Have you ever bought a product or service from the internet?

Yes? Me too. You’re not alone…

Some of the reasons why most people are shopping online are: they can buy anything at anytime because Internet shopping is available 24 hours, all the time.

You can shop from the convenience of your home. You can avoid traffic and crowding at the malls.

Online shopping is one of the best ways to locate hard-to-find items not available in your local stores.

Whatever you buy can be delivered by mail to your house.

Most online stores and companies provide excellent values and discount prices because they do not have to pay the overhead of owning a physical business that will cost them insurance, employee pay, taxes and more.

VeriSign, Inc. says that online sales recorded during the prime holidays shopping season was about $2.2 billion dollars.

According to a study by Forrester Research Company, by 2010, online sales will reach $331 billion dollars.

More consumers are shopping online today than a year ago. The range of products they buy are many: software, hardware, electronics, digital products, music, toys, e-books, books, programs, DVD, flowers, pets, jewelry, clothes, air tickets, insurance, cars, prescription drugs, comic books, games, gifts and more.

They are flocking to buy from online bookstores, software stores, online computer stores, target stores, pet stores, liquor stores, drug stores, music stores, furniture stores, fabric stores, the Disney store, outlet stores, surplus stores, discount stores, thrift stores, gift stores, candy stores, lingerie stores, sports stores, video stores, sex stores, department stores, game stores, clothing stores and others.

Be a smart and savvy online shopper. Shop wisely and safely.

Here are a few tips to help you do your online shopping safely.

(1) Shop at the websites of companies that you know and are popular offline.

If you’re not sure of the company, request their catalog or brochure first.

Be sure they have a physical address and phone, as well as an e-mail address. Call them and speak to a human being first.

Check with the yellow pages and the Better Business Bureaus to be sure the company is legitimate.

Read all the fine print and the refund policy before you place an order.

You may read about product reviews and what other shoppers have to say about a company at: http://www.epinions.com, http://www.consumersearch.com, http://www.productopia.com, http://www.deja.com

Here are some internet shopping agents’ sites: http://www.comparenet.com, http://vo.infospace.com, http://bottomdollar.com

To read about reviews on shopping stores, regarding ease of use, pricing, selection and service go to: http://www.gomez.com, http://www.bizrate.com , http://www.ratingwonders.com

To read about web business frauds and get help to avoid being a victim, go to: http://www.fraud.org , http://www.bbbonline.org , http://www.webassured.com

(2) Keep a record of all your purchases.

Most people are by nature disorganized and unable to keep records. Learn to keep records of all your online purchases. This will help you keep track of your spending and shopping.

Print all receipts or save them on your computer in a folder named “receipts”.

This will help you locate orders that you placed but were never delivered.

The more organized you are the less negative online shopping experience you’ll have.

(3) Keep all your important personal information safe.

Don’t give them to strangers who may call you over the phone or request them by e-mail.

Personal information includes: your address, e-mail address, phone number, social security number, drivers license, age, information about your family.

Don’t give them to any stranger and, also, teach your children not to do so.

(4) Keep your passwords private.

When creating a password, avoid using phone numbers, birth dates or social security numbers.

Be creative. Use a password that is not easy for others to guess, and yet not easy for you to forget.

Change your passwords often. Use phrases to help you remember them.

Don’t disclose passwords to anyone.

(5) Use a credit (but never debit) card to make your payment.

Be sure to keep all credit card payment receipts. Check your credit card account statements to be able to spot any unauthorized charges.

When you buy certain goods and services from some companies, sometimes they will keep billing you thereafter. So scrutinize your statements. If you see a charge you’re not sure of, call the billing merchant and check it out.

Keep your credit cards secure.

Avoid making a payment using your credit card on a public computer.

Report any lost credit cards immediately and have them cancelled. Don’t give anyone that you don’t know your credit card number.

(6) Read the return policy before placing an order.

Be sure that you read and understand the return policy and warranty.

(7) Read and understand the company’s privacy statement (or policy).

A privacy statement tells you how and why a business is collecting your information, and how that information may be used. You may find the company’s privacy statement (or policy) at the very bottom of the home page or inside their "Terms & Conditions" or "Terms of Service" (TOS).

(8) Use a secure browser and server.

Be sure whatever browser you’re using complies with the industry’s security standards, such as secure sockets layer (SSL).

This security protocol scrambles or encrypts the personal information you send over the Internet to ensure your transaction is secured.

How do you know if the server is secure where you’re making a payment?

If a Web site is using secure technology, its Web address begins with https and a tiny locked padlock appears at the bottom right corner of the screen.

(9) Check out a few stores and compare prices before buying. Look for hidden costs such as shipping and handling.

(10) Use Yahoo Search Engine for all your searches.

Yahoo continues to be, not only the largest online company, but also, the best Search Engine.

Unlike the other popular Search engine, which keeps companies in a sandbox for many months and refuses to give them rankings for many months, Yahoo is pro business and gives immediate rankings to companies and business.

Their search result is also excellent. That may be one reason why 60% of people online (including me) love Yahoo.

Also, they have the most reliable and the best hosting service in the world.

For these reasons, I strongly recommend you use Yahoo to do all your searches.

Happy and safe online shopping.

Warmly,

I-key Benney

Visit Maychic’s website at: http://www.maychic.com

And also Maychic’s Amazon.com Store at: http://www.maychic.com/amazonstore

Download free "TMT Power Secrets" Book-1 at: http://www.tmtworldwide.org

During the release of a new software product specialized to track spam, ACME Software Inc notice that there was not as much traffic as they hoped to receive. During further investigation, they found that they could not view their own website. At that moment, the VP of sales received a call from the company’s broker stating that ACME Software Inc stock fell 4 point due to lack of confidence. Several states away, spammers didn’t like the idea of lower profit margins do to an easy to install spam blocking software so they thought they would fight back. Earlier that day, they took control of hundreds of compromised computers and used them as DoS zombies to attack ACME Software Inc’s Internet servers in a vicious act of cyber assault. During an emergency press conference the next morning, ACME Software Inc’s CIO announced his resignation as a result of a several million dollar corporate loss.

Scenarios like the one above happen a more then people think and are more costly then most will admit. Denial of Service (DoS) attacks are designed to deplete the resources of a target computer system in an attempt to take a node off line by crashing or overloading it. Distributed Denial of Service (DDoS) is a DoS attack that is engaged by many different locations. The most common DDoS attacks are instigated through viruses or zombie machines. There are many reasons that DoS attacks are executed, and most of them are out of malicious intent. DoS attacks are almost impossible to prevent if you are singled out as a target. It’s difficult to distinguish the difference between a legitimate packet and one used for a DoS attack.

The purpose of this article is to give the reader with basic network knowledge a better understanding of the challenges presented by Denial of Service attacks, how they work, and ways to protect systems and networks from them.

Instigation:

Spoofing - Falsifying an Internet address (know as spoofing) is the method an attacker uses to fake an IP address. This is used to reroute traffic to a target network node or used to deceive a server into identifying the attacker as a legitimate node. When most of us think of this approach of hacking, we think of someone in another city essentially becoming you. The way TCP/IP is designed, the only way a criminal hacker or cracker can take over your Internet identity in this fashion is to blind spoof. This means that the impostor knows exactly what responses to send to a port, but will not get the corresponding response since the traffic is routed to the original system. If the spoofing is designed around a DoS attack, the internal address becomes the victim. Spoofing is used in most of the well-known DoS attacks. Many attackers will start a DoS attack to drop a node from the network so they can take over the IP address of that device. IP Hijacking is the main method used when attacking a secured network or attempting other attacks like the Man in the Middle attack.

SYN Flood - Attackers send a series of SYN requests to a target (victim). The target sends a SYN ACK in response and waits for an ACK to come back to complete the session set up. Instead of responding with an ACK, the attacker responds with another SYN to open up a new connection. This causes the connection queues and memory buffer to fill up, thereby denying service to legitimate TCP users. At this time, the attacker can hijack the system’s IP address if that is the end goal. Spoofing the "source" IP address when sending a SYN flood will not only cover the offender’s tracks, but is also a method of attack in itself. SYN Floods are the most commonly used DoS in viruses and are easy to write. See http://www.infosecprofessionals.com/code/synflood.c.txt

Smurf Attack- Smurf and Fraggle attacks are the easiest to prevent. A perpetrator sends a large number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake source address. The "source" or spoofed address will be flooded with simultaneous replies (See CERT Advisory: CA-1998-01). This can be prevented by simply blocking broadcast traffic from remote network sources using access control lists.

Fraggle Attack - This types of attack is the same as a Smurf attack except using UDP instead if TCP. By sending an UDP echo (ping) traffic to IP broadcast addresses, the systems on the network will all respond to the spoofed address and affect the target system. This is a simple rewrite of the Smurf code. This can be prevented by simply blocking broadcast traffic from remote IP address.

Ping of Death - An attacker sends illegitimate ICMP (ping) packets larger than 65,536 bytes to a system with the intention of crashing it. These attacks have been outdated since the days of NT4 and Win95.

Teardrop - Otherwise known as an IP fragmentation attack, this DoS attack targets systems that are running Windows NT 4.0, Win95 , Linux up to 2.0.32. Like the Ping of Death, the Teardrop is no longer effective.

Application Attack - Thess are DoS attacks that involve exploiting an application vulnerability causing the target program to crash or restart the system.

Kazaa and Morpheus have a known flaw that will allow an attacker to consume all available bandwidth without being logged. See http://www.infosecprofessionals.com/code/kazaa.pl.txt

Microsoft’s IIS 5 SSL also has an easy way to exploit vulnerability. Most exploits like these are easy to find on the Internet and can be copied and pasted as working code. There are thousands of exploits that can be used to DoS a target system/application. See http://www.infosecprofessionals.com/code/IIS5SSL.c.txt

Viruses, Worms, and Antivirus - Yes, Antivirus. Too many cases where the antivirus configuration is wrong or the wrong edition is installed. This lack of foresight causes an unintentional DDoS attack on the network by taking up valuable CPU resources and bandwidth. Viruses and worms also cause DDoS attacks by the nature of how they spread. Some purposefully attack an individual target after a system has been infected. The Blaster worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135 is a great example of this. The Blaster targeted Microsoft’s windows update site by initiating a SYN FLOOD. Because of this, Microsoft decided to no longer resolve the DNS for ‘windowsupdate.com’.

DoS attacks are impossible to stop. However, there are things you can do to mitigate potential damages they may cause to your environment. The main thing to remember is that you always need to keep up-to-date on the newest threats.

Mitigation:

Antivirus software - Installing an antivirus software with the latest virus definitions will help prevent your system from becoming a DoS zombie. Now, more then ever, this is an important feature that you must have. With lawsuits so prevalent, not having the proper protection can leave you open for downstream liability.

Software updates - Keep your software up to date at all times. This includes antivirus, email clients, and network servers. You also need to keep all network Operating Systems installed with the latest security patches. Microsoft has done a great job with making these patches available for their Windows distributions. Linux has been said to be more secure, but the patches are far more scarce. RedHat is planning on incorporating the NSA’s SE Linux kernel into future releases. This will give Mandatory Access Control (MAC) capabilities to the Linux community.

Network protection - Using a combination of firewalls and Intrusion Detection Systems (IDS) can cut down on suspicious traffic and can make the difference between logged annoyance and your job. Firewalls should be set to deny all traffic that is not specifically designed to pass through. Integrating an IDS will warn you when strange traffic is present on your network. This will assist you in finding and stopping attacks.

Network device configuration - Configuring perimeter devices like routers can detect and in some cases prevent DoS attacks. Cisco routers can be configured to actively prevent SYN attacks starting in Cisco IOS 11.3 and higher using the TCP intercept command in global configuration mode.

Access-list number {deny | permit} tcp any destination destination-wildcard ip tcp intercept list access-list-number ip tcp intercept ? (will give you a good list of other options.)

Cisco routers can prevent Smurf and Fraggle attacks by blocking broadcast traffic. Since Cisco IOS 12.0, this is the default configuration. ACLs or access control lists should also be configured on all interfaces.

No ip directed-broadcast

The Cisco router can also be used to prevent IP spoofing. ip access-group list in interface access-list number deny icmp any any redirect access-list number deny ip 127.0.0.0 0.255.255.255 any access-list number deny ip 224.0.0.0 31.255.255.255 any access-list number deny ip host 0.0.0.0 any See Improving Security on Cisco Routers - www.cisco.com/warp/public/707/21.html

Old Cisco IOS versions are vulnerable to several DoS attacks. The "Black Angels" wrote a program called Cisco Global Exploiter. This is a great software to use when testing the security of your Cisco router version and configuration and can be found at http://www.blackangels.it/Projects/cge.htm

Security is not as mystical as people believe. DoS attacks come in many different types and can be devastating if you don’t take the proper precautions. Keep up to date and take steps to secure network nodes. Keeping security in mind can minimize damages, downtime, and save your career.

Security Resources:
Black Angels: http://www.blackangels.it/
Cisco: http://www.cisco.com
Microsoft: http://www.microsoft.com/technet/security/current.aspx
Forum of Incident Response and Security Teams: http://www.first.org/
SANS Institute: http://www.sans.org/resources/

Author: Jeremy Martin CISSP, ISSMP, ISSAP, CEI, CEH, CHS-III, CCNA, Network+, A+ http://www.infosecwriter.com

Member of:
BECCA - Business Espionage Controls & Countermeasures Association
ISACA® - Information Systems Audit and Control Association
(ISC)² - International Information Systems Security
Certification Consortium ISSA - Information Systems Security Association.
OISSG - Open Information Systems Security Group
YEN NTEA - Young Executives Network

Spelt phishing, but pronounced as above, this despicable act is an effort to batter your bankroll or commandeer your cash.

To put it simply, you can get emails from account administrators, which strongly urge you to update details attached to that account. The issue, though, is the pretence of such mail.

You may not even have such an account as referenced.

It doesn’t come from the account provider.

It can use false S.S.L. references, to present an illusion of trust and security.

It can prompt for immediate action on your part, alleging false log-in’s by persons unknown, and from countries unknown. If action is not taken, they can impress on you, that the account will be suspended or closed. Indeed, anything likely to work can be fabricated, to get you to the webpage suggested in the link or hyperlink. Note the word “suggested”. Likenesses to company logos are used to re-enforce “credibility”.

In fact, these phishing attempts actually look pretty good or realistic. So much so that any qualms of guilt or stupidity, experienced by a “conned party” are groundless.

Experience, specific education or forewarning, is all that prevents this type of charade from widening its base of “victims”.

The goal is to get you to type in your details, complete with credit card number and the rest can be guessed.

Some damage is also absorbed by the organisation or company being misrepresented and they can do little about it but warn their customers what to watch out for, and issue security instructions. Indeed, it is from accounts at reputable companies that most passing trade learn the correct or most secure procedures. It is therefore important to read any material that they offer.

Generally though, reputable companies with a mind to preserve their integrity will tell you to log-in at their main page and proceed from there. Not through a link specific to your account!

Hyperlinks can mask the true domain that you’ll be brought to, with the text linked to www.anydomaindotcom (example, only), a replica or fake page. Only going to secure pages where one believes that “https” will do it, will always help but wholly unreliable. The “s” is an indication of a secure page, but are you at the right domain?

Place your mouse over the link and the domain attached to such a link, should show itself. Viewing the source code is another way but some knowledge of it is necessary.

Another ploy, sometimes deliberate and sometimes “convenient”, is inserting a reference to the “legitimate company” anywhere after the domain name. Ex. https://www.anydomaindotcom/ebay/aagle/. Unwary victims may overlook the fact that “ebay” is not the domain, but see it anyway as a directory or file name. Anyone, anywhere can have a file or directory named like that of a company.

To make matters somewhat worse from an “easy to identify” viewpoint, the source code of the link can be represented as an I.P. address rather than its named counterpart. There are some tools that you can use at http://centralops.net/co/ which you can use to type in the I.P. address and cross reference it with the official account domain presented in the e-mail, or web page for that matter. Opening a second window for investigative purposes and re-sizing both to be side by side can be revealing, and comparisons be made between the alleged source and that of the source code.

www.ebay.com can be put in one window and www.suspiciouslyspurious.com can be put in the other. NOTE; you should be checking domains and ignoring everything that comes after the forward slash at the end of the domain. A similar test can be done for email viruses, where suspicious email addresses can be searched for some degree of authenticity.

If you are phished, try to learn as much as possible about it as phishing attempts and email viruses have some aspects in common. Incorrect spelling is one of them. You must understand that the authors can be from anywhere and not necessarily have degrees in English. Legitimate companies can also be from anywhere, with different primary languages, but do perfect their spellings and general grammar.

Attention to upper and lower case can be another giveaway. This is especially true where particular portions of the text are the design of the author, and not just copied and pasted. Typically, these portions are customised to be customer specific in a general sense, and fonts may even be different or out of place. Such “special” additions are to strengthen the sense of urgency and call to action.

Should you be the recipient of “phishy mail”, you can forward it to spam@uce.gov

Seamus Dolly and phising samples are at http://www.CountControl.com/phishy.html

Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Online services such as Internet banking save time and money. However, from the depths of its vast expanse have come the dregs of society intent on preying on the new, the naïve, and the less informed.

Phishing is one of the main scams in the present moment. People set up phoney websites and email addresses. Then they spam Email inboxes with official-looking messages explaining that your account with Company X has encountered a problem and that they need you to login and confirm some details. The email addresses are masked to appear official and the links provided in the email all seem to check out. If you click on the link provided then you will usually be taken to a site that looks for all intents and purposes to be official. When you click ’submit’ your details will be sent to a criminal somewhere who will do as they please with your information, such as withdrawing money from a bank account or purchasing things in your name.

The scam has been labelled ‘Phishing’ because the criminals engaging in the activity behave similarly to a fisherman throwing bait out in the hope that they’ll receive just one bite from the millions of people that receive the email.

So how do you avoid these online scams? First and foremost, it is important to realise that no legitimate organisation should be sending you a request to fill out your personal details because of some server error or for any other reason. Your bank will never send you an email with content along the lines of "We’ve lost your bank account number and password… please supply them again for our records". You should also know that no bank is going to require your social security number, bank account number, and PIN number just to log in to your account or retrieve your password. Other sites such as Ebay, PayPal, and the like will not email you asking for these details either.

If you’re a little unsure as to whether or not an email is official, scroll down a bit until you find the link that they are requesting you to click and simply hold your mouse pointer over the link text without clicking. Now take a look at the bottom left-hand corner of your browser window. The link text is often the address that the phisher wants you to think you will be heading to but the real address will be revealed in the bottom of the browser. This address will most likely not have anything whatsoever to do with the company that the email is attempting to imitate. It could be a dodgy web site or even just a page on someone’s personal computer. If the address doesn’t appear in the bottom left-hand corner then you can right-click on the link, select ‘properties’ from the pop-up menu and then read the address listed in the information box.

To avoid further scams make sure that you have updated firewall and anti-virus software active on your system at all times. This will make it harder for anyone to install key loggers, Trojans, spyware, or other similar devices intended to retrieve your information. Keep your operating system up to date with the latest security patches and updates and be careful where you enter your details. Always look into the reputability of the site that is requesting your details and keep an eye on the lower right-hand corner of your browser. If the page you are viewing has a little padlock symbol appear in the corner, then it means that your details are being secured by some encryption method. You can double click on the icon to get more details if you wish. Sites without the padlock icon don’t have encryption, which means that your details are a lot easier for malicious crooks to get a hold of.

Even if you’re sure the website is legitimate, it’s not a good idea to send your details over an unsecured connection. By the way, email does not count as a secure connection, and neither does any instant messaging program, (such as MSN, ICQ, Yahoo Messenger, AIM etc.) so don’t give out personal details that way either.

Another common scam very similar to phishing involves the emailing of promises of great wealth. Seriously, what do you think your chances are of winning the lottery, let alone one that you never even entered? Or of some obscure yet ridiculously rich person in Africa dying and you being legally allowed to pick up their money? Or of a foreign prince wishing to smuggle money out of his country using your account? These emails are all scams. I wish it were true that I won three different lotteries every single day, but if you get in contact with the people sending these messages they’re going to do their utmost to clean out your pockets. Unfortunate as it may sound, the ‘Please Donate to Charity’ emails sent are usually also scams.

If you really want to donate money to a charity, look them up and send it the usual way, don’t respond to a multi-recipient email that may or may not be real. You also shouldn’t donate to some random charity that no one has ever heard of before. Some of the Internet lowlifes have started up fake charities, ‘dedicated to helping Tsunami victims’ or similar and are simply pocketing the donations.

Everything in this world can be used for either good or evil purposes and the Internet is no exception. Staying alert and having just a little bit of Internet know-how can keep you out of harm’s way for the majority of the time, and allow you access to the wonderful online services available with relative safety.

Daniel Punch
http://www.m6.net

The words Corporate Security may conjure up images of a group of techies working in a wire-filled basement room of Microsoft or HP, combating hackers and terrorists online using words like algorithm and encryption. If you own your own business, do not allow yourself to think that security is only for big corporations. Every company, big or small, technological or traditional, has two major security concerns: protecting information, and protecting hardware.

Corporate Security: Information

Information is the commodity that makes companies unique. That information could be a process your company does better than others; or it could be how to make the unique product you sell; or it could be a collection of information that you have that others want access to. In any case, protecting the information that makes your company viable could mean financial life or death for your venture. There are three simple corporate security solutions you can implement to decrease the likelihood that your information will be leaked or lost.

Make back ups often. If you are like 90% of computer users out there who use Windows, pressing [ctrl] + S is a habit well worth forming. Besides information, time is one of your most valuable resources, so you can’t afford to lose hours of work every time the system crashes. Save your work as often as you stop typing. Making additional copies of master files in other places beside your hard drive will mean you won’t lose everything if your hard drive becomes corrupted. Keep these discs in a safe place where you can easily access them if you need to.

Keep secret passwords secret. This may seem like a no-brainer, but too often we think of passwords as annoyances slowing us down. Systems are password-protected to ensure that only those persons who should be allowed access are granted access. If you are working out of a home office and have little face-to-face interaction with clients or customers, you may be tempted to leave your system unlocked or pin a list of your user names and passwords near the computer. Remember that children are both curious and smart, and in only a few clicks of the mouse they can accidentally erase important files. Do yourself the favor of memorizing your passwords and changing them on occasion.

Maintain an up-to-date computer system. Computers that run slower also have the terrible tendency of getting overloaded and shutting down. The internet is one of the biggest culprits of bogging down your processing speed, but running several programs at the same time will also do it. Keeping your processor and memory up-to-date will help ensure that you are able to perform all the tasks that are required of you without having to spend a lot of time waiting for your computer to catch up.

Corporate Security: Hardware

Chances are good that IBM’s annual technology budget is quite a bit larger than your home business’s budget. Between putting food on the table and covering the operating costs of your business, purchasing new equipment might seem like a luxury you’ll never have. Protecting your computer system from viruses, spy ware, and malicious software is one of the most cost-effective ways to ensure your computer will last as long as you need it to.

Know what is on your computer. Viruses can come through email, discs, or the internet, and are typically well-hidden on your hard drive. Perform systematic checks of the temporary internet files, cookies folder, and the rest of your hard drive to ensure that you have not accidentally picked up a virus. Software can be purchased that filters spam and helps you manage the internet files and cookies that are downloaded automatically on your computer. A proactive approach in combating viruses and spy ware is usually the most effective way to make sure your hardware stays protected.

Though corporate security solutions may seem like a luxury your home business can not afford, protecting information and hardware are priorities that all companies should have. Following these simple, inexpensive solutions to common security concerns your company may have will go a long way in helping you succeed.

Nick Smith is a client account specialist with 10x Marketing – More Visitors. More Buyers. More Revenue. For more information about cost-effective corporate security solutions, visit ContentWatch.com.

If you have used a Windows machine for a while, whether it’s Windows XP, Windows 2000, or Windows 98, you’re sure to have noticed desktop icons appearing from out of nowhere. How can icons mysteriously emerge on your Windows desktop?

1. When you buy a computer, many vendors place icons to selected products and services on your desktop, such as links to high-speed Internet Service Providers (ISPs) or add-on services vendors think you may need.

2. As you install software on your Windows machine, icons may appear, either to start the application or link to the manufacturer’s website. Installing just one program could add three or more icons to your desktop!

3. It’s easy to accidentally drag a Favorite, bookmark, text file, or other icon to your desktop, creating an icon.

Normally, it’s easy to delete Windows desktop icons. Just place your mouse pointer on the offending icon, then right-click it and choose "Delete", clicking "Yes" to confirm if prompted.

However, what if the rogue icons are for adult websites, unfamiliar search engines, or other websites you don’t recall visiting? You may try removing these icons but get an error, or after removal they still reappear again and again and again!

If so, then more than likely spyware, adware, or other malware has infected your machine. It may have been through file trading software, an inadvertent "yes" click when a popup window asked you to install software, ‘freeware’ that included adware, or other means. To remove the rogue icons, you need to remove the malware creating these icons.

Removing spyware and adware can be a time-consuming process, fraught with potential disaster as it is possible to accidentally remove files that render your operating system unusable. However, the following software products can help with this process as long as you read the instructions carefully, make backups, and get expert advice if you’re not completely sure about removing what they ask you to do:

* Ad-Aware: http://www.lavasoft.com/

* Microsoft Windows AntiSpyware: http://www.microsoft.com/athome/security/spyware/software/

* Pest Patrol: http://www.pestpatrol.com/

* Spybot Search and Destroy: http://safer-networking.org/

* Spy Sweeper: http://www.webroot.com/

So, how can you prevent these icons from appearing in the first place? Practice safe computing.

* Backup your machine. If it does get infected to the point of being unusable, at least you won’t lose all your important files.

* Install security-related operating system updates so spyware and adware cannot enter your system through well-known exploits.

* Download or buy a virus scanner, and keep it updated! Virus scanners cannot detect all spyware, but it doesn’t hurt to have one. Check online or visit your local computer software store.

* Purchase a hardware or software firewall, and keep it updated! Firewalls help protect your computer from common exploits that spyware or adware can use to infect your machine.

* Consider using a different web browser. Though it is not perfect, Mozilla Firefox is currently less susceptible to spyware than Internet Explorer, mainly because it lacks certain technology (such as ActiveX) that is often exploited by malware writers. Note that depending on your web use, certain websites may not work correctly with other web browsers.

By practicing safe computing and using spyware-removal software, you can help remove rogue desktop icons from your desktop and keep others from appearing.

Andrew Malek is the owner of the MalekTips computer and technology help site. Visit his anti-spyware page for more advice on removing adware, spyware, and other malware.

One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL’s network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker’s part.

The above is a true story and it is an excellent example of one of the biggest threats to an organisation’s security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.

Examples of techniques employed by hackers include:

Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.

By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.

Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.

About The Author

Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.

www.a2solutions.co.uk, raylward@a2solutions.co.uk

For many, the daily walk to the mailbox evokes mixed feelings: The glee that your favorite monthly magazine – or a friend’s hand-written letter (quite a surprise in the e-mail age) may be waiting is countered by anxiety of how many bills the postman left you.

Now, imagine coming across your phone bill, thicker and heavier than normal. When you open it, instead of “statement stuffers” from the phone company’s marketing department, the bill is dozens of pages long ending in a one-month total of almost $5,400.

A quick glance at the details reveals hundreds of calls to the same 1-900 number. “A mistake,” you insist. After all, you’re the only person in the house and you have never called a 900 number before. Actually, this is no mistake. In this true story, the homeowner had fallen victim to one of the oldest computer scams around: the "Auto-Dialer" virus.

How Did This Computer Security Nightmare Begin
———————————————————–
What is an “auto-dialer”? Some time ago, the phone companies came up with a feature that allowed merchants to reach a broader range of customers by allowing consumers to make payments via your phone bill. If you did not have a credit card, you just dialed a 900 number, connected by voice or modem (for Internet sites). Every minute you used the service, you were charged a fee ranging from $1 to $5 or more per minute. At month’s end, the charge appeared on the phone bill. Many services were legit: Consumers called weather, horoscope and gambling services offering this feature. But many merchants sold expensive phone or online adult content.

How Did An Auto-Dialer Get Installed
———————————————————–
But how did $5,400 in charges end up on the person’s phone bill? Although many of these services require the user to physically dial the number or connect to the online site by instructing the modem to dial the number, this can happen without the user’s knowledge. In the above case, the person’s computer was infected with an auto-dialer virus. Somewhere during his Web travels, he connected to a site that popped up a rather confusing message instructing him to "Hit OK" to make the message go away. What this person didn’t know was he was agreeing to download,install, and execute an adult content auto-dialer.

Behind the scene, the auto-dialer installed itself, checked for the presence of a modem and dial tone, and then proceeded to dial an overseas 900 number over and over again. Even though the person surfed using an always-on broadband Internet connection, the modem remained so he could send and receive faxes. One problem: When he wasn’t using the modem, it remained plugged into the phone jack. Why should he have unplugged it? It’s not like it could hurt anything, right? Wrong.

How To Protect Yourself
———————————————————–
Unfortunately, there is no single solution to avoid these types of malicious acts. A short list of protective measures would include:

1) If you no longer need a modem in your computer, remove it. Or at least disconnect the phone line from the modem;

2) Install anti-virus software such as Trend Micro or Symantec’s Norton Anti-Virus. Many are designed to prevent this kind of malicious software, or “Malware.” More importantly, make sure your subscription for new virus patterns is current and configured to automatically download and install updates;

3) Install and regularly run Adware protection solutions such as LavaSoft’s Ad-Aware or SpyBot Search & Destroy;

4) And do not, under any circumstances, blindly hit “OK” to pop-ups or similar annoyances without first making sure what you are agreeing to.

This tale is not fiction; in fact, it happens frequently, to businesses and consumers, kids and adults. But even the least savvy among us can thwart such an attack. A neighborhood teenager recently avoided potentially thousands in fees when an auto-dialer was downloaded and installed. How? She had unplugged the modem.

About The Author
—————-
Darren Miller is an Industry leading computer and internet security consultant. At the website - http://www.defendingthenet.com you will find information about computer security specifically design to assist home, home business and small business computer users. Sign up for defending the nets newsletter and stay informed and empowered to stay safe on the Internet. You can reach Darren at mailto:darren.miller@paralogic.net or at mailto:defendthenet@paralogic.net
URL
—
http://www.defendingthenet.com/NewsLetters/Auto-Dialer-Newsletter.htm

If you use emails actively in your communication, you must have received various messages claiming to be from Ebay, Paypal and a number of banks. A recent email as if from U.S. Bank Corporation that I received contains the subject "U.S. Bank Fraud Verification Process" and in the body of the mail it says "We recently reviewed your account, and suspect that your U.S. Bank Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the U.S. Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised:". It continues with a link to a webpage, which looks very similar to original web page of the bank.

The misleading web site appears authentic with familiar graphics and logos. The wordings are professional right down to the legal disclaimer at the bottom of the page.

If you happened to be holding an account of the claimed bank, followed the instructions of the email and input your account, pin, password, etc. you are doomed. You just have handed over access to your account to a con artist, who, in a matter of days, will drain off all the money available in that account.

This new scam, which is proliferating in a very rapid pace, is called "Phishing". Phishing is a form of identity theft, where a con artist with the help of official looking email containing link to phony web pages capable of harvesting information, tricks an unsuspecting victim into divulging sensitive personal data. Scammers use these data to bilk victims out of their savings.

One of the most common phishing campaigns being waged has targeted users of Web auction giant eBay and its PayPal division with financial services giant Citibank serving as another popular target. However, recently, every major bank has been hit with this scam. Crooks send out huge amounts of emails with an expectation that some of these email address owners may have online access to their accounts at the bank.

The term "Phishing" is a deviation of the word "Fishing". In hackers’ lexicon, in many words, "F" becomes "Ph". The term derives from the fact that scammers use sophisticated bait as they "fish" for users’ personal information.

According to Gartner, a research firm, illegal access to checking accounts gained via phishing has become into the fastest growing type of consumer theft in the United States. Roughly 1.98 million people reported that their checking account was breached in one way or another during the last year and US$ 2.4 billion were defrauded from the victims!

Gartner also estimated that 57 million U.S. Internet users have received phishing emails and 3 percent of them may have fooled into revealing their personal sensitive information.

The Anti-Phishing Working Group has also spotted a dramatic increase in reports of phishing attacks in recent months. Since November, 2003 phishing scams increase by about 110 percent each month. In April alone, the group identified 1125 unique phishing scams, a sharp lift of 178 percent from the previous month.

MessageLabs, a company that watches phishing scams closely, has noted an even more dramatic increase in number of phishing emails. It claims to see phishing messages jump from just 279 in September, 2003 to a staggering 215,643 in March of 2004.

The scammers also started to use more sophisticated technologies in recent months. The latest generation of phishing scammers uses several methods to trick users, including pop-up graphics to mast the true web URL of the phishing site and the installation of Spywares and Trojans on victim’s computer. The perpetrators also take advantage of security bugs in web browsers, in which the URL in the address bar appears to be for one site but is, in fact, a link to a totally different site.

A new Windows worm under the name "Korgo" is able to infiltrate into victim’s system with a key logging Trojan, steal information that the victim input in web forms and secretly transmit to designated server. There are a number of variants of this worm and they are spreading rapidly. However, Microsoft in April came up with a patch to seal this glitch. Many computers without the patch are still vulnerable to this potentially dangerous worm.

A U.S. Treasury report provides consumers with steps to prevent and report phishing scams:

Other cautionary measures you should take in order to protect yourself are:

About The Author

Nowshade Kabir is the founder, primary developer and present CEO of mailto:nowshade@rusbiz.com, http://ezine.rusbiz.com , http://www.rusbiz.com , http://ezine.rusbiz.com/newsletters/newsletter31.htm

Well, if that would have been said to me by my father when I was 2 years of age, I would have understood. But when today, my own computer tells me that when I am 34, I wonder why I spent $1500 on my computer hardware and software just to enjoy the (un-realized) benefits of this great and revolutionary information technology?

Today’s cyberspace is hazardous. None of today’s PC users can claim that they never had a computer virus issue or a PC security breach. Now, if you count today’s number of PC users worldwide, they will soon be 1 billion by 2010 according to analysts. When I see all the computer viruses, infections, trojans, and what not around me, and compare it with the 1 billion innocent computer users around the world, I simply feel sorry not only for those billion users but for myself too. But again, as a common user myself, I must admit it was not all doomsday for the whole industry since 1987 when I started to use computers. So, as a responsible member of this great IT revolution, I must share some of the best tips and tricks that I learned to use to make the minimum room for productivity on my computer.

Please note this is a tutorial for someone who has basic know-how of computer usage. For those who are newbies, I would recommend asking a local expert’s help before trying anything out mentioned in this tutorial. In that case, make room for payment from deep pocket. For your own convenience, print this tutorial for step-by-step instructions.

Whenever my computer is infected, I act on any of the following options;

1. FORMAT HARD DISK: I back up all of my data on a CD-Writer if it is still accessible. And then format the whole hard disk drive and re-install each and every application.

2. USE SOFTWARE: I exhaust all anti-virus and other software options. This is usually my first priority as compared to formatting the whole computer hard disk drives.

Now, let me explain both options in detail;

PRE-REQUISITES: Make sure you have a CD-Drive (Writer), empty writable CDs, Windows OS CD (bootable) that contains files such as Format.exe, Scandisk.exe, FDisk.exe, and Attrib.exe files. Microsoft Office CD, Anti-Virus CD, GoldenHawk CD Writing Software in DOS (copy2cd.exe and cdtools.exe), Serial Numbers of your License, Driver CDs of Motherboard, VGA, Network, Sound and Modem devices. Optionally, download (using www.download.com or www.tucows.com) these software from any Internet Café when your own computer is inaccessible and save it on a CD so that you can use it anytime for security purposes;

Golden Hawk DOS based CD Writing Software

HTech Fireman Windows based CD Writing Software

Driver Genius Pro

Partition Magic

AVG AntiVirus

SpywareBlaster & SpywareGuard

Spybot Search & Destroy

Ad-Aware

IE-SpyAd

ZoneAlarm

HiJackThis & CWShredder

I have intentionally avoided mention of many commercially good and more friendly software’s mention here as I wanted everything to do FREE without any additional costs apart from the usual OS licenses. For your own convenience, you can research Google or Yahoo search engines find further information about such commercial software and their availability / pricing.

1. FORMAT HARD DISK

I know it is painful and surgical type of solution, but sometimes, it is the ONLY solution left after exhausting all of our efforts to revive our computer machine after a virus attack. Follow this procedure;

Booting Up: Try booting your computer normally first and see if you can login easily. If you can’t or your computer hangs up, try holding F8 key when starting Windows and you will get the Safe Mode. Even if you don’t get the Safe Mode, don’t worry.

Power up your computer and press DEL key or F2 key to login your CMOS. In CMOS, go to Boot Preferences and make CD Drive as boot drive as your first boot drive and change the hard disk drive as the second boot drive. If you don’t see your CD Drive in the boot-up options, your CD Drive is not properly installed. Check the connectors or ask your CD Drive provider for instructions to install the CD Drive. Now, when your CD Drive is ready, insert your Windows OS CD in the CD Drive and restart your computer machine. When prompted, select the option “Boot from CD with CD Option”. When you get the prompt, Notice the CD Drive letter that was allocated to your CD Drive when it installed the CD Driver. It is usually D: drive or the last drive letter depending on the number of your partitions. Note it down as it is the actual drive letter where you will have to type a DOS command like d:

You should now be able to run all software utilities such as Format, Scandisk, FDisk or Windows Installation Setup.exe files. Right now, simply make sure they exist by typing a DOS command dir at the CD drive letter. If you don’t find it with this simple directory command, use dir/s filename to search the file. For example, to search fdisk.exe file, type dir/s fdisk.exe.

BACKING UP YOUR DATA: Before formatting your hard disk drive, please make sure you have proper back up of your critical data files such as Microsoft Word, Excel, Powerpoint, etc files on a CD or any other media for backup that you have access to. In this tutorial, we assume you have a CD-Writer installed for taking backups on Writeable CDs. Their capacity is usually 700MB or less. Here, you should seriously consider using Zipping software like WinZip or WinRAR.

VIA WINDOWS: If you can luckily login to your Windows OS, you should run the CD-Writer software such as HTech Fireman to back up all of your data on an empty CD. If you don’t know how to do it, read their user manual for detailed instruction set. If you can’t access your Windows OS, read on.

VIA DOS: Some of the files that you wish to make back-up, may be hidden. To un-hide them, use attrib *.* +r +s +h.

Now, use the software from Golden Hawk file named as copy2cd.exe to backup your data files or directories on a writeable CD. Before using this command, make sure you are in an appropriate path on the computer such as E:/ where the actual file copy2cd.exe file resides;

Copy2cd c:data*.* f:

Here we assumed that f: is a CD Writer drive. Now, repeat the same for all of your files to back up. When finished, run cdtools.exe command i.e. cdtools f: to finish by selecting option “Disc Finalization”.

If you can’t back up your data using the above-mentioned procedure, either ask an outside expert’s help personally or via internet. If all fails, forget your data forever and carry on installing a new OS as mentioned in this tutorial.

Backing up Your Drivers: An interesting tool to mentioned here is a software that automatically backs up all of your drivers of CD, modem, sound card, vga, usb, printer or just about anything that is currently installed on your system. But this software works only in an operational windows OS, and not in DOS. It is a good and time-saving practice to keep a backup of all of your drivers on a CD by using such a software. Its name is Driver Genius Pro and it is commercial software, not a freeware.

USING FDISK: You may skip this option and go straight to Formatting Hard Disk option, if you wish to use other useful partitions that may contain your data. Before going ahead with this option, Make sure there is no useful data left on your computer to be backed up. This option will delete all of the computer partitions and create new ones.

i) Boot up your computer using Windows OS CD.

ii) Run this command fdisk

iii) Press option 3 to delete all current partitions.

iv) To create a new partition, select option 1 and select Y to answer the maximum size question by the program.

v) Next, select option 2

vi) Press Esc key to quit and restart your computer to

See the URL http://www.compguystechweb.com/troubleshooting/fdisk/fdisk_scr.html for detailed instructions alongwith screenshots. Now, that you have created the primary partition, you can continue to format the newly created partition. There is a very user-friendly but commercial software called Partition Magic by PowerQuest to manage your partitions easily after installation of Windows.

FORMATTING HARD DISK: Now that you have created new partitions, It is time to format them so that you can start installing Windows. This is how you make your C: drive usable by your Windows OS for installation. Boot up your computer with Windows CD and type format c: command at the prompt. When prompted for maximum size, press, YES. After complete processing you will be presented with the successful report about the formatting of the C: drive. Select your new drive name and press ENTER to finish.

INSTALLING WINDOWS: Microsoft has made it very easy for a newbie to install a completely new OS on a newly formatted partition. It is all wizard based and you simply have to click NEXT each time whenever asked a question. Boot up your computer from the Windows CD and select Start with CD Option. When on DOS prompt, change to the CD Drive that it just created which is usually d: if you have only one partition C. Now type command setup.exe to start the windows installation process.

During installation, make sure you properly name your PC as per your preferences and select your regions and Time zone. When finished, the computer will re-boot and during next re-boot it may ask some drivers of your Sound Card, VGA, Network, or other devices attached. Provide the requisite driver CDs and locate the paths of the appropriate drivers. If you are not sure, leave it like that and press NEXT to ignore. When your windows installation is complete, you can install Microsoft Office, setup internet connection and start using it as normally as you would. Please make sure you install all the security software such as anti-virus, anti-spyware, adware, and other software as mentioned in the next section.

2. USE SOFTWARE

Installing Anti-Virus: Download free AVG Antivirus software and install it. Make sure you get its free key from their website by registering. This software is not auto-updated for critical viruses and for an auto-update version, you will have to pay. If you wish to pay, we would recommend world’s most popular brands Symantec, McAfee and Trend Micros instead. No matter what Anti-Virus software you install, make sure you enable its Auto-Protect feature for automatic protection of your computer’s resources and in-coming or out-going emails from any virus attack. Some software even allow you to setup silent detection and destruction without any disturbance to your work. Further, they are auto-updated via internet at the regular interval that you setup. Hence, you can rest assured that whenever a security threat is spread all over the world, your software will automatically download the requisite updated version and install its defense on your computer.

BROWSER SECURITY: To setup your browser (Internet Explorer on Windows) for maximum security against the usual threats, follow this procedure;

i) Start up your browser

ii) Go to IE > Tools > Windows Update > Product Updates, and selected Security Updates to be automatically updated. Microsoft releases patches and security patches from time to time to make sure your system’s security is up-to-date.

iii) Now, go to Internet Options/Security/Internet, press ‘default level’, then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to ‘prompt’, and ‘Initialize and Script ActiveX controls not marked as safe" to ‘disable’. Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

If you use another browser such as Firefox or Netscape, see their documentation on how to securely set it up against any such internet threats.

Installing Anti-Spyware: Spyware, adware, browser hijackers, and dialers are some of the fastest-growing threats on the Internet today. By simply browsing to a web page, your computer may become a victim. You can install SpywareBlaster and SpywareGuard to effectively guard your computer from such internet threats.

It includes Fast Real-Time Scanning engine for known spyware and heuristic/generic detection capabilities to catch new / mutated spyware and Download Protection along with Browser Hijacking Protection in real-time.

Simply download the software (free) from their website and install it on your system. Make sure you download its latest update too or enable its Auto-Update feature to be updated automatically in the background. Now, when you are ready, run the software to check the spyware on your computer. When spyware are found, it reports accordingly. Press "select all", then press option "kill all checked". Although it won’t protect you from 100% spyware, But it is a very important extra layer of protection.

Next, install another software that is called Spybot Search & Destroy. It works exactly like SpywareBlaster, but it never hurts to have a double layer of spyware detection alongwith Spybot R&D.

Installing Anti-Adware: Adware is a common term used to describe potentially dangerous websites and scripts that do data-mining, aggressive advertising, Parasites, Scumware, selected traditional Trojans, Dialers, Malware, Browser hijackers, and tracking components. There is a very good software called Ad-Aware available to scan and remove such nuisances from your system.

To start using it, simply visit Lavasoft USA website and download its free non-commercial version of Ad-Aware Personal Edition. Run its setup program and install it. When prompted, ask it to scan your computer. If there are any adware found, it is detected and removed automatically by Ad-Aware. Run this software on a weekly or daily basis, if possible to keep your system clean.

In addition to the Ad-Aware, Internet Explorer comes with a very handy tool that allows you to block specific sites that may carry well-known advertisers, marketers, crapware pushers to the Restricted sites Zone. If you had to input 50000+ of such sites manually yourself, it would takes years. Luckily, there is a software that does it all automatically and it is called IE-SPYAD. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC. It is not an ad blocker. It will stop top unwanted crapware from being installed behind your back via "drive-by-downloads"; prevent the hijacking of your home page.

This Restricted sites list is based in part on info from: discussions in the SpywareInfo Forums and other forums that specialize in crapware removal major crapware reference sites: doxdesk, cexx.org, Kephyr.com, PestPatrol and SpywareGuide.

To start using it, simply download it from their website and run its install.bat file. Make sure you run its update as well soon after its installation.

INSTALLING FIREWALL: A firewall software acts as a defense shield against hackers, intruders, and blocks access attempts to your computer. ZoneAlarm is a professional firewall software that works in a stealth mode automatically and makes your computer invisible to anyone on the Internet.

Download it from ZoneLabs website and run its setup for installation. I recommend you use its Express Settings which automatically configures your most commonly used software like browser, chat messengers, ftp software to access internet, while blocks every other internet traffic in real-time. If any software or service tries to upload or download any data, it pops up an alert whereby you can allow or disallow such internet traffic.

Computer Slow Down: It is very common to see many complaining about their computer slow-down. The fastest and easiest cure is using Windows’ built-in Defragmenter utitlity that you can find in Startà Programs à Accessories à System Utitlities à Disk Defragmantor and run thorough defragmantation. It will take a while before it ends.

If your system’s performance does not improve after running defragmantation utility, consider scanning your computer via a software utility called HiJackThis which you can download and install on your system. Use this tool carefully as it is intended for advanced users only. HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a simple list of all startup items, default start page, online updates and more.

CWShredder is a utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). This tool will find and destroy all traces of the CoolWebSearch (CWS) hijacker on your system including redirections, IE slowdowns, start page changes, un-authorized addition of sites in IE Trusted Zone, and blocking access to IE options or setup.

Download CWShredder from their official website only as there is a similar named virus/trojan on the loose at various websites which you may accidently download and install, hence become more infected than being cured instead. When it is installed successfully, run the software to scan your local machine. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running CWShredder. Reboot after doing this.

I know there is still a lot left, but as I wanted to keep this tutorial as brief as possible, hence I covered only the critical elements here. I am sure you will have fewer breakdowns (if not ZERO0 and more productive hours on your computer. I would recommend you to setup all the software’s auto update and auto-check options to free your time for more productive things than just playing hide and seek with spywares, adwares or viruses. Happy and safe computing!

This article is submitted by Kashif Raza http://www.networkingtutorials.net