Facebook Virus Removal (Remove : Koob Face Worm)

Remove Latest Facebook Virus : Koob Face Worm

NEW FACEBOOK WORM VIRUS

(CNN NEWS)

 

Alright, so I know Facebook is huge now. If anyone here on Sodahead uses it, it looks like there’s some video viruses going around. One is of an Obama sex tape type video and the other one is an optical illusion video (This one is always popping up on my news feed). So if one of your “friends” sends it to you, don’t click on it!

New Facebook Viruses Can now Use your Account to Mass Private

message your friends to click on a link saying “WTF: This AMERICAN guy should be STONED to DEATH for doing this to his GIRLFRIEND: bit.ly/*****” or something like this “Hey, check out this girl, lol, she must be out of her mind for making that video!: bit.ly/hw****” Once You even Accidentally Click on the Provided Link, Infection on your computer will arise, your Documents will be HACKED, your Files Lost, and you will no longer have Privacy on your computer.

Also look out for Wall post on Facebook such as this :

Avert_Blog_Koobface_1-12-3-08Some even got a youtube like screen that has a caption of “obama sex tape scandal” and when you click the link it requires you to install something to access the video, and once link was clicked, Virus Attacks! and will take total CONTROL over your computer.


“HOW TO REMOVE AND PROTECT YOUR COMPUTER FROM THIS VIRUS?”

(SEE THIS DOWNLOAD LINKmalwarebytes )

 

Next Generation Firewalls: It’s all about tuples

By Michael Kassner
November 28, 2011, 11:23 AM PST

Takeaway: Next-generation firewalls have been around for several years, but garnered little interest. That’s changing as first-generation firewalls aren’t keeping up.

IT professionals responsible for perimeter defenses are frustrated.

Case in point: Internet traffic of all shapes and sizes traverses port 80. Meaning, port 80 must remain open. Bad guys know this. So port 80 becomes their private malware highway. And trucks, full of malcode, drive right past the check point.

There is hope

I’d like to introduce Next Generation FireWalls (NGFW). Firewalls designed to filter packets based on applications. To continue my analogy, the trucks loaded with malcode can’t drive right past the check point, any more.

Other features incorporated in NGFWs:

  • Enforce company regulations: NGFWs are able to control user access to websites and online applications as required.
  • SSL Proxy: NGFWs are able to decrypt, inspect, and re-establish the encrypted SSL connection. This eliminates encryption as a method of hiding malware.
  • IDS/IPS: NGFWs have incorporated deep packet inspection-to the point where stand alone IDS/IPS devices are not required.
  • Active-Directory friendly: Many NGFWs are able to authorize application usage based upon individual user profiles or groups.
  • Malware filtering: NGFWs provide signature and reputation-based filtering to block malicious applications that have a bad reputation.

Click to enlarge

Vendors

Palo Alto Networks was the first company to offer a NGFW. For information about NGFW requirements per Palo Alto Networks, please check out this white paper (above slide). Barracuda Networks, Juniper Networks, and WatchGuard also offer NGFW solutions.

N-tuple?

Just about every blog post I’ve read about NGFWs mentioned tuples. I had no idea what they were. Hopefully, you do. If not, here’s what I found out.

N-tuple is a collection of attributes. And, in the case of firewalls, these attributes are used to define access requirements. N is a place holder representing the number of attributes in the list. For example, a 5-tuple “firewall allow rule” might include:

  • Source IP address
  • Source port (typically: any)
  • Destination IP address
  • Destination port (80 or 443)
  • Destination protocol (typically TCP)

So, if the packet being inspected has all of the correct attributes, the firewall will allow it to pass.

Widening the 5-tuple

I thought I was “good to go” after figuring out what a tuple was. Then I read something about “widening the 5-tuple”. Widen a tuple. Does that even make sense?

Let’s see if it does.

As mentioned earlier, a first-generation firewall rule employs a collection of 5 attributes or 5-tuple. That is sufficient to carry out stateful port and protocol inspection, Network Address Translation, and Virtual Private Network technology.

A 5-tuple rule set is not sufficient for NGFWs. Next Generation Firewalls need additional attributes such as application type and user identity in order to work as advertised. To understand why, consider the port 80 analogy, one last time.

If it’s discovered that the truck carrying malcode has an illegal license plate, the truck ain’t going anywhere. The same applies to malcode. If its license plate — “application type” attribute — is incorrect, the malcode is blocked from continuing on.

The additional attributes or tuples are “widening the 5-tuple”.

Confession time: I did not find a clear-cut explanation of how tuples relate to firewalls. But, article after article mentioned tuples. So, I jumped in. If my explanation is wrong, I hope firewall and database admins that better understand will bail me out.

Survey says

The Ponomen Institute just completed a survey of NGFWs for SourceFire, Inc. The infographic ( partially shown below) provides several interesting statistics, particularly what is driving interest in NGFWs and the percentage of respondents noticing performance degradation:

Final thoughts

The race toward sophistication between malware and antimalware continues. Stay tuned

Pakistan Blocks Thousands of Adult Websites

PTA
Pakistani internet service providers have started the process of blocking websites with adult and explicit content, told us multiple sources from the industry.

Earlier this month PTA, telecom regulatory authority of Pakistan, had decided to block the access of those websites in Pakistan that contain adult content.

As we reported earlier, PTA has plans of blocking 150,000 such websites in coming weeks, however, initial list of 1,000 websites has been sent out to all ISPs, mobile operators and international gateways to get them blocked.

ProPakistani has got the said list of 1,000 websites, which we aren’t publishing it here for obvious reasons. But we can tell you that they all are adult websites and few of them are ranked in top 100 Alexa list for Pakistani most visited websites. Local adult websites are also included.

ISPs are given 8-10 days to get the orders implemented. Most of the ISPs, including PTCL, have already blocked these websites, while others are making the necessary preparations for the blockade.

PTA is also planning to devise a way for general users to report adult websites to authority. After through review authority will keep adding such reported websites/URLs to the black list.

Internet Service Providers on other hands aren’t comfortable with the overheard involved in the blocking of websites. They say that blocking high number of websites may result into slow performance by routers and increased latency due to high number of filters over the network.

PTA decided to ban explicit websites after immense pressure from bloggers, hackers and activists. They, along with parents, are certainly rejoicing authority’s decision.

However there are users who are opposing the ban, few of them think that this way PTA will get the axe to cut any website under the cover of explicit material. But sources at head-office of PTA tell us that they will make this process of blocking websites very transparent and visible to everyone, so that no one fears the unlawful use of power.

Windows 7 Anti-Piracy Update Now Live

New patch checks for more activation hacks.
Earlier this month, we detailed that Microsoft was prepping a Windows 7 Update that would improve Windows Activation Technologies to detect more than 70 known and potentially dangerous activation exploits.

Those paying attention to their Windows Update will see that the patch KB971033 is now live. It’s not explicitly named anything to do with Windows Activation Technologies, as it’s simply termed as an «Update for Windows 7.»

Microsoft previously pointed out that this update is completely voluntary and users can decline the update when it appears (though we can’t imagine why legitimate users would worry). Of course, if a hack or exploit is found, Windows 7 will alert the user by removing the desktop background and pop up periodic reminders of just how non-genuine it is feeling.
Read more about the patch here.

Should You Repair A Fake USB Flash (Pen) Drive?

Before you attempt to repair a fake aka upgraded USB Flash (Pen) Drive you should ask yourself the following questions:

  • What are my chances of being successful?
  • What are the chances of downloading a virus?
  • How trustworthy are repaired drives?
  • How much is my time worth?
  • Unless the pen drive contains one of the popular controller chips (Microv, ICreate or Alcor families) and memory storage chips (Samsung & Hynix) finding the correct low level software program will be a challenge. You will spend a significant amount of time looking for solutions and may not be successful in your efforts.

You may find some software on a website that you think could fix your drive and inadvertently download a virus or other forms of malware. McAfee’s Siteminder identifies some of the download sites as containing malicious software or software that breaches browser security.

The drive may also be irreparably damaged during the repair process. Using the wrong software can destroy the flash storage chip. Using a program someone else used with their previous sitting i.e. leaving the ECC open could destroy access to the storage chip, as information in the controller is over written.

Could you ever trust a repaired drive with your data files or pictures? The unscrupulous creators of the fake flash drives maximise their profits by using the lowest cost chips they can purchase. The quality of these chips range from average to poor. When the chips fail you may be lucky and just loose all the files that you have stored on the drive, or worse – the contents of the files can be corrupted and remain undetected by you.

Can you trust the software (aka firmware) that was installed on the flash drive by the manufactures tool (Udtools etc) during the repair process? The firmware that was installed could be a “hacked” version, reprogrammed to ignore memory errors.

Since the tools the counterfeiters use to create the fakes have the ability to ignore or hide memory errors, it is best to assume that the fakes contain poor quality memory chips. The output of H2TestW may indicate that a fake contains extremely poor quality chips. A significant difference between the reported “OK” size as reported by H2TestW and that of a typical fake flash drive is a good indication of bad or damaged memory areas on the fake flash drive. The following are some typical “OK” sizes:

180MB OK is typical for a Fake 16GB Drive created from a real 256MB memory chip
980MB OK is typical for a Fake 16GB Drive created from real 1GB memory chip
1.9GB OK is typical for a Fake 16GB Drive created from a real 2GB memory chip
1.7GB OK is typical for a Fake 32GB drive created from a real 2GB memory chip

If H2TestW does not complete a test or outputs error messages then you should not consider repairing. The life time of repaired drives may be significantly less than regular drives. The type of NAND flash memory used in brand name USB flash drives is typically rated at 10,000 erase – write cycles. Some of the potential methods used in the producing fakes may result in significant numbers of erase – write cycles done on a small area of the flash drives. This will result in the drive having a short life time.

If you going to repair and reuse a drive you should mark and/or label the drive so that you will remember that is a repaired fake flash drive. You should also use tools that provide basic data integrity checking when savings files on the drive. Some of the potential tools are Zip, 7Zip and Microsoft compressed folders.

After you have repaired the drive, test it! If H2TestW shows any errors then destroy the drive and throw it in the garbage.

After considering the above you should ask yourself: how much is my time worth, especially when I may end up with a 2GB or smaller drive?

Researcher exposes Google spyware connections Source: ZDNET.COM

A prominent anti-spyware researcher is calling on Google to sever its ties with an advertising partner that covers popular sites with pop-up PPC advertisements promoting those same sites.

According to Ben Edelman, an assistant professor at the Harvard Business School and a staunch anti-spyware advocate, Google is charging advertisers for what he described as “conversion-inflation” traffic from the WhenU spyware program.

Edelman’s expose includes several screenshots, video, and packet log to show that WhenU continues to cover web sites with PPC popups. Crucially, those popups show Google ads — often promoting the very same sites users are already browsing.

Here’s a sample of Edelman’s report:

I browsed the Continental Airlines site. WhenU opened [a] popup  — covering the Continental site with a list of Google ads, putting a prominent Continental ad front-and-center. Thus, Google charges Continental a fee to access a user already at Continental’s site. That’s a rotten deal for Continental: For one, an advertiser should not have to pay to reach a user already at its site. Furthermore, advertisers paying high Google prices deserve high-quality ad placements, not spyware popups.

The details of the Continental ad, as shown in the WhenU-Google popup, further entice users to click. The ad promises a “low fare guarantee” — suggesting that users who book some other way (without clicking the ad) may not enjoy that guarantee. And the ad promises to take users to the “official site” — suggesting that users who don’t click the ad will book through a site that is less than official. In fact both suggestions are inaccurate, but a reasonable user would naturally reach these conclusions based on the wording of the advertisement and the context of its appearance.

Edelman says this is the third sequence where he has observed Google paying WhenU to cover advertisers’ sites with the advertisers’ own Google ads.

He recommends that Google sever its relationship with InfoSpace, the company that it pays to deliver the ads.  Edelman also called on the search marketing giant to pay restitution to affected advertisers.

Source: http://blogs.zdnet.com/security/?p=5194&tag=nl.e550

Protecting you PC using Windows built in Features and Software

safteyOften we find our computers to be infected with virus and malware.   We believe we need to buy and install expensive anti virus and internet security software programs. Yes, I do agree it’s a good way too. But it’s not feasible for everyone of us to buy and use these programs. We have some built in software programs within our windows operating system which would help us not to get infected in most of cases when we use the internet. This article will discuss in detail about them. if you have not done enabling these built in programs, do it, so that you can be safe (How much is safe always an argument).

I have heard people say to me the following statements when I tell them “My computer is infected often from the internet”.

  1. Use LINUX dont use windows
  2. Use other internet browsers like Firefox, Safari and not Internet explorer
  3. Download free anti Virus Software
  4. Download free anti Malware Programs
  5. Install this little program as a plug-in
  6. Use internet PC scanning software’s once in a while; if virus is found delete that file

Everyone cannot use linux, it’s not for desktops, well as it is today ! (maybe in the future). Most of the programs that we install and use are developed for windows and not for Linux. 80% of the internet users use Internet explorer, meaning 80% of the web is best programmed to view and use in Internet explorer. Free this and free that, well lets not talk about it a lot. So we have windows in our PC and our browser is Internet Explorer.

Now the fact is the above mentioned options are not bad. Practically everyone of them is not posssible. Even though it’s advisable to buy an security programs for your computer, windows being an operating system has some software’s that will try to protect itself for its own self defense (As we will do something to protect ourselves even thought we are not karate black belts). If we could just enable/turn on/use these, we have some basic protection from spyware, viruses, identity theft and spam. Also we have to acknowledge the fact  that windows Operating system is developed by Microsoft, they do know what “the system is” (They might not be black belts in karate but they have passed first 5 levels).

Therefore the basic security Features built by them will work.

So lets do something about it.

1.Always keep your firewall turned on.

Firewall will work like your security guard in your office, its not easy to get past him without a proper Identity card. Windows has one of the good firewall software that is available. If you have not done it this is how you have to do. Here is something more to it. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

         To turn on Internet Connection Firewall:

  1. Point to Control Panel, double-click Network and Internet Connections, and then click      Set up or change your home or small office network.
  2. Follow the steps in the Network Setup Wizard to turn on the Internet Connection Firewall.
  3. 2. Keep your operating system up-to-date with updates from Microsoft.

    Microsoft constantly finds out bugs/hacks/security issues and gives out patches which   are     available over the internet for download. If we are up-to-date then we are as safe as   any Microsoft computer used in Microsoft itself. These are critical updates that we would have to have in our PC. There is no point having a virus removed after its infected, why don’t we just stop it?. If you are using windows Vista here is the way to receive automatic updatesII. If you are using windows XP here is the way to receive automatic updates

    Now we have done some basic part of securing our computer lets do some other things that are available with Microsoft Windows.

  1. Download Windows Defender                   
                        This is a free antispyware software for Windows XP SP2  and its a integrated part of Windows Vista. Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Visit here for more information about installing and using it
  2. Download Malicious Software Removal Tool            
                      This tool work with windows and it searches  for infections by specific, prevalent malicious software. Microsoft releases an updated version of this tool on the second Tuesday of each month. Get more information and donwload it from here.
                                      
  3. Download Windows SteadyState 
                       This is a free tool that can be downloaded. Our personal computers are not just used by us. It’s used by our family and friends. Due to some reason other users may change some setting or download and use certain programs, use the control panel and change vital settings. Now to stop all this and make sure your Computer work with the best settings and no change is done we can give users specifc rights to access programs. So that everyone does not have access to everything. More info vist here.
                                                                                                                      
  4. Download Microsoft Phishing Filter                                                                                                     This is Phishing way a by which fake web sites ask uses to give personal information like name, address, credit card number, bank account number. There is a big list of websites of this kind. We will not know all the sites, good news is that IE7 has this feature built in. So we just have to download and install Internet Explorer 7. follow these steps to enable anti phishing. One important point is we always have to install the new version of the browser, because it will help us safe guard against such things. Old browsers will have many faults, all those will be corrected and enhanced in there new versions. if you are ready to try out Internet Explorer 8 which is not officially released, try it but its not a complete software.
    Microsoft has understood that antivirus is something very essential as a part of an operating system. They would be giving out free anti virus program for all to be installed. But that’s coming only by late 2009.

Do safe guard your computer by using these options. Help our operating system to perform better and safe guard yourself.

Access Blocked Facebook, MySpace, Bebo, Orkut, etc Web Sites At Your School/Office/College/University.

image3 Yet another way to access blocked web sites at your school/office/university using testiphone.com web site. This trick is similar to the way earlier we explained about accessing blocked sites with opera mini browser.

To access a blocked web site, point your web browser to www.testiphone.com and enter the URL of the site that you want to access in iPhone simulator application.

tesiphone.com is an iPhone mobile browser simulator. With the help of this application you can test a web site to see how it looks on an iPhone.

Here are the other trick that we posted earlier to access blocked web sites:

Control XP’s Autorun Script (Disable Autorun Script) (link updated)

Note:- (Link updated Download Available)

Disable Autorun Script

76805t

Disabling the Windows XP Autorun feature using our downloadable custom script can help protect you from worms and other malware. Many security experts recommend turning off the Autorun feature to stop a common malware tactic of infecting a removable drive, such as a USB drive, so that it will automatically attempt to spread malware when the infected USB drive is connected to a new PC.
This script will change the Windows registry. To use it, download the file and double-click it. If you want to reverse the change, download and run the re-enable script.
Note that with Autorun disabled, you’ll no longer get an automatic installation prompt when you insert a program’s installation CD or perform similar Autorun-dependent tasks. Instead, you’ll need to double-click the installation or other program on the CD or removable drive yourself. Also, there have been reports of potential problems with U3 thumb drives when Autorun is disabled. Should you wish to restore Autorun, use our Restore Autorun script.
If you use Windows Vista and want to disable Autorun, see Microsoft’s somewhat techie-oriented Vista instructions.

To use it, unzip the download and double-click the DisableAutorun.reg script.

DOWNLOAD

Restore Autorun Script

76806t

Disabling the Windows XP Autorun feature using our downloadable custom script can help protect you from worms and other malware. But if you’ve run into any problems from doing so, you can reverse the changes by downloading and double-clicking this restoration script.
Both the disable and re-enable scripts automate steps suggested by Nick Brown and further recommended by the United States Computer Emergency Readiness Team (US-CERT) to improve security on a Windows XP computer.

DOWNLOAD

To use it, unzip the download and double-click the RestoreAutorun.reg script.

5 Tips to Help Protect Yourself from E-mail Scams ‏

1) Be wary of e-mails asking for your personal information.
Any e-mail asking for your name, birth date, e-mail username, e-mail password, or any other type of personal information, no matter who the e-mail appears to be from, is almost certainly a scam.
If you have any reason to believe it may be legitimate, do not reply to the e-mail or click any hyperlinks; instead copy and paste the web URL or go to that company’s website for contact information. Don’t hesitate to contact the company’s support channel to confirm legitimacy.

2) Carefully read e-mails that appear suspicious.
E-mails that are poorly worded, have typos, or have phrases such as “this is not a joke” or “forward this message to your friends” are generally scam e-mails. Sometimes company names or brands are misspelled or inaccurate; such as saying Windows Hotmail (instead of Windows Live™ Hotmail).

3) Protect your Hotmail password.
Create a strong password for your Hotmail account by using more than 7 characters and having a combination of upper and lower case characters, numbers, and special characters, like the @ or # symbols. It’s also a good idea to change your password on a regular basis. Learn More.
If you receive a notification from Microsoft Customer Support confirming your request to change your password, as I did this past week, and you haven’t recently changed your password, that’s a signal that someone else may be trying to gain access to your Hotmail account, and you should immediately change your password. To do so, either go to http://account.live.com, or within Hotmail, click Options, then View and Edit your Personal Information. You will be prompted to log in again. Once you do, look for “Password reset information” under your name at the top. Change both your password and your Secret Question/Secret Answer as both may have been compromised.

4) Take action!
If you think someone has accessed your Hotmail account, that the Windows Live ID sign-in page looks fraudulent, or you receive a suspicious e-mail that tries to confirm a password change you didn’t authorize, change your password immediately via the instructions above, or go to: http://account.live.com.

5) Help us identify new scams.
If you’re using the Full version of Hotmail, you can select the dropdown next to “Junk”, then select “Report phishing scam”. Whatever you do, do not reply back to the sender.

You can read more about this topic here.

I encourage you to keep Post Bookmark for future reference on what to do if you do receive a scam e-mail so that you can help keep your inbox more safe and secure.
Sincerely,

Muhammad Adeel Ansari

Learn how to recognize the 5 most common types of E-mail Scams

Learn how to recognize the 5 most common types of E-mail Scams

In
today’s world, it is not uncommon for you to receive an e-mail from a
person or entity that, although may seem legitimate on the surface, is
an attempt to get your personal information.
For
people like myself, It’s easier to identify these mails since I deal
with this daily, but, what can someone like yourself do?  Emails like
this have a few things in common, that if you remember, you’ll become a
pro at spotting them.

The most important thing to remember is: If it sounds too good to be true; it probably is…

This is a pretty common statement throughout life and applies perfectly in these common e-mail scams outlined below.
Read through the 5 types of email scams below and learn how to recognize each kind, and help protect yourself!

Email Scam #1: Verify your account now to avoid it being closed!

This
is an actual screenshot of a scam email circulating that several
Hotmail users have received asking them to verify their Hotmail
account. This is a scam designed to gain access to your Hotmail account
so spammers can use it to send out spam.

Hotmail scam

How to tell it’s a scam?

·         It
asks for your personal information. No legitimate company, especially
Microsoft, will ever ask you to provide you username, password, date of
birth and/or country, credit card information, etc via email.

·         The email is generally unprofessional or unpolished looking, including:

o   Notice the branding (logo & background image) on the mail above is awkward. The header only goes half-way across.

o   Random words are capitalized in the email, including: Email, Email User Accounts Owner, User, Accounts and others.

o   In the second sentence, the first word of the sentence, “we” is not capitalized.

o   There is poor grammar throughout, but especially in the final statement, “Warning!!! Account owner that refuses to update…”

·         There
is an urgency of response time. This pressures you to feel like you
need to make a decision more quickly and do not have time to research
the legitimacy of it.

·         Signature
is incomplete, stating awkwardly: “The Windows Live Hotmail”, not
“Windows Live Hotmail” or “The Windows Live Hotmail Team”.

Two other similar scam emails, which are highlighted on snopes.com, I’ve also seen come to my personal Hotmail account:

·         Ebay account suspension notices that ask you to verify your account information.

·         Paypal needs you to resubmit your credit card and bank account information.

 

Email Scam #2: A large sum of money is due to you if you just give us your personal information.

This is actual text from a scam e-mail received, promising me $7M if I provide them with my personal information.

 “The
outcome of the summit has prompted the Federal Government to empower
only our Bank; First Bank of Nigeria PLC to Identify the owners of
these funds and pay them outright with no delay. We have been asked to
start the payment of US$7,000,000.00 (SEVEN MILLION US DOLLAR) as
compensation to all affected Persons(Entities)i.e:  Individuals Companies and organizations.

You
are one of the Beneficiaries on our list submitted to us so please
reply to our mail for confirmation so that we can begin forwarding all
other necessary evidences, facts and needed information to you.

The
Federal Government has earlier approved the release and payment of the
accumulated funds in the Bank belonging to the Foreigners, but my boss
Mr Jacobs Ajekigbe and the Former Governor of the Central Bank of
Nigeria(CBN) collaborated together and refused to notify and tell you
the truth on how to claim your fund. My Boss and the Governor are using
the accumulative-interest to enrich themselves without the knowledge of
the owners including you.

Confirm to me your:

·         Personal Information;

·         Phone and Fax Number;

·         Banking Information”

How to tell it’s a scam?

·         Reference to “First Bank of Nigeria” (or any other international sounding bank name), which is a common trick in scam emails.

·         Odd capitalizations throughout the email.

·         How did this government employee find my email address?

·         Why are they randomly giving people $7 M?

·         Why are they airing the dirty laundry of a conspiracy to not tell me?

Email Scam #3: You won something!

Scammers
commonly impersonate use large companies that it’s likely you do
business with. This next example appears to be from Microsoft, but it’s
not. Read through the email below, to see if you can spot all the ways
to tell it’s a scam, and then read through my list of things that
tipped me off.

Subject: ELECTRONIC MAIL WINNING NOTIFICATION

From: Microsoft Promotion Team. (Memmi82@netti.fi)

Sent: Fri 8/01/08 8:00 PM

Reply-to: mfudiciary.mark@gmail.com

To:  result@microsoft.co.uk

-- 

Microsoft Award Team

20 Craven Park, Harlesden

London NW10,United Kingdom

Ref: BTD/968/08

Batch: 409978E.

 

Dear Internet User,

 

              ELECTRONIC MAIL WINNING NOTIFICATION

 

The prestigious Microsoft and AOL has set out and successfully

organised a Sweepstakes marking the Annual anniversary we rolled

out over 500.000.00 (Five Hundred Thousand Great Britain Pounds)

for our annual year Anniversary Draws. Participants for the draws

were randomly selected and drawn from a wide range of web hosts

which we enjoy their patronage.

 

The selection was made through a computer draw system attaching

personalised email addresses to ticket numbers.Microsoft and AOL

are now the largest Internet companies and in an effort to make

sure that Internet Explorer remains the most widely used program,

Microsoft and AOL are running an e-mail beta test.

 

Your email address as indicated was drawn and attached to ticket
number 080775787555 with serial numbers BTD/0257903122/07 and
drew the lucky numbers 04-06-09-90-09-22(07) which subsequently
won you 500.000.00  (Five Hundred Thousand Great Britain Pounds)
as one of the jackpot winners in this draw. You have therefore won
the entire winning sum of 500.000.00  (Five Hundred Thousand Great
Britain Pounds)The draws registered as Draw number one was
conducted in Brockley, London United Kingdom on the 1st of
August 2008.
 
These Draws are commemorative and as such special. Please be
informed by this winning notification to Contact your fiduciary
agent Mr.Mark Anderson, with the information listed below.
 
Mr.Mark Anderson
Microsoft Promotion Award Team
Head Winning Claims Dept.
E-mail: mfudiciary.mark@gmail.com
        mfudiciary.anderson@gmail.com
 
 1. Full Names:
2. Home Address:
3. Age:
4. Sex:
5. Marital Status:
6. Occupation:
7. Phone numbers:
8. Country:
 
Our special thanks and gratitude to Bill Gates and his associates.
We wish you the best of luck.Thank you for being part of our
promotional award program and commemorative Anniversary Draws.
 
Sincerely,
Dr.George Henry.
Head Customer Care Service
Microsoft Promotion Team.
 

Saunalahti
Ykkönen: Puhelut kaikkiin liittymiin 0,069 e/min ja nyt kaupan päälle
Sisärengas-puhelut ja tekstarit viiteen valitsemaasi liittymään 0 e!

How to tell it’s a scam?

·     The “friendly name” that the email is from is “Microsoft Promotion Team”, but if you look at the actual email address it came from (Memmi82@netti.fi), it’s not a Microsoft address, or a promotion management company.

·         The
reply-to address is a gmail address. Microsoft would not use a
competitor’s email service as their reply-to address. Additionally,
it’s different than the sender address.

·         It
is not addressed to an individual. Occasionally, there are legitimate
sweepstakes that you’re notified via email, but they will be addressed
to you as an individual.

·         The
email begins, “The prestigious Microsoft and AOL…” A corporation
wouldn’t tout themselves like that. And more likely in a legitimate
sweepstakes email winning notification, it would start out with
something like, “Congratulations, you have just won…”

·         It
asks for your personal information. No legitimate company, especially
Microsoft, will ever ask you to provide you username, password, date of
birth and/or country, credit card information, etc, via email.

·         It has a foreign language at the bottom of it that is different from the language it was sent in.

Email Scam #4: The sudden emergency!

You
receive email that appears to be from one of your friends that says
they are stranded and need only a few thousand dollars to help them
out.  Any person would help a true friend if they can, right?  Sure
they would, but before you respond or act, ask yourself about the
likelihood of your friend being in that situation.

·         Have they mentioned that they will be traveling? 

·         Do they regularly participate in the kind of activity described? 

·         Sanity check the information and if at the end you still aren’t sure, then pick up the phone and call them.

Today’s
technologies make it easy to impersonate someone and hard to find out
whom is really behind the act. We must all realize that each piece of
information we read and act upon has the time needed to pass our logic
checks before we respond.  One false click, and it result in you
needing to spend time recovering your email, blog, or other service; or
it could be months regaining your identity.

Email Scam #5: If you don’t forward this email, something bad will happen.

We’ve
all seen emails that promise great things if you forward the email to
all your contacts, or threaten bad things if you don’t.  Topics
Hotmail customers and friends have asked about most frequently are
listed below, and link directly to the snopes.com articles debunking
them:

·          A fee will be charged for Hotmail.

·         Get cash from Microsoft, or other companies or get free items (gift certificates, phones, etc) for forwarding an email.

·         Internet petition to keep Messenger a free service.

·         Medical appeals usually involving injured or sick children.

 

What should you do if you receive a questionable email?

1.       Investigate the information.
Take some time and check up on the information. Often sites like
snopes.com can provide information on known chain letters and other scams and untruths.  Do
not click on links within the mail, but do goto that company’s website,
and contact their customer service reps via phone or online to verify
the validity of the email.

 

2.       Report suspicious activities.

If
you think someone has accessed your Hotmail account, that the Windows
Live ID sign-in page looks fraudulent, or you receive an email that
tries to confirm a password change you didn’t authorize, change your
password immediately by going to:
http://account.live.com. Next, help ensure your PC has not been infected with a virus or malware by running a free full-PC scan.

3.       Help the Hotmail team identify new scams.

Click
on the Junk button in Hotmail and select “Junk” or “Report phishing
scam” to report it to the Hotmail team. Whatever you do, do not reply
back to the sender.

10 Tips for Safer IM Instant Messaging

Communicating by using an instant messaging (IM) program has
some of the same security and privacy risks as e-mail, but there are a 
few unique dangers that you should be aware of.

  1. Never open pictures, download files, or click links in messages from people you don’t know.
    If they come from someone you do know, confirm with the sender that the
    message (and its attachments) is trustworthy. If it’s not, close the
    instant message.

  2. Be careful when creating a screen name.
    Each IM program asks you to create a screen name, which is similar to
    an e-mail address. Your screen name should not provide or allude to
    personal information. For example, use a nickname such as SoccerFan
    instead of BaltimoreJenny.

  3. Create a barrier against unwanted instant messaging.
    Do not list your screen name or e-mail address in public areas (such as
    large Internet directories or online community profiles) or give them
    to strangers.
    Some IM services link your screen name to your e-mail address when you
    register. The easy availability of your e-mail address can result in
    your receiving an increased number of spam and phishing attacks.

  4. Never provide sensitive personal information,
    Such as your credit card numbers or passwords, in an IM conversation.

  5. Only communicate with people who are on your contact or buddy lists.
  6. If you decide to meet a stranger
    That you know only from IM communication, take appropriate safety
    precautions. For example, do not meet that person alone, (take a friend
    or parent with you), and always meet and stay in a public place, such
    as a cafe.

  7. Don’t send personal or private instant messages at work.
    Your employer might have a right to view those messages.

  8. If you use a public computer,
    Do not select the feature that allows you to log on automatically.
    People who use that computer after you may be able to see and use your
    screen name to log on.

  9. Monitor and limit your children’s use of IM.
  10. When you’re not available to receive messages,
    Be careful how you display this information to other users. For
    example, you might not want everyone on your contact list to know that
    you’re "Out to Lunch."

Avoid Wireless attacks through your Bluetooth Cell Phone

Avoid wireless attacks through your Bluetooth cell phoneBluetooth® wireless technology is included with many cell phones and PDAs. Initially designed to let you swap documents between other Bluetooth devices without the use of connecting cables, it has since expanded to provide services such as Web connectivity and online game playing.However, any time you transmit information online, you can be vulnerable to online attack; and as the popularity of Bluetooth increases, so does its interest to cybercriminals.

The Bluetooth process and vulnerability

When it’s set to “discoverable” mode, your Bluetooth cell phone or PDA sends a signal indicating that it’s available to “pair” with another Bluetooth gadget and transmit data back and forth.

However, an attacker who detects this signal could also attempt to pair with your device and hack in to steal your personal identification number (PIN). You could remain unaware, while the attacker, with your PIN in hand, could be:

Bluetooth discoverable mode

Stealing information stored on your device, including contact lists, e-mail, and text messages.
Sending unsolicited text messages or images to other Bluetooth-enabled gadgets.
Accessing your mobile phone commands, which allows the attacker to use your phone to make phone calls, sent text messages, read and write phonebook contacts, eavesdrop on conversations, and connect to the Internet.
Installing a virus on your device that could wreak the same kind of havoc that a virus could on your computer—for example, slowing or disabling your service, or destroying or stealing information.

Criminals have also been known to drive around with Bluetooth detectors, looking for cell phones and PDAs to infiltrate; and to outfit laptop computers with powerful antennas in order to pick up Bluetooth signals from as far as a half-mile away.

The latest forms of high-tech attack even include forcing Bluetooth devices to pair with the attacker’s device when they are not in the discoverable mode. (It’s also very labor-intensive, so targets tend to be individuals known to have a very large bank account or hold expensive secrets.)

Tips to improve your Bluetooth security

Keep your Bluetooth setting to “non-discoverable” (transmission-disabled) and only switch it to “discoverable” when you’re using it.Just leaving your cell phone or PDA in the discoverable mode keeps it dangerously open for Bluetooth transmission—a Bluetooth user within up to a 30-foot range can receive your signal and potentially use it to access your device as you walk around town, drive, or even walk through your office.
Use a strong PIN code. Codes of five digits or longer are harder to crack.
Avoid storing sensitive data such as your social security number, credit card numbers, and passwords on any wireless device.
Stay up-to-date on Bluetooth developments and security issues, and regularly check with the manufacturer of your device for news on software updates or any specific security vulnerabilities.

More Bluetooth tidbits

Q: Why is this technology called Bluetooth?
A: Just as Bluetooth wireless technology links two different gadgets together, the 10th century Danish king Harald “Blatand” united the separate kingdoms of Denmark and Norway. “Blatand” loosely translates to “Bluetooth” in English.

Q: What does it mean when someone gets “Bluejacked”?
A: “Bluejacking” is one of many terms of Bluetooth attack jargon:

Bluejacking: sending unsolicited text messages
Bluesnarfing: stealing information
Bluebugging: stealing mobile phone commands
War-nibbling: driving around looking for Bluetooth signals to attack
Bluesniping: using a laptop and powerful antenna to attack from a distance

The Bluetooth trademarks are owned by Bluetooth SIG, Inc.

Strong passwords : How to create and use them

Strong Pasword

Your passwords are the keys you use to access personal information that you’ve stored on your computer and in your online accounts.

If criminals or other malicious users steal this information, they can use your name to open new credit card accounts, apply for a mortgage, or pose as you in online transactions. In many cases you would not notice these attacks until it was too late.

Fortunately, it is not hard to create strong passwords and keep them well protected.

What makes a strong password

To an attacker, a strong password should appear to be a random string of characters. The following criteria can help your passwords do so:

Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

Many systems also support use of the space bar in passwords, so you can create a phrase made of many words (a “pass phrase”). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.

Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:

The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.
Use the entire keyboard, not just the most common characters. Symbols typed by holding down the “Shift” key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.

Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective.

In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers.

Create a strong, memorable password in 6 steps

Use these steps to develop a strong password:

1. Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as “My son Aiden is three years old.”
2. Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.
3. If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you’ve created to create a new, nonsensical word. Using the example above, you’d get: “msaityo”.
4. Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden’s name, or substituting the word “three” for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become “My SoN Ayd3N is 3 yeeRs old.” If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like “MsAy3yo”.
5. Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of “MySoN 8N i$ 3 yeeR$ old” or a password (using the first letter of each word) “M$8ni3y0”.
6. Test your new password with Password Checker. Password Checker is a non-recording feature on this Web site that helps determine your password’s strength as you type.

Password strategies to avoid

Some common methods used to create passwords are easy to guess by criminals. To avoid weak, easy-to-guess passwords:

Avoid sequences or repeated characters. “12345678,” “222222,” “abcdefg,” or adjacent letters on your keyboard do not help make secure passwords.
Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an ‘i’ with a ‘1’ or an ‘a’ with ‘@’ as in “M1cr0$0ft” or “P@ssw0rd”. But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.
Avoid dictionary words in any language. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.
Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.
Avoid using online storage. If malicious users find these passwords stored online or on a networked computer, they have access to all your information.

The “blank password” option

A blank password (no password at all) on your account is more secure than a weak password such as “1234”. Criminals can easily guess a simplistic password, but on computers using Windows XP, an account without a password cannot be accessed remotely by means such as a network or the Internet. (This option is not available for Microsoft Windows 2000, Windows Me, or earlier versions) You can choose to use a blank password on your computer account if these criteria are met:

You only have one computer or you have several computers but you do not need to access information on one computer from another one
The computer is physically secure (you trust everyone who has physical access to the computer)

The use of a blank password is not always a good idea. For example, a laptop computer that you take with you is probably not physically secure, so on those you should have a strong password.

How to access and change your passwords

Online accounts
Web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as “my account”) somewhere on the site’s home page that goes to a special area of the site that allows password and account management.

Computer passwords
The Help files for your computer operating system will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection upon startup of your computer. You can also try to find this information online at the software manufacturer’s Web site. For example, if you use Microsoft Windows XP, online help can show you how to manage passwords, change passwords, and more.

Keep your passwords secret

Treat your passwords and pass phrases with as much care as the information that they protect.

Don’t reveal them to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions.
Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect.
Never provide your password over e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet “phishing” scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more. Learn more about phishing scams and how to deal with online fraud.
Change your passwords regularly. This can help keep criminals and other malicious users unaware. The strength of your password will help keep it good for a longer time. A password that is shorter than 8 characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.
Do not type passwords on computers that you do not control. Computers such as those in Internet cafés, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect.

What to do if your password is stolen

Be sure to monitor all the information you protect with your passwords, such as your monthly financial statements, credit reports, online shopping accounts, and so on. Strong, memorable passwords can help protect you against fraud and identity theft, but there are no guarantees. No matter how strong your password is, if someone breaks into the system that stores it, they will have your password. If you notice any suspicious activity that could indicate that someone has accessed your information, notify authorities as quickly as you can. Get more information on what to do if you think your identity has been stolen or you’ve been similarly defrauded.

10 Tips for Safer IM Instant Messaging

Communicating by using an instant messaging (IM) program has some of the same security and privacy risks as e-mail, but there are a  few unique dangers that you should be aware of.


  1. Never open pictures, download files, or click links in messages from people you don’t know.
    If they come from someone you do know, confirm with the sender that the message (and its attachments) is trustworthy. If it’s not, close the instant message.
  2. Be careful when creating a screen name.
    Each IM program asks you to create a screen name, which is similar to an e-mail address. Your screen name should not provide or allude to personal information. For example, use a nickname such as SoccerFan instead of BaltimoreJenny.
  3. Create a barrier against unwanted instant messaging.
    Do not list your screen name or e-mail address in public areas (such as large Internet directories or online community profiles) or give them to strangers.
    Some IM services link your screen name to your e-mail address when you register. The easy availability of your e-mail address can result in your receiving an increased number of spam and phishing attacks.
  4. Never provide sensitive personal information,
    Such as your credit card numbers or passwords, in an IM conversation.
  5. Only communicate with people who are on your contact or buddy lists.
  6. If you decide to meet a stranger
    That you know only from IM communication, take appropriate safety precautions. For example, do not meet that person alone, (take a friend or parent with you), and always meet and stay in a public place, such as a cafe.
  7. Don’t send personal or private instant messages at work.
    Your employer might have a right to view those messages.
  8. If you use a public computer,
    Do not select the feature that allows you to log on automatically. People who use that computer after you may be able to see and use your screen name to log on.
  9. Monitor and limit your children’s use of IM.
  10. When you’re not available to receive messages,
    Be careful how you display this information to other users. For example, you might not want everyone on your contact list to know that you’re “Out to Lunch.”