Another Trojan Email Is Doing The Rounds

Another Trojan Email popped into the spam basket today, this one entitled Facebook Password Reset Confirmation. The Email, purporting to be from Facebook, claims that the user’s Facebook password has been changed and informs them that the new password can be found in an attached document, which is a zip file.

You may receive a email claiming to be from Facebook Manager titled “Facebook Password Reset Confirmation. Important Message”. The message is a trick designed to fool recipients into installing a trojan on their computer.

Those who open the attached file, Facebook_password_3921.zip in this case, ostensibly to view their new password, will in fact be launching a copy of the Bredolab Trojan. Once downloaded, the virus gives the sender complete control of the target computer, allowing cyber criminals to potentially spy on users of the computer or use it to steal personal information or distribute more spam

As with any such dodgy emails, or unsolicited attachments, the best action is to delete the lot, and think no more about it.

Click here to find out more about the Bredolab Trojan on symantic.com.

Outdated IE6 Browser Still Widespread in Government

Does it seem odd that with Chinese hackers exploiting Internet Explorer 6 vulnerabilities to infiltrate Google’s network, so many Government departments are actively prevented from upgrading to a safer, more usable browser?

As noted in the Bristol Programming blog, the numbers are almost unbelievable. Together with an undisclosed number of desktops in the Ministry of Justice using the vulnerable and out of date browser, the figures for IE6 in Government are breathtaking:

  • More than 750,000 workstations in the NHS
  • 500,000 in the Department of Work and Pensions
  • 300,000 in the Ministry of Defence

Is it possible that the cost to Government that outsourced IT providers would demand to upgrade the browser are so high that it is worth the risk of compromise? There must be some major national security threat if users ever get the ability to use tabbed browsing; what else could explain the reluctance to upgrade? Perhaps some bold MP would like to ask the question in Parliament.

To read the original article click here to visit the Bristol Programming blog

Another Email Hoax To Avoid

Another one of those pesky email hoaxes popped into our in-box today. It was the Simon Ashton hoax, with the warning forwarded by a well meaning friend. As we tell all our staff, collogues, customers and friends, the email hoax works because people think “better safe than sorry”

The amount of email that a typical hoax can generate is a major cost to organisations. Just think of a company with 60 employees; if each person takes a minute to read a hoax virus email, that will cost an hour of lost productivity. Then if half of them spend a couple of minutes forwarding it to their friends, that is another hour lost! Once a few people in your company have received a warning and mailed it to all their friends and colleagues, a mail overload can easily result.

We support the advice that companies should consider circulating a policy on virus hoaxes to all their staff, in an attempt to avoid the costs involved.

For a sample anti hoax virus policy click here to visit Sophos – Don’t fall for a virus hoax

Avoid Spreading Virus Hoaxes

Today we recieved one of the emails that you get occasionally, which promises a masivly damaging virus is just about to strike. This one had the headline HUGE VIRUS COMING! PLEASE READ & FORWARD!

We always advise people to check these messages out via a reputable website like McAfee or Sophos, because many of them are hoaxes. In fact they are realy a form of computer virus that is spread by well meaning people. The message is usually a chain e-mail that tells the recipient to forward it to everyone they know. Some IT specialists consider virus hoaxes and other chain e-mails to be a computer worm in and of themselves, as they replicate by exploiting users’ ignorance or emotional responses.

McAfee advise users who receive the email to delete it and DO NOT pass it on, as this is how an email HOAX propagates.

Click here to visit McAfee Virus Hoaxes
Click here to visit Sophos Don’t fall for a virus hoax

Twitter Hit by Denial-Of-Service Attack

The popular social networking site Twitter has been hit by a denial of service attack, according to Twitter co-founder Biz Stone. In an e-mail to CNN.com, Stone said this morning’s attack is not related to a recent incident in which a hacker stole internal documents from the site.

“There’s no indication that this attack is related to any previous activities. We are currently the target of a denial of service attack,” Stone said in the e-mail. Approximately 45 million people worldwide now rely on Twitter as a communication platform, and a number of them will be greatly inconvenienced.

Denial-of-service attacks are a common weapon employed by cyber criminals to disrupt the working of Web sites. Perpetrators enlist millions of computers to attempt to access a particular site. The site cannot handle the massive increase in traffic, and is rendered inaccessible.

While disruptive and hard to trace, this type of cyber attack is considered by experts to be a relatively unsophisticated technique. The attack itself doesn’t attempt to infiltrate the internal operations of a company’s computer infrastructure. It simply renders its Web site inactive.

Twitter’s status update said: “We are defending against a denial-of-service attack, and will update status again shortly.” The millions of Twitter fans who have been disrupted by this attack will no doubt give vent over the next few days. I confidently expect to see Twitter and Denial-Of-Service at the top of the Google hit chart shortly!

For more on the CNN story Click Here to visit CNN Money

To follow me on Twitter when it is back up, Click on BGT666

Is Conficker the start of the biggest botnet in history?

Conficker worm infected machines may comprise one of the biggest networks of robot computers (botnets) in Internet history if security experts’ fears are proved correct. From midnight on 1 April, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next.

Conficker – also known among security experts as “Downadup” was first discovered in November last year, being sold as part of a kit by a Chinese hacker. Since then, two variants have been spotted in the wild as the virus has gone on to infect more than 10m PCs.

Microsoft has offered a bounty of $250,000 (£176,000) for the identity of Conficker’s creator, who currently remains unknown. Usual methods of unpacking the virus code to examine its workings have been thwarted because the authors have encrypted it, using algorithms that render it almost uncrackable.

For more aspects of this story see Conficker virus – deadly threat or April Fool’s joke

Karalon Technology Traffic IQ Pro

The other day I passed a pleasant few minutes chatting on the phone to a nice guy called Dominic, from Karalon Technology.

Karalon Technology are the Vendors of a product called Traffic IQ Pro which is used by many large companies and organisations such as Cisco Systems, Juniper Networks, Singapore Government, Microsoft, HP, AT&T, BT, US Army and many more global organisations. Situated in London, they are the market leaders of industry approved solutions for auditing and testing the recognition and response capabilities of network based corporate security defences (Firewalls/IPS/IDS- Devices /UTM’s and Routers).

This software not only tests security infrastructure to make sure that bad traffic cannot get in or out, but also tests to make sure that legitimate production traffic can enter and exit the network all in a safe, accurate, repeatable and easy to use testing platform.

If you want to find out more about this technology click here for Karalon and Traffic IQ Pro. Fully functional applications are available to download free from Karalon Downloads. They also have a movie
which you can click here to view.

Parliamentary computers infected by Conficker worm

The House of Commons internal computer network has been infected by the “Conficker” worm and has had to ban its users from attaching outside storage, such as USB memory sticks, in case it gets reinfected. An estimated 10 million PCs worldwide have also been infected and experts fear next week will see problems worsen. For more on this story, see the article House of Commons network hit by Conficker computer worm from guardian.co.uk

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

  • Account lockout policies are being tripped.
  • Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Domain controllers respond slowly to client requests.
  • The network is congested.
  • Various security-related Web sites cannot be accessed.

For more information about Win32/Conficker.b, visit the following Microsoft Malware Protection Center Web page http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker

Network managers can also stop Conficker from spreading by using Group Policy, and creating a policy that applies to all computers in a specific organizational unit (OU), site, or domain in your environment. For more details on this process see Microsoft Help and Support Article ID 962007

Palo Alto Networks Discovers Critical Vulnerability in Microsoft Word

Palo Alto Networks of Sunnyvale, California, has announced that its Threat Research Team discovered one of the six critical vulnerabilities communicated in Microsoft’s Patch Tuesday security bulletin this week. The exploited vulnerability could allow a hacker full system access and control.

Prompting the highest vulnerability rating, Microsoft credited Palo Alto Networks exclusively with the discovery of Word Memory Corruption Vulnerability (CVE-2008-4026). The vulnerability exists in the way that Microsoft Word handles certain Word files.

An attacker could deliver a seemingly innocent document to a user via email, IM or as a download from a Website. If opened, the execution would enable an attacker to take complete control of an affected system, allowing them to then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability exists in both the Microsoft Office 2003 and 2007 versions.

For full details of this press release click on Palo Alto Networks Discovers Critical Vulnerability in Microsoft Word
For more details from Microsoft click on MS08-072

Why You Need Secure eMail

In the last few years, email has become the single most popular way for organisations to communicate with each other. But as the number of people emailing has sky-rocketed, so have the risks to organisations of being inundated with spam, infiltrated by viruses or having valuable or sensitive information stolen by hackers.  The risk of having your email system hacked into or infected is a very real one.

But if you work within the Criminal Justice System, you could join a new service that will put an end to the security nightmares that can potentially be caused by viruses, spam and hackers.

Protect yourself, your organisation and your clients – sign up for Secure eMail

Want to find out more?

Disclaimer

Secure eMail is provided by the Office for Criminal Justice Reform. Although the service is run by the Government, the Government does not have a right to view the content of any of the emails being transmitted across the service.