Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.

John Sakoda of IMlogic CTO and Vice President of Products stated that,

"IM viruses and worms are growing exponentially….Virus writers are now shifting the focus of their attack to instant messaging, which is seen as a largely unprotected channel into the enterprise."

Because Instant Messaging operates on peer-to-peer (P2P) networks, it spawns an irresistible temptation for malicious computer hackers. P2P networks share files and operate on industry standard codec (encyrption codes) and industry standard protocols, which are publicly open and interpretable. Anti virus software does not incorporate protection for Instant Messaging services.

Like sharks in a feeding frenzy, these hacker mercenaries view Instant Messaging clients as their personal “Cash Cow” because of the ease by which they can access your computer via the publicly open and interpretable standards, unleash a Trojan horse, virus, or worm, as well as gather your personal and confidential information, and sell it to other depraved reprobates.

Please, don’t be naïve enough to think it won’t or couldn’t happen to you!

Want to see how easy it is for hackers to access your Instant Messaging chat and what can happen to you as a result?

Did you know that some hacker-friendly providers offer processor chips that can be bought on the Internet? (I guess it would be pretty hard to walk into a store and ask the clerk to help them find a processor chip that could be used to illegally hack into a victim’s computer for the sole purpose of spreading malicious code or stealing someone’s identity!)

Did you know that hacker-friendly providers actually offer hacker software that enables these criminals to deliberately disable security on computers, access your personal and confidential information, as well as inject their Trojan horses, viruses, and worms?

Hacker manuals are also conveniently accessible via the Internet. One of these manuals shows how to DoS other sites. DoSing (Disruption of Service) involves gaining unauthorized access to the “command prompt” on your computer and using it to tie up your vital Internet services. When a hacker invades your system, they can then delete or create files and emails, modify security features, and plant viruses or time bombs onto your computer.

“Sniff” is a tool (originally intended to help telecommunication professionals detect and solve problems) that reprobate hackers use to tamper with the protocol and “sniff out” data. When hackers sniff out your Instant Messaging data packet from Internet traffic, they reconstruct it to intercept conversations. This enables them to eavesdrop on your conversations, gather information, and sell it to other depraved criminal entities.

Don’t set yourself up to be the next Identity Theft Victim because you like to chat using Instant Messaging.

Identity theft is one of the most sinister of vulnerabilities you are inadvertently be subjected to. Identity theft is defined by the Department of Justice as

“…the wrongful obtaining and using of someone else’s personal data in some way that involves fraud or deception, typically for economic gain.”

Identity theft is the by-product of hacker mercenaries obtaining your social security number (including those of your spouse and children), your bank account, your credit card information, etc., from the Internet. You become a virtual “Cash Cow” for hackers as your information is then sold to other felons for financial gain. Using your information, these criminals then:

· access your bank account funds
· create new bank accounts with your information
· create driver’s licenses
· create passports

Attorney General Ashcroft stated that,

"Identity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to America’s businesses.”

A group hosting a website known as shadowcrew.com was indicted on conspiracy charges for stealing credit card numbers and identity documents, then selling them online. While this group allegedly trafficked $1.7 million in stolen credit card numbers, they also caused losses in excess of $4 million.

According to a Press Release issued by the Department of Justice on February 28, 2005, a hacker was convicted of several counts of fraud, one in which

“…he fraudulently possessed more than 15 computer usernames and passwords belonging to other persons for the purpose of accessing their bank and financial services accounts, opening online bank accounts in the names of those persons, and transferring funds to unauthorized accounts.”

Trojan Horses, Viruses, and Worms – The Toxic Trio

According to Dictionary.com, a Trojan horse is “…a subversive group that supports the enemy and engages in espionage or sabotage—an enemy in your midst.” The toxic cargo of Trojan horses can include viruses or worms.

A Trojan horse is a program that Internet criminals use to interrupt and interfere with your security software and produce the following results

· Terminates processes
· Removes registry entries
· Stops services
· Deletes files

Hackers, who have gained access to your computer, because of the easily accessible programs and software as mentioned above, are enthusiastically incorporating this venomous little program into their arsenal of weapons.

As recently as March 4, 2005, a new Trojan horse was discovered that modified settings in Internet Explorer. Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP were the reported systems that could be affected.

On January 28, 2005, a press Release issued by the Department of Justice reported that a 19 year old was convicted for his criminal activity by “…creating and unleashing a variant of the MS Blaster computer worm.” Christopher Wray, Attorney General – Criminal Division stated that,

"This … malicious attack on the information superhighway caused an economic and technological disruption that was felt around the world.”

By the way, “malicious” is defined by Webster as “…intentionally mischievous or harmful”.

On February 11, 2005, in a Press Release issued by the Department of Justice, reported that another criminal was sentenced for circulating a worm. This worm,

“…directed the infected computers to launch a distributed denial of service (DOS) attack against Microsoft’s main web site causing the site to shutdown and thus became inaccessible to the public for approximately four hours.”

March 7, 2005, Symantec.com posted discovery of a worm named “W32.Serflog.B” that spread through file-sharing networks and MSN Messenger – networks that operate on publicly open and interpretable industry standards administered by P2P systems that host Instant Messaging clients—none of which are protected, regardless of the anti virus software on your computer. The W32.Serflog.B worm also lowers security settings and appears as a blank message window on the MSN Messenger.

SOLUTION

Avoid at all costs, P2P file sharing networks as they operate on publicly open and interpretable industry standards. (Instant Messaging services run on P2P file sharing networks.)

If you like the convenience of text chatting via Instant Messaging, then why not consider an optimally secure VoIP (voice over internet protocol), also known as a Computer Phone, that incorporates the Instant Messaging feature. Make sure the VoIP internet service provider does not operate on P2P file sharing networks that use industry standard codec or industry standard protocols that are publicly open and accessible. (Don’t forget, these standards create the vulnerability which reprobate hackers are capitalizing on because of their easy accessibility.)

Optimally secure VoIP service providers that incorporate a secure Instant Messaging feature, operate from their own proprietary high end encryption codec on patented technology which is hosted in a professional facility. Simply put, when a VoIP internet service provider is optimally secure, the Instant Messaging feature on the VoIP softphone is also incorporated in their optimally secure technology.

Here’s the bottom line.

If you are currently using Instant Messaging of any sort, you need to make a decision:

a. Continue enticing hacker mercenaries and remain as a user of an Instant Messaging service, or

b. Take immediate corrective action.

If you decide to take immediate corrective action:

1. Find an optimally secure VoIP internet solution provider that includes the Instant Messaging feature in their proprietary patented technology.

2. Find an optimally secure VoIP internet solution provider that has their own proprietary high end encryption codec.

3. Find an optimally secure VoIP internet solution provider that has their own proprietary patented technology.

4. Find an optimally secure VoIP internet solution provider that hosts their proprietary patented technology in a professional facility.

Need Help?

Here’s a place you can look over to see what an optimally secure VoIP internet solution provider looks like–one that operates on their own proprietary high end encryption codec with their own proprietary patented technology hosted in a professional facility, AND one that incorporates the Instant Messaging feature. http://www.free-pc-phone.com

**Attn Ezine editors / Site owners ** Feel free to reprint this article in its entirety in your ezine or on your site so long as you leave all links in place, do not modify the content and include the resource box as listed above.

Dee Scrip is a well known and respected published author of numerous articles on VoIP, VoIP Security, and other related VoIP issues. Other articles can be found at http://www.free-pc-phone.com

First of all we need to get some terms stated. I have been in the business for just over two years and there is still some confusion over the topic.

Mail forwarding: is a service that allows you to have your mail sent to a “mailbox” and then they will forward it off to your location. This mail is generally sent in bulk to the recipient and is very useful if you travel, or don’t have a permanent address.

Mail Redirection: is when you have mail sent direct to a mailbox and then it is “remailed” to another location. This is mainly used by organisations or individuals who wish to keep their physical address a secret.

Remailing: is as simple as receiving a letter, re-stamping and addressing the letter then posting it again. This is pretty much what happens when mail is forwarded or redirected.

First of all when you think about tampering with mail such as remailing, forwarding etc. you think “dodgy” or is that legal? Quite simply yes, it is legal but it all depends on what the intent of the service is. I will explain why people need to have a fake mail address.

Mail Drop: is defined as “an address or place at which a nonresident person receives mail, often of a secret nature” (2005) Dictionary.com

So why are there so many names for the same services?

It is pretty simple to understand why there are so many names and that is because the vendors that offer these services are trying to obtain as many hits through search engines as possible, they use phrases such as “forwarding” “redirection” etc.

In doing this they can confuse the customer and they will not have a clear understanding of the services that are available.

What service should I use then?

Mail drops are generally the most defined term and are understandably the most common. I define Mail Drops as a mailbox that has been purchased on your behalf and all mail within the mailbox is sent to your predefined recipient address. Most Vendors provide shared mail boxes, where you share a box with many users for a cheap price, or dedicated services where you actually rent the whole mailbox. You should look at how manageable your account is, can you have multiple predefined recipient addresses, and can you see what mail you have and how much mail you have in the box at any time.

Why would people even use such a service?

Anonymity is the simple answer, or people who choose to keep their identity secret from others. There are many reasons for doing this, the most legitimate reason for using such services is for people who move around and do not have one stagnant address. Although the services are set up by legitimate vendors, there are the customers who wish to evade the law and have private documents sent without detection. These customers can harm or damage the vendor’s reputation and if any prohibited material is detected they can often face heavy charges.

There are many vendors out there who provide this service, I am not going to recommend any particular vendor but I do advise that you shop around and take a look at their history and talk to other customers who have used their services. All the vendors are located in multiple countries; you should take a look at their country of origin, what privacy laws are enforced there, what is their law enforcement like? Then take a look at the site. Read their privacy statement, try to understand it. Make sure you fully understand their terms of service. You do not want to be stuck with a huge fine, or if you’re trying to keep yourself anonymous, you don’t want to have your private information public. Or worst of all have them read your private mail!

Good luck

Steve
©Private Mail Services
http://www.private-services.com 2005 - Keeping You Anonymous

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act “the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression.” Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion’s share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure’s effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company’s systems of internal controls;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization’s IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company’s email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry’s largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names of a modern day version of The Three Musketeers. These are Trojans engineered for a hacker attack that will infect computers and open them for use in further attacks.

"Combating computer viruses is essentially a game of hide and seek," says Govind Rammurthy, CEO, MicroWorld Technologies, among the leading Security Solutions providers. "Hackers riding piggyback on viruses have only a short window of opportunity to maximize their gain before the viruses are detected, neutralized and logged into Virus Definition databases, ‘vaccinating’ the system against those strains.

Without continuing system vulnerability caused by virus infection there is little they can do to further their malicious ends like stealing personal information, credit card details and other sensitive and vital data. To achieve their ends they need to keep the system vulnerability going for more time. This co-ordinated Trojan threat is an attempt to the keep that ‘backdoor’ open, essentially buying time," he concludes.

Of the three, Glieder leads the initial charge. It sneaks past anti-virus protection to download and execute files from a long, hard-coded list of URLs and "plant" the infected machine with "hooks" for future use. On Windows 2000 and Windows XP machines, it attempts to stop and disable the Internet Connection Firewall and the Security Center service (introduced with Windows XP Service Pack 2). Then the Trojan accesses the URL list to download Fantibag. The way is now paved to launch the second stage of attack.

Sulabh, a tester with MicroWorld Technologies says of Fantibag, "Now Fantibag goes about attacking the networking feature of the infected system to prevent it from communicating with anti-virus firms and denying access to the Microsoft Windows Update site. It closes your escape route by making it impossible to download an anti-virus solution and any subsequent Windows security patch to your system. Effectively it helps Mitglieder (the third stage Trojan) open the ‘backdoor’ by shutting the other doors on you."

Mitglieder puts the system under complete control of the attacker by opening the ‘backdoor’ on a port using which the attacker can update the Trojan, to stay a step ahead of attempts to remove it, download and execute files, initiate an SMTP server to relay spam, execute files on the infected computer and download and execute files via an URL. "This is what makes it scary," say Aarti, Assistant Manager, QA, MicroWorld Technologies. "The fact that the system can now be used as a remote controlled ’soldier’ (bot) in an army (botnet) of similarly compromised machines to launch criminally motivated attacks, causing harm to Internet users."

Botnets thus formed can among other things, use your machine to launch Distributed Denial of service attacks which overload servers, making them crash, to send out spam, spread new Malware, plant Keylogger to retrieve your personal information like identity, passwords, account numbers etc., install Spyware, manipulate online polls/games, abuse programs like Google AdSense to cheat advertisers of revenue, and install Advertisement Addons for financial gain as in fake websites advertising services that don’t exist.

"Botnets can even encompass over 50,000 host machines. The potential for mischief is huge," reflects Govind Rammurthy. "Such a three-pronged Trojan attack where attackers change their virus code and release viruses quickly to bypass virus signature scanners, then disable network access to deny the user link-ups to anti-virus and Microsoft Windows Update site for protection has huge significance for virus-signature based protection. It is a sign of things to come," he says, remembering the scramble at MicroWorld labs to update their products to detect and remove the three Trojans.

Anti-virus updates for the three-pronged Trojan threat are available at MicroWorld Technologies site. Maybe the time for worrying about some pimply teenager turning out malicious code because they have nothing better to do on a nice sunny morning, is over. The world could be facing a determined organized crime syndicate who’ll stop at nothing to get what they want - information precious to you.

MicroWorld Technologies is one of the leading solution providers for Information Technology, Content Security and Communications Software. MicroWorld has established itself as a leader in providing content security, anti-virus and corporate communications software solutions.

As more people are logging onto the Internet everyday, Network Security becomes a larger issue. In the United States, identity theft and computer fraud are among the fastest rising crimes. It is important to protect your network and ensure the safety of all computers and users in that network.

What is a Network?

In order to fully understand network security, one must first understand what exactly a network is. A network is a group of computers that are connected. Computers can be connected in a variety of ways. Some of these ways include a USB port, phone line connection, Ethernet connection, or a wireless connection. The Internet is basically a network of networks. An Internet Service Provider (ISP) is also a network. When a computer connects to the internet, it joins the ISP’s network which is joined with a variety of other networks, which are joined with even more networks, and so on. These networks all encompass the Internet. The vast amount of computers on the Internet, and the number of ISPs and large networks makes network security a must.

Common Network Security Breeches

Hackers often try to hack into vulnerable networks. Hackers use a variety of different attacks to cripple a network. Whether you have a home network or a LAN, it is important to know how hackers will attack a network.

One common way for a hacker to wreak havoc is to achieve access to things that ordinary users shouldn’t have access to. In any network, administrators have the ability to make certain parts of the network “unauthorized access.” If a hacker is able to gain access to a protected area of the network, he or she can possibly affect all of the computers on the network. Some hackers attempt to break into certain networks and release viruses that affect all of the computers in the network. Some hackers can also view information that they are not supposed to see.

Destructive Attacks

There are two major categories for destructive attacks to a network. Data Diddling is the first attack. It usually is not immediately apparent that something is wrong with your computer when it has been subjected to a data diddler. Data diddlers will generally change numbers or files slightly, and the damage becomes apparent much later. Once a problem is discovered, it can be very difficult to trust any of your previous data because the culprit could have potentially fooled with many different documents.

The second type of data destruction is outright deletion. Some hackers will simply hack into a computer and delete essential files. This inevitably causes major problems for any business and can even lead to a computer being deemed useless. Hackers can rip operating systems apart and cause terrible problems to a network or a computer.

The Importance of Network Security

Knowing how destructive hackers can be shows you the importance of Network Security. Most networks have firewalls enabled that block hackers and viruses. Having anti-virus software on all computers in a network is a must. In a network, all of the computers are connected, so that if one computer gets a virus, all of the other computers can be adversely affected by this same virus. Any network administrator should have all of the essential files on back up disks. If a file is deleted by a hacker, but you have it on back up, then there is no issue. When files are lost forever, major problems ensue. Network security is an important thing for a business, or a home. Hackers try to make people’s lives difficult, but if you are ready for them, your network will be safe.

Robert Flanglin is very interested in security and enjoys writing about network security. Robert Flanglin also writes for the Network Security Journal ( http://www.networksecurityjournal.com ).

Paypal is a great site and is used by many to send and receive money. Unfortunately some dishonest people are using the Popularity of Paypal to line their own pockets with gold at the expense of unsuspecting Pay Pal members. These paypal Scam Artists will try to get your Paypal ID and password so they can Login then Clean out your Paypal Account of all funds. Paypal is fully aware of this problem and is doing everything possible to stop this. Unfortunately if someone logs into an account with a valid Id and Password it is very hard for Paypal or any other secure site for that matter to stop it. As a Consumer you need to be educated so you can protect yourself.

A Typical Paypal Scam Artist will send you an e-mail requesting that you update your account. Often this request to update your account is made under some false pretence like it is suspended or has been suspected of Fraudulent use. Here is a Copy of a recent Paypal Scam E-mail I received http://ewguru.com/hbiz/scam.html. You will notice the Pay Pal Link on this page looks real. Don’t click it. You can however do a right click properties and notice that it is in fact a phony link.

Paypal has an excellent online Article about how to spot Fake E_mails. Much of the Material in this article is derived from the paypal site http://www.paypal.com/us/cgi-bin/abuser?cmd=kept/general/SecuritySpoof

Here are 7 ways to spot a Pay Pal Scam E-mail and Protect Yourself from Identity Theft

1 - Wrong E-Mail Address

Any E-mail Sent to an E-mail Address that is Not Your Primary Pay Pal E-mail Account is more then likely a scam.

2 - Fake links

After you click on the Link if it doesn’t Start https://www.paypal.com then it is a Fake Link. Even if it says Paypal in it somewhere it is a Fake Link. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don’t see "https," you’re not in a secure web session, and you should not enter data. (This goes for any payment Processor including your online Bank Accounts)

3 - Subject Lines

Subject like Please Restore Your Account Access.

4 - Generic greetings

Lot’s of emails begin with a Greeting, such as: "Dear PayPal member. Paypal knows the name you used when you registered your account

5 - Action Required Now

Many Fake emails try to trick you with the threat that your account is in jeopardy if you don’t sign in and fix it NOW!

6 - HTML Emails

Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an e-mail.

7. Misspellings and bad grammar

Fake emails may contain misspellings, incorrect grammar, missing words. Many Times these are used to trick the E-mail Filters

A quick review

If you receive an E-mail with a Link requesting you to click on the link and sign in to your Pay Pal account, Don’t Do It!

If you receive an E-mail with what looks like a Paypal Sign in Form, Don’t Sign in!

If you are unsure if the e-mail is Real or fake forward it to spoof@paypal.com and request assistance.

If you absolutely must login to your pay pal account then I would highly recommend you do the Following. Close all open Browser sessions. Run a Spyware check on your computer You can get a free Spyware program here (http://www.download.com/Spyware-Doctor/3641-8022_4-9063584.html) then type in https://www.paypal.com/ directly into your Browser window do not click on any links.

Mike Makler has been Marketing Online Since 2001, When he built his first Sales organization of over 100,000 Members.

About The Author:
Mike Makler has been Marketing Online Since 2001 When he Built an Organization of over 100,000 Members

Get Mike’s Newsletter:
http://ewguru.com/newsletter

More Articles by Mike:
http://ewguru.com/tips

Copyright © 2005-2006 Mike Makler the Coolest Guy in the Universe

[You have permission to publish this article electronically or in print, free of charge, as long as the bylines are included. A courtesy copy of your publication would be appreciated getarticles At Ewguru .Com]

Threats we ordinary Web users face online leave us no choice but learn. Haven’t you noticed how many new things you learned lately? We are much better informed about malicious programs than just a year ago.

This section of our vocabularies grows rapidly: now we all know what a "keylogger" is,"worm" for us has something to do not only with zoology, nor a "Trojan Horse" with Ancient Greek literature. We are getting better at avoiding such scams as phishing, and this word doesn’t look like a spelling mistake anymore.

We Web users are getting smarter — at least the numbers from the recent survey by the Pew Internet and American Life Project say so. The study shows that 91% of respondents (adult Web users from the USA) have improved their online behavior in one way or another.

81% of respondents have become more cautious about e-mail attachments.

People are also avoiding certain Web sites (48%), using file-sharing networks less often (25%), and even switching browsers (18%).

But, alas… As Web users get wiser, cybercriminals become more insidious and commit more sophisticated crimes.

More people are now aware of a worm, virus or Trojan which might be hidden in a spam email attachment — for cybercriminals it means that spam becomes less "effective" means of spreading malware.

Why they are spreading malware? What motivates them? Money, of course.

All security experts are at one in thinking that " cybercriminals are primarily motivated by financial gain". In other words, they prefer cash to fun. Instead of doing mischief just for the h… of it, they steal money. Big money.

Along with other unlawful activities, cybercriminals are actively hunting for valuable data that can be turned into cash. Stealing information needs contaminating as many PCs as possible with malicious programs. Most PC users now are aware of (or we even can say, almost got used to) the fact that Trojan horses can be included into e-mail messages, multimedia files or free knick-knackery like postcards, smileys and screensavers. We users know that many viruses, worms, and Trojan horses contain information-stealing (keylogging) modules.

Spreading malware as wide as possible that’s what cyberthieves do in order to reach their treacherous goal. At least it was their main approach — until recently, when crooks began to more intensively exploit a new tactic.

Targeting at Individual Addressees

On July 8, 2005 CERT (the US Computer Emergency Readiness Team), issued an alert warning about the rise of Trojan attacks of a new kind. Signs of these stealthy Trojan attacks, which were targeting specific firms to evade detection, have been detected for the last year. Targeted Trojan-horse attacks are a new trend in online threats, states the alert.

Trojan attacks by themselves aren’t new, but CERT said this technique has two features that make it very dangerous, especially for businesses.

First, conventional anti-virus software and firewalls can’t beat Trojans of this kind. These programs are "tailor-made". Source code of known Trojans, if altered, is unfamiliar to anti-viruses, and they can’t detect it.

Any new variation of known malicious program is a new program for anti-viruses. There is a long way from detection of a piece of malware to the moment when an anti-virus or anti-spyware vendor is able to offer protection against it. This cycle takes time — from several hours to a couple of days. When such a program is detected, its signature (piece of code) should be picked and included into an update. Only after all anti-virus or anti-spyware programs on all users’ PCs are updated it is possible to protect them against this particular piece of malware. Poor consolation for those unlucky ones who were hit by a new kind of malware FIRST.

These e-mails contain dangerous malware-laden attachments, or links to web sites hosting Trojan horses. When such an attachment is opened or a link is clicked, a malicious program installs the Trojan onto the users’ machines. These Trojans can be configured to transmit information via ports used for a common service, like TCP port 80, which is assigned to Web traffic. That’s why firewalls are helpless against them.

Second, this time the e-mails are TARGETED — sent to specific recipients. Their subject lines often have something to do with the user’s work or interests.

What the criminal can do when the attachment is opened? He can: (Quote from the alert issued by US-CERT)

• Collect usernames and passwords for email accounts
• Collect critical system information and scan network drives
• Use the infected machine to compromise other machines and networks
• Download further programs (e.g., worms, more advanced Trojans)
• Upload documents and data to a remote computer

CERT made recommendations for system administrators on how to prevent this kind of Trojan horse attacks. You can get the complete list from: http://www.us-cert.gov/cas/techalerts/TA05-189A.html

As for us ordinary Web users — to lessen the risk of these attacks we all should:

• use an anti-virus scanner on all e-mail attachments
• update operating system and application software to patch vulnerabilities these Trojans exploited
• set the default options in e-mail clients to view opened e-mails as plain text, i.e. turn off the "Preview Pane" functionality.

And, of course, be more cautious about everything which appears in our inboxes.

Alexandra Gamanenko currently works at Raytown Corporation, LLC — an independent software developing company. This company provides software capable of disabling even "tailor-made" information-stealing modules, which can be hidden inside spyware as well as viruses, worms and Trojans.

Learn more — visit the company’s website http://www.anti-keyloggers.com

In a word, no - an email message has always been nothing more than a simple text message sent unencrypted to a recipient we choose. So all the email that we so blithely send all over the Internet everyday is neither private nor secure. Every birthday greeting or Dear John email, every complaint, rant or verbal purge we may have sent to our employers, credit companies, congressman or customer service rep is subject to delivery errors or outright interception.

How can this be? To answer that we need to understand how email works. For the vast majority of email users today, the email system they use consists of two servers providing incoming and outgoing services, SMTP and POP3.

The SMTP (Simple Mail Transfer Protocol) server handles the outgoing email. SMTP was designed years ago when plain ascii text was all there was to send via email. So, when you push the "Send" button in your email client, the SMTP server at your ISP (Internet Service Provider) connects with the incoming POP3 (Post Office Protocol ver. 3) server where you are sending the email. The servers have a short "chat" verifying that the email address you are trying to send to exists on the incoming POP3 server. Then the SMTP server passes the message to the POP3 server and the POP3 server puts the message into the recipient’s email box. At no time during the process is your email encrypted to protect your privacy. The message could be intercepted at anytime during the process and read by anyone.

On occasion, email sent to you or by you may even be delivered to the wrong inbox and your private message is no longer private. A single misdirected message could expose you to all kinds of trouble depending upon it’s content.

Well, no one wants to read your email right? Wrong! Have you ever heard of Carnivore? That’s a system that the FBI uses to harvest all email traffic going through a network. How does this affect you? When the FBI hooks Carnivore up to your ISP’s network because they suspect someone of dealing drugs or some other crime, Carnivore will filter through ALL email looking for keywords that relate to the crime in question. And because the search has to be intentionally vague, you may be sending a request for information about a prescription drug you take and Carnivore will harvest your email to be read by a human agent. Suddenly, the drugs you’re taking are now public knowledge. Spammers have also been known to harvest email addresses via captured emails.

OK - so now that you know the problem, what should you do about securing your privacy? It was hinted at earlier on… encryption! Learn how to use PGP (Pretty Good Privacy) to encrypt your email.

PGP uses a Public/Private key method to encrypt email. First you create a "Public" key. This is the key that others will use to encrypt email sent to you. Send this key to everyone you want to receive encrypted email from. Then you create a "Private" key. This is the key you use to decrypt any encrypted email sent to you. Safeguard this key well. It is the only thing that can decrypt your messages. If you tell someone what it is or loose it, your privacy is again compromised.

For more information on PGP and a free download visit: http://www.pgpi.org.

Next Time: Incorporating PGP into your email…

Michael Ameye has been developing web sites since 1995. He started writing about online privacy issues to answer questions from family, friends and co-workers. Visit http://www.canyourspam.com to see his latest work.

He is also the chief editor of PSS Online, A Privacy, Safety and Security eZine dedicated to bringing important information to people in order to foster a safer more secure environment - online and off. Visit http://www.pssonline.info to subscribe.

Imagine this – you open up your email box and an international company is offering you a dream job – you can be an agent for them – a financial intermediary – receiving payments for them and transferring money to them, and, naturally, keeping a commission on each transaction.

There’s no investment, no money required. They are just looking for people with a good reputation that they can trust with their money.

The company needs a local agent because US banking laws restrict the accounts that a foreign company has, unless they have a U.S. citizen as a registered agent of the company.

It sounds really good. After all, the company is overseas and it needs a U.S. Agent to receive payments and all you have to do is wire-transfer the money to the company account overseas, less your commission.

There seems to be no way to lose, since you won’t be putting out any of YOUR money and YOU have control over all incoming and outgoing payments.

You can’t lose, can you?

Unfortunately you can. Take this job and you become a “money mule” – an unwitting participant in a scheme to defraud others. Here’s how it works: The company may or may not have a good looking website with what sounds like a legitimate name, “Techhydraulik” and says it’s based in Germany.

Sounds like it is a technology company having something to do with hydraulics, doesn’t it?

However, it is really an Internet front for Bad Guys who need to be able to transfer money out of the United States from people that they have defrauded through “Phishing.”

Phishing is the practice of setting up fake bank sites that look just like the real bank site (for example, Wells Fargo) and sending emails to millions of people saying that there is an irregularity in their Wells Fargo account and to “click on the link to confirm your information or your account will be closed”.

When you click on the link and fill out the fields for your account number, username and passwords, it sends the information to the Bad Guys who empty your account. Believe it or not, tens of thousands of people fall for this each year.

The Bad Guys then send the payment to their agent (you), and you wire-transfer the money, less your commission, to their overseas account.

Several weeks or months later, perhaps, there is a knock at your door and the FBI wants to know why you are receiving stolen funds. You explain that the funds are not stolen, they are payments for equipment purchased by people from Techhydraulik, and you are their legitimate agent.

You may not be held criminally liable since you were an unknowing dupe, but you may certainly be liable for repayment of all of the money that passed through your hands.

And of course, the real perpetrators have long ago closed that overseas account and disappeared.

How can you protect yourself?

Go to www.betterwhois.com and look up the information about the company’s website. You’ll be able to see when the .com was registered.

Typically, the names are registered just a few days before the email is sent out, because the individual websites are generally only up for a few days or weeks, to make it hard for authorities to trace. For example, techhydraulik.com was registered on August 2nd and the fraudulent email was sent out on August 15. Chances are the website will be gone shortly.

The techhydraulik.com website is hosted by computers in Russia where laws are lax and recovery is unlikely. It’s also possible that if you did visit the techhydraulik site, your computer would be infested with password stealers, key loggers and spyware.

The Internet is a wonderful tool. It is also a place where you need to protect yourself from becoming a victim.

Sign up for the free "The Blinking Cursor News" to stay on top of the latest scams and shams on the Internet.

© Steve Freedman, Archer Strategic Alliances 2005 All Rights Reserved

http://helpprotectmycomputer.com

A few nights ago I received an email from "2CO" asking me to update my personal data. The sender did not forget to insert a link to log in, too.

Following are the steps that I have usually taken to discover whether an email came from a rightful person/company or a swindler:

Position the mouse pointer above the link provided by the sender(PLEASE DO NOT CLICK IT!). See on the status bar whether the URL that appears is genuine.

If you use Outlook Express, in the message list, select the suspected message. click "File", and then click "Properties". Click "Details" to see the email headers.

Notice the "Return-path" part, where you will see the sender’s original email address. Notice the domain name (e.g …@xyzdomain.com). Now you can guess with more confidence that it is a real or fake email.

If you have ever received an email from an autoresponder, you might have noticed that the "Return-path" part contained the domain name of the autoresponder (e.g. ….@abc.getresponse.com) although the email address looked like from another domain.

If you are still not sure, do the same with the original email which you had received previously (the one from the right person/company) for comparison. If the header of the original email on the "Return-path" part reads "Return-path: ", while on the suspected email the reading is "Return-path: ", you ought to be suspicious that the second is a fake email!

If you want, you can also notice other parts of the header such as "Received-from" and "Message-id". But, please do not be influenced by the "from" part. It is the part that is usually used to manipulate you.

Additionally, please conceive that an organitation which is always cautious about malicious abuses, such as 2CO, ClickBank, etc, will hardly send a link to you to click in the email. As I have experienced personally, if the company has something to inform me, they merely ask me to log-in to my account (There is no link to click).

Dispatching a faked up email can be done very easily by anyone who possesses a little knowledge about programming (php, etc).

I hope this tip will be useful for you.

Heris Yunora
http://www.soft-promotion.com