New Version of Mozilla Thunderbird E-Mail Client Released
The Mozilla Thunderbird e-mail client has just been updated to address eight security issues.
If you use Thunderbird as your email client you should update to version 2.0.0.16.
Researcher Warns of Unpatched iPhone Bugs
Security vulnerabilities in the iPhone’s e-mail application and Safari Web browser can be used by phishers to dupe users into
visiting malicious sites or by spammers to flood the phone’s in-box with junk mail, a researcher warned today.
The browser vulnerability researcher said he reported three separate bugs to Apple Inc. about two weeks ago: two in the iPhone
Mail program and one in its Safari browser.
Apple has acknowledged that the two vulnerabilities in Mail are security issues, he said, but the company is currently undecided
on whether the Safari flaw meets its security bug criteria. At times, Apple has balked at labeling problems as security
vulnerabilities, notably in May, when it initially said the so-called “carpet bomb” bug was not security-related.
If you have an Apple iPhone, be aware of these vulnerabilities and watch this list and Apple for the release of an
update.
Many Malicious Programs Represent Themselves as Antispyware or Antivirus Programs
It's worth reminding everyone: there is a large category of malicious programs that present themselves as antispyware or
antivirus programs. Having already established that they will lie about these things, they may lie about others. For instance, we
recently came across one which claims to have won a number of awards, including the PC Magazine Editors' Choice.
The site that this fraudulent email pointed to, appeared to include malicious graphics in an ad that looks like a fairly standard
antimalware product advertisement. It also includes a number of award logos including PC Magazine's Editor's Choice Award and the
Best of 2005. For the record, PC Magazine ensures us they won neither of those awards.
This site and the fake program you can download from it are written up by Symantec as malicious. They make no claim that it
does anything malicious in the sense of infection or spreading itself. Instead they say that once you download and install it,
it makes exaggerated claims of threats present on the computer. "The user is then prompted to pay for a full license of the
application in order to remove the errors."
To tell the fake from the real thing, once you have the name of a product, simply search for it on Google or some other
major search engine. You should quickly notice lots of pages tagging it as malicious.
Fabricated News of Car Accident Used to Distribute Trojan
Fabricated news of a supposed car accident involving Formula One star Fernando Alonso is being used to distribute a new banking
Trojan.
The fake news story, supposedly from Spanish daily El Pais, has two-time motor racing champion seriously injured on Tuesday in an
accident in the northern city of Bilbao. The bogus story, distributed via spam emails, links to a video clip depicting what
appears to be a spectacular blaze. The clip installs malware onto the PC of those falling for the ruse.
The malware is identified by Spanish anti-virus firm Panda Security as Banker-LGC. "This is not the first time we have seen this
piece of news used to spread malware though, as a few weeks ago we saw a very similar one, the major difference was that it was
trying to install a Gaobot worm instead," notes Luis Corrons, technical director of PandaLabs.
Virus writers, who often latch onto real news events, also resort to making up fake news. At the start of the month one such
attack claimed that the Third World War had begun in an attempt to spread another Trojan.
Planting key-stroke logging software onto compromised PCs sits alongside the use of phishing attacks as a means for hackers to
gain access to online banking accounts. Traditionally phishing emails attempted to dupe prospective marks into visiting a website
under the control of hackers and hand over account credentials.
Dozens of Pierce County, WA Bank Accounts Drained in Debit Card Scam
Dozens of victims have come forward after their bank accounts were drained by thieves. At least 75 people fell victim to a
scam by simply using their debit card at a gas station and detectives expect many more reports to come in. Over the Fourth of
July weekend, a highly organized group using stolen debit card information withdrew thousands of dollars from Pierce County,
Washington, citizens’ bank accounts.
The information was obtained by using electronic skimming machines placed on gas pumps at an ARCO gas Station in Pierce County.
Detectives believe the information was stolen in August 2007. Almost a year later, the information was used at multiple banks to
withdraw thousand of dollars from each account.
This was done over the three-day weekend to avoid detection. The card numbers and pins were trapped and stolen at the station and
were used at ATMs throughout the King County area. Most card losses are around $1,200, but some are much higher – up to $4,000,
depending on account balance or overdraft rules.
If anyone has used that ARCO station during that time frame, they should contact their financial institution and get a
new card issued..
Vishing Attacks Increase
The IC3 (the FBI's online fraud reporting website) has received multiple reports on different variations of this scheme known as
“vishing”. These attacks against U.S. financial institutions and consumers continue to rise at an alarming rate.
A new version recently reported involved the sending of text messages to cell phones claiming the recipient’s on-line bank account
has expired. The message instructs the recipient to renew their on-line bank account by using the link provided. Due to rapidly
evolving criminal methodologies, it is impossible to include every scenario.
Be aware of this scam and protect your PII (personally identifiable information, such as social security numbers, credit
card or bank account information, etc). Beware of e-mails, telephone calls, or text messages requesting your PII and warn your
vulnerable friends and relations.
DNS Cache Poisoning Exploit In the Wild - Affecting Sprint Servers
A very serious problem with DNS servers is now being exploited in the wild. We have known about this issue for a while and the
major vendors of DNS servers have issued patches, but there are millions of these servers out there and many of them have not
yet been patched.
DNS or Domain Name Servers are like the post office online. They take the URL or web site name that you type into your browser
and translate it into the correct address to make your connection. Those addresses are kept in tables (called a cache) on all of those millions
of DNS servers worldwide, so when you type in a web site name, that name is sent out to one of those servers where it looks up the
correct Internet Protocol (IP) address to connect you to.
If a hacker can succeed in poisoning that cache and inserting their own false IP addresses into the cache, they can direct you to
fake web sites. These sites may look exactly like the real ones, but in fact they are stuffed full of malware and will attempt to
infect your computer.
We have learned today that the Sprint servers are vulnerable to this exploit. There may be other major providers of DNS service
that are affected.
Be aware of this threat and watch for more news of affected services. If you use Sprint modems to connect to the Internet
you should avoid doing any financial or other sensitive web browsing using that service, until they have patched their systems.
