Seattle.gov Home Page City Services Staff Directory [WEB GRAPHIC] About Seattle.gov City Contacts
Seattle.gov Home Page
 SEARCH: 
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Bill Schrier, CTO
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Secure Passwords
Securing Your Laptop
Protecting Your Home Computer
Spyware Solutions
Wireless Network Security Guidelines
Viruses, Worms & Other Pests
Glossary of IT Terms

Information Security Newsletter

Bulletins posted 4/28/2009

Fraudulent E-Mail Claims to be From U.S. Customs and Border Protection
A spam e-mail claiming to be from the current CBP (Customs and Border Patrol) Assistant Commissioner, Thomas S. Winkowski, is currently being circulated. This attempt to defraud is the typical e-mail scam using the name and reputation of a federal government official to create an air of authenticity.

The spam e-mail indicates the CBP has stopped a diplomat who is carrying a consignment to be delivered to the recipient's residence. This consignment allegedly contains millions of dollars, which is revealed to be an inheritance for the e-mail recipient.

As with many other scams, this e-mail advises the recipient they will be permitted to access this inheritance once the recipient has given the sender of the e-mail their personal information.

This is of course, a hoax - do not respond. The U.S. CBP does not send unsolicited e-mails. The FBI's Internet Crime Complaint Center (IC3) reminds us that consumers should not respond to unsolicited e-mails or click on any embedded links, as they may contain viruses or malware.

A Lot of New Spam and Phishing Campaigns This Week
We're seeing a large uptick in the types of phishing and spam campaigns, including requests from Rutgers University for money, Bank of America account problems, and of course news about the swine flu being exploited.

As is always the case whenever there is a big news story, the scammers jump on it right away and try to poison searches, or lure unsuspecting users with tempting headlines. There are also a lot more phishing attempts using account issues at banks or fake order delivery notifications, etc. in the past week.

We had one user report that she received several emails from Rutgers University soliciting her for donations to their alumni fund. Since she didn't go to Rutgers, she was immediately suspicious. Turns out this is a new type of phishing scheme that is showing up heavily these days.

We have seen evidence that the Conficker botnet is being used to send spam now and that may account for this increased traffic.

Always be vigilant and suspicious of any email or other message that doesn't seem quite right.

Another FireFox Update
It's only been six days since the last update to Mozilla's Firefox 3.0.9. This was a major security and bug-fix update but already we are seeing that they've released v3.0.10.

This release only fixes two issues, but one of them was a major stability problem.

FireFox is set to update automatically when you connect, so if you use this browser just check to ensure it is doing the update and restart it when prompted.

Bulletins posted 4/17/2009

VMware bug allows Windows hack to attack Macs
A bug in VMware’s Fusion virtualization software could be used to run malicious code on a Mac by exploiting Windows in a virtual machine, a security researcher said on April 15.

VMware has released Fusion 2.0.4 to plug the hole. According to an exploit researcher at Immunity Inc., a critical vulnerability in VMware’s virtual machine display function can be used to read and write memory on the “host” operating system, the OS running the physical hardware. The researcher crafted an exploit for Immunity’s customers and posted a video clip that demonstrates an attack on a machine running Windows Vista Service Pack 1 as the host operating system, and Windows XP as the “guest,” the OS running in a virtual machine.

“This is indeed a guest-to-host exploit,” the researcher said in an e-mail on April 15. “It uses several vulnerabilities in the ‘Display functions’ (as VMware put it) that allow [someone] to read and write arbitrary memory in the host. Thus the guest can run some code on the host, effectively bypassing ASLR and DEP on Vista SP1.” The same tactics can be employed against a guest operating system, say, Windows XP, running in Fusion on a Mac powered by Apple’s Mac OS X, the researcher confirmed. “The vulnerability is also present in VMware Fusion and as such would allow a guest (Windows or Linux) to run code on the Mac OS X host,” he said.

There are several new vulnerabilities and updates to fix them in various VMWare applications. If you are using any VMWare, please check their website for updates to your applications and install them as soon as possible

Bulletins posted 4/16/2009

Several New 'ScareWare' Scams
This week we have seen several new reports regarding 'ScareWare' scams where you get a pop-up saying you are infected and attempting to entice you to purchase and download some fake Antimalware product.

We know that one reason for the uptick in these reports is due to the Conficker worm going live this week with this type of scam as its payload. These are usually pushing Antivirus 2009, but there are many variants.

In two new reports we have heard that searches for information on Ford vehicles have been seeded with millions of links pointing to site that deliver this scareware, and that Fox News has been hit with this in a fake advertising campaign on their website.

As noted before, this is becoming one of the favorite bad guy tactics, so be sure to close your Internet browser down when it happens to you, and keep your real Antivirus software up to date.

Waledac kicks off new spam campaign
A new campaign to lure users into downloading malware is running on the Waledac botnet, according to security researchers.

This time the botnet is spreading spam messages using a social-engineering ploy promising software that supposedly will enable a victim to read other people's text messages. In a warning posted on its web site, email security company MX Logic said that one spam email offers a "free 30-day trial" and reads: "Do you want to test your partner or just to read somebody's SMS? This program is exactly what you need then." The email contains a link to a web site where users unwittingly download malicious software if they execute a file linked by a "Download Free Trial” notice.

Other emails have questions such as:

“Do you want to catch a cheating girlfriend?”
“Do you want to get your partner off-guard?”
“Do you want to know if your partner is unfaithful?”

All the messages say that when installed on a partner's mobile phone, the software enables the victim to read every SMS message the partner receives.

Watch out for this new SPAM campaign and don't be tempted by the opportunity to spy on your friends or family!

Bulletins posted 4/13/2009

Microsoft Patch Tuesday tomorrow to address five critical vulnerabilities
Microsoft has released a new security bulletin outlining the patches we can expect to see tomorrow (4/14). They will patch critical vulnerabilities in Windows Vista Service Pack 1 and Windows XP SP3.

Microsoft will release eight bundles of patches altogether aimed at vulnerabilities in Windows Server, Internet Explorer, MS Office (specifically Excel), Forefrong and their ISA Server. Five of these are rated "Critical" two "Important" and one "Moderate"

If you are running Microsoft products be sure to watch for these updates and install them as soon as possible if they are applicable.

----------------------------------------
Last Updated: April 28, 2009
Website Contact: David Matthews
Seattle.gov: Services | Departments | Staff Directory | Mayor | City Council
Copyright © 1995-2009 City of Seattle Questions/Complaints | Privacy & Security Policy