfee, non ha ancora un “vaccino” in grado di bloccarlo . Questo virus distrugge il cosiddetto “Sector zero” dell’hard disk, il cuore delle informazioni del vostro computer.
Ecco quello che succede: tutti i contatti di una mailing list ricevono automaticamente questo virus con il titolo del soggetto “A Virtual Card for You.”. Appena aperta la mail il computer si blocca, costringendovi così a resettarlo. Una volta premuti i tasti ctrl+alt+del o il bottone di reset del vostro computer, il virus attacca e distrugge il Sector Zero, e di conseguenza distrugge permanentemente l’hard disk. Secondo la CNN esso ha già distrutto un gran numero di computer in America, e in poche ore.
Quindi non aprite nessuna mail sospetta col nome “A Virtual Card for You.”. Nel caso doveste trovarvela nella lista CANCELLATELA IMMEDIATAMENTE, SENZA APRIRLA.
Per favore spedite questa mail a tutte le persone che conoscete.
Meglio riceverla 25 volte che non saperne nulla e rovinarvi il computer.
E inoltre, se ricevete una mail chiamata “An Internet Flower For You” non apritela e cancellatela immediatamente, o distruggerà le vostre dynamic link libraries (.dll files) e il computer non sarà più in grado di ripartire!
FALSA E-MAIL MICROSOFT KB584432.exe VIRUS Security Update for OS Microsoft Windows
NON APRITE LA FALSA E-MAIL DELLA MICROSOFT CHE STA ARRIVANDO IN QUESTI GIORNI !
DA : Microsoft Customer Service” <customerservice@microsoft.com>
OGGETTO : Security Update for OS Microsoft Windows
SEGUE TESTO E ALLEGATO DI 33 KB
QUESTA E-MAIL E’ ASSOLUTAMENTE FALSA E DANNOSA GLI AUTORI DELLA MAIL IN OGGETTO HANNO UTILIZZATO UN SERVER NELLA REPUBBLICA CECA, NULLA A CHE FARE CON I SERVER MICROSOFT.
ALLEGO TESTO E-MAIL :
Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.
Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.
As your computer is set to receive notifications when new updates are available, you have received this notice.
In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.
We apologize for any inconvenience this back order may be causing you.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
—–BEGIN PGP SIGNATURE—–
Version: PGP 7.1
0849JB5RD2VW1QL4NWFGQUL1LDPE49EPZHWG85DIC99Z9CZ9Z7SR9J7JLD1FY61TJ
6NXM1VC8DTKWAI9PSPH9T8SD2JSPH1L0EL8M968TUEHSG5UFTHUQUD95RNU3DKRQ6
4FO81Y6QTTK452ORNUVXKI8HB8TU0N4F1TGWVJ9KQQ8W3UNG2VV3AN5Q7GZVQ2PFF
B87089F03JDELY8ZJ11XUF7NILGF8D8S9QT14YS2LYLMVM478NDMDNK4H263S8KIC
66UB1N5V47OLP117AAZVQUZ9TE966UDXJFK==
—–END PGP SIGNATURE—–
SEGUE ANALISI DETTAGLIATA VIRUS
| AhnLab-V3 | - | - | Win-Trojan/Goldun.33398.B |
| AntiVir | - | - | TR/Drop.HeadJoe.N |
| Authentium | - | - | W32/Trojan3.CI |
| Avast | - | - | Win32:Trojan-gen {Other} |
| AVG | - | - | BackDoor.Haxdoor.EJ |
| BitDefender | - | - | Trojan.PWS.Goldun.SZR |
| CAT-QuickHeal | - | - | TrojanSpy.Goldun.bce |
| ClamAV | - | - | Trojan.Goldun-305 |
| DrWeb | - | - | Trojan.PWS.GoldSpy.2278 |
| eSafe | - | - | - |
| eTrust-Vet | - | - | Win32/ProcHide.Z |
| Ewido | - | - | - |
| F-Prot | - | - | W32/Trojan3.CI |
| F-Secure | - | - | Trojan-Spy.Win32.Goldun.bce |
| Fortinet | - | - | W32/Goldun.BCE!tr.spy |
| GData | - | - | Trojan.PWS.Goldun.SZR |
| Ikarus | - | - | Trojan-Spy.Win32.Goldun.bce |
| K7AntiVirus | - | - | - |
| Kaspersky | - | - | Trojan-Spy.Win32.Goldun.bce |
| McAfee | - | - | BackDoor-BAC.gen |
| Microsoft | - | - | Backdoor:Win32/Haxdoor |
| NOD32 | - | - | Win32/Spy.Goldun.NDO |
| Norman | - | - | - |
| Panda | - | - | Trj/Goldun.TL |
| PCTools | - | - | Trojan-Spy.Goldun!sd6 |
| Prevx1 | - | - | Suspicious |
| Rising | - | - | Trojan.Spy.Win32.Goldun.zzt |
| SecureWeb-Gateway | - | - | Trojan.Drop.HeadJoe.N |
| Sophos | - | - | Mal/EncPk-CZ |
| Sunbelt | - | - | Goldun.Fam |
| Symantec | - | - | Infostealer |
| TheHacker | - | - | - |
| TrendMicro | - | - | BKDR_HAXDOOR.MX |
| VBA32 | - | - | Malware-Cryptor.Win32.General.2 |
| ViRobot | - | - | Trojan.Win32.Goldun.33398 |
| VirusBuster | - | - | TrojanSpy.Goldun.AQI |
| Informazioni addizionali |
|---|
| MD5: 1ffcb1ea024c228ade6d8dad681c6ed7 |
| SHA1: f665f9a30e72d3d5f994993a6a7649d98b5a2686 |
| SHA256: 87f9fa50a42a8761f29d4f44fba35f0d638bcbc0036e00f1b78632526d5f5432 |
| SHA512: bf9299112d25a3f121825f852ca5c8caf0861beb750df9a21a9ba55b97f5a3380538ef305b007b71ae171ec9a72fd7a5061bd63641aaeec1c554956bc6dba7f5 |
McAfee Advises on How to Avoid Spam – Most spam messages try to get your machine infected
Nobody wants to login to their email address and find the inbox chucked full with spam messages, especially since said messages are sent out in order to propagate all sorts of malicious software. Most of the times the goal of the spammer is to infect your machine, turn it into a zombie PC in an ever increasing botnet. According to McAfee, company that specializes in risk management and intrusion prevention, there are three things that you must keep in mind in order to stay safe: the most used spam subject lines, the categories they relate to, and a few tips and pointers meant to keep you safe.
Current Spam Categories
As a rule of thumb, spammers will resort to pretty much any trick they can come up with in order to propagate their malicious intents. According to a study recently updated by the McAfee team, the top three spam categories are products and services (36%), adverts (30%) and stock (11%). Other categories include Russian spam (10%), adult services (7%), and last but not least IT related and financial (both 3%). McAfee also included news and Chinese spam in the list of categories, but they ranked in at 0% (perhaps such categories are not very active in July).
The Most Common Spam Subject Lines
Generally speaking, spammers will use any high profile event or any piece of news that might be of general interest, such as the earthquake that devastated China earlier this year, to make up bogus spam messages. Whenever a celebrity makes the headlines, such as Angelina Jolie after the release of “Wanted”, they once again start sending out messages that promise to show her in an unflattering way (most of the times in circumstances that can only be viewed by adult users).
Here are some of the most used spam subject lines: “Cheap rolex, omega, cartier…lowest prices; Raw video of Paris; Look attractive with larger jackhammer; Woman loses nose after dog attack; Stay stronger and harder.” Pretty much every unsolicited message advertising some adult footage of a well known celebrity is spam.
Tips and Pointers to Avoid Spam
If you have to make your email address available to the general public, and by that I mean putting it up on the web, make sure to obfuscate it. Instead of John.Smith@mail.com use the obfuscated version John.smith -at- mail -dot- com. An even better idea would be to use graphic image that depicts your email address.
Do not use the same email address for work related activities and for personal ones. You should have at least two, separate addresses and use them according to the situation. If you want to contact your friends or coworkers then use one email, if you want to post messages on forums or subscribe to newsletters use the other one.
If your Internet service provider offers spam filtering, McAfee suggests that you enable this option. If any spam messages get through the filter, you should report this to your ISP.
Do not provide your email address to any site unless you have read the privacy policy and you agree to it. You must make sure that the web page in question will not sell on your email.
When you receive a spam message, do not open it, do now download any attachments it may include, and never answer back. By replying you are only providing the spammer with confirmation that the email is active, that you are using it frequently.
If a spam message informs you that you need to update your profile info, or verify your bank account details, that message is definitely a phishing attempt. If you click on the web link included in the message you will be directed to a phishing site where the attacker will try to obtain your security credentials.
Your login details are yours to know, and nobody else should get hold of them. Do not give out your username or password to anybody, no matter who requests you to do so.
Make sure to update your security software solution on a regular basis.
Article by By: George Craciun, Security News Editor
Source: http://news.softpedia.com/
Many SMBs unprepared for online security threats
About 35 percent admitted to not being concerned about cybercrime even though another 20 percent said their companies had been victimized by online crime.
A surprisingly large number of small and midsize businesses appear to be either blissfully unaware of or uncaring about the online security threats they face, according to a survey conducted by security vendor McAfee.
The survey was conducted on officials from 500 US and Canadian companies with less than 1,000 employees each, McAfee said that nearly 45 percent of the respondents didn’t see their businesses as being valuable targets for cyber criminals, while more than half felt their organizations simply weren’t well-known enough to attract the attention of attackers. About 35 percent admitted to not being concerned about cybercrime even though another 20 percent said their companies had been victimized by online crime, and almost one-third of the latter group said they had been attacked at least four times over the past three years.
Perhaps the most surprising finding was that nearly 20 percent of the surveyed companies said they had no security protections at all in place against online threats. Yet 90 percent said they relied heavily on the Internet for their business, noted Darrell Rodenbaugh, senior vice president of McAfee’s midmarket business unit.
“Many SMBs think cybercrime is an issue for larger companies,” Rodenbaugh said. “They think larger companies make better targets because that’s where the money is.” But the reality is quite the opposite, he added.
“Our information says that cyber criminals prefer smaller organizations because they are more easily attacked,” Rodenbaugh said. That’s because smaller companies often have far less manpower and financial resources to invest in IT security than their larger counterparts do.
On average, smaller companies employ just one to two full-time workers to handle all of their IT functions, according to Rodenbaugh. So it isn’t surprising, he said, that many SMBs don’t have anyone dedicated to information security, or that they devote at most an hour per week to security efforts. And often, companies that think they have sufficient protections really don’t, Rodenbaugh said. For instance, roughly half of the respondents who felt their companies had adequate security controls told McAfee that they trusted the default settings on their IT equipment.
For the most part, McAfee’s findings are an accurate reflection of attitudes toward IT security in the SMB market, said Adam Hils, an analyst at Gartner. He agreed that many small and midsize companies, which Gartner considers to be those with between 20 and 1,000 employees indeed don’t think of themselves as likely targets of cyber attacks.
The situation is both the result of a lack of awareness and “a desire to not have to spend on security until you have to,” Hils said. “It’s easy to convince yourself of something if that’s what you want to believe.” But like Rodenbaugh, he said that in actuality, SMBs are more likely to be targets of cyber criminals because their systems increasingly are seen as being easier to break into than the ones at larger companies are.
Hils said that as a percentage of their IT budgets, SMBs do tend to spend more on security than larger companies do typically, 5 percent to 10 percent, as opposed to between 3 percent and 6 percent at bigger businesses. Even so, he added, the actual dollar amounts that small and midsize companies invest in security often aren’t enough to keep them secure. “Most of the time, they’re playing catch-up,” Hils said.
According to Hils, SMBs usually spend most of their security budgets on anti-virus and firewall tools, while focusing less on equally important technologies like intrusion detection and identity management systems. SMBs also tend to prefer working with just one or two security vendors, from which they expect products that address a wide range of threats, he said. That’s one of the reasons why so-called unified threat management, or UTM, technologies have been gaining so much attention among mid-market companies.
| Source : ComputerWorld (US) | ||
 |
||
|
||
McAfee slaps Trojan warning on MS Office Live
McAfee has apologised after an anti-virus update released on Monday night incorrectly identified a plug-in for Microsoft Office Live Meeting as a Trojan.
The signature update file mistakingly flagged LMCAPI.exe (a component of Live Update) as a Trojan called Swizzor. As a result the component was incorrectly deleted from thousands of desktops at one huge multinational, staffers from which informed us of the problem but requested anonymity. Techies at the firm had to roll out new versions of Live Update as well as an updated signature file that avoids the false alert.
In a statement, McAfee said the snafu affected only a “small percentage” of its enterprise customers.
The issue was rapidly identified and corrected in the signature release on Tuesday 5th August, with any customer contacting McAfee prior to the release of the corrected signature being given an additional DAT file that suppressed this incorrect identification.
McAfee Avert Labs aims to maintain a high-level of proactiveness and accuracy in its generic detection signatures and to minimise false positives, while making any required corrections as rapidly as possible. McAfee would like to apologise to any customers affected by this issue.
Faulty anti-virus signature updates are a generic problem faced by all security vendors from time to time. Previous examples have included a Kaspersky update quarantining Windows Explorer, AVG crying wolf at Adobe Reader and, more recently, both CA and McAfee decided that legitimate JavaScript apps were malign.
These are three examples of a problem we’ve written about many times in the past and for which no ready solution is apparent. Effects vary by environment and miss-diagnosed application but can run to anything from the automatic deletion of a component no-one misses to locked-up workstations in the worst cases, which are mercifully rare. ®
ARTICLE BY John Leyden
Source : http://www.channelregister.co.uk
Phishers launch Monster attack on job seekers
Security experts have warned of a phishing scam targeting users of recruitment site Monster.com. The scam targets both job seekers and recruiters.
Emails asking users to click through and update their profile appear to be linked to Monster.com but can be traced back to a botnet in Turkey, according to McAfee Avert Labs.
Greg Day, a security analyst at McAfee, said: “Scammers are trying more and more diverse and sophisticated techniques to obtain information that can be of financial reward.
“With concerns about potential job cutbacks, many people are looking to the internet to find potential employment opportunities and see what’s available to provide some reassurance in the current climate.
“Unfortunately, scammers are getting wise to this as we have seen with a recent influx of phishing attacks looking to steal personal details by gaining access to online job hunting profiles or tempting victims with information of potential jobs.”
In August 2007, over 1.3 million users’ details were stolen from Monster.com when it was compromised by an illegal operation run from two server computers at a web hosting company in the Ukraine.
More recently Monster.com and other leading sites were targeted by the Russian ‘Phreak’ gang which extracted data from CVs using an identity harvesting tool.
Day warned that the repercussions of this type of attack are potentially huge. “If a cyber-criminal is able to access a large number of CVs, the information obtained could easily be used for malicious intent,” he said.
“As far as cyber-criminals are concerned, CVs offer a goldmine of information so this would be a major result for them.”
vnunet.com, 15 Jul 2008
Source: http://www.vnunet.com/vnunet/news/2221685/phishers-cast-monster-com
-
