Seattle.gov Home Page City Services Staff Directory [WEB GRAPHIC] About Seattle.gov City Contacts
Seattle.gov Home Page
 SEARCH: 
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Bill Schrier, CTO
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Secure Passwords
Securing Your Laptop
Protecting Your Home Computer
Spyware Solutions
Wireless Network Security Guidelines
Viruses, Worms & Other Pests
Glossary of IT Terms

Information Security Newsletter

Newsletter Posted 06/12/2008

This was our first newsletter in this format.

QuickTime Update
Apple has released an important update to it's media player QuickTime, that fixes several dangerous media processing errors. These could have been exploited by sending users infected media files to cause buffer overflows and other problems that would allow criminals to gain complete control of victim's computers.

If you have QuickTime on your computer you should immediately upgrade to version 7.5.

Microsoft Patch Tuesday
Microsoft released seven new security updates on Tuesday 6/10, three of which it rated as critical.

If you are running Microsoft Windows at home you should have automatic updates turned on. If you don't you need to go to Internet Explorer, click on Tools, and click on Microsoft Update to get these latest patches..

Open Office Security Update
Open Office is an open source office suite that includes a word processor, spreadsheet application, etc. If you are running this application on your home computer, please be aware that there is a new vulnerability that is addressed in it's latest update.

If you are running Open Office, you should immediately update to version 2.4.1

Blackmailing Trojan
In a new and much more nefarious version of a nasty malware attack, we are seeing a trojan that encrypts all of the .bak (backup), .doc (Word documents), .jpg (pictures), and .pdf (Adobe documents) on your hard drive and deletes the originals. It then erases itself after leaving a small read me text file on your computer that tells you where you can "buy" a decryption tool.

Kapersky Labs, an antivirus vendor and research team, refers to this as the latest in "ransomware". It is basically an extortion scheme.

Your best defense against this type of attack is to backup your personal and important files regularly to separate and external media such as an external hard drive or CD/DVD's that do not remain connected to your computer. It is also important to ensure that your antivirus applications are up to date.

Bank Social Engineering attacks
We have heard reports from several areas in the country recently of massive attacks on a particular bank or credit union. These attacks use email, phone and even texting and regular mail to inundate customers and non-customers of a certain institution with solicitations that ask the receiver to call a number to learn about recent activity on their bank account, or warn of fraud attempts against the bank with links to a security prevention program.

It is likely that we may see a similar attack scheme in our area, so be aware and warn those of your friends and families that might be vulnerable.

FBI and British Government Bogus e-mails
In the latest of this type of email scam using official government logos, the FBI is warning about fake e-mails purporting to be from the FBI's Internet Fraud Complaint Center and the British government. The new scam claims to involve a reimbursement of funds lost from Internet fraud.

The fake notice informs recipients, “The approved committees have approved the sum of $35,000.00 (Thirty five thousand dollars) for your scam compensations the bank of England [sic] will be contacting you soon to remit the approved amount to your account.” The scam notice indicates that failure to comply will place the funds on hold and a penalty will be applied to the recipient’s bank account.

Be aware of this type of scam. The FBI does not use email to contact victims of phishing schemes or fraud.

"What a Stupid Face Your have here [insert your name]"
This particularly pleasant email phishing scam seems to get past some anti-phishing filters by using popular domains such as att.com and earthlink.com and real user names.

The virus that it delivers locks up your computer and puts crawling cockroaches all over your screen. More annoying than destructive as far as we've been able to tell, but it may just be a test to see how many people will respond to this interesting subject line. I guess when someone tells you they have something with a "stupid face" and your own name in the subject, it is hard to resist, as we've seen this SPAM proliferate expansively in the last few days.

If you receive an email like this, just delete it. If you see it in your filtered SPAM list, do not open it or have it delivered.

----------------------------------------
Last Updated: June 12, 2008
Website Contact: David Matthews
Seattle.gov: Services | Departments | Staff Directory | Mayor | City Council
Copyright © 1995-2009 City of Seattle Questions/Complaints | Privacy & Security Policy