- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

October Security Bulletin

Posted By On October 6, 2006 @ 11:18 AM In Security Help | No Comments

October Security Bulletin

Hey, it’s October and I have a ton of security issues to go over with you folks this week. First of all, Kaspersky’s Online Scanner for September 2006 has uncovered the truth behind social engineering and the spread of malware. Of course, I also have a few vulnerabilities and attacks to talk about, so let’s get the show on the road and take a look at October’s security landscape.

Kaspersky Online Scanner for September

August was the month of the MicroWorld Technologies [1], there is a worm going around using security warnings as bait and people are opening them up like crazy. This is just like the social engineering e-mail I was discussing earlier in this article. The attackers are using an enticing subject in order to trick the recipient into opening the infected e-mail. The “bait” is working well, because this mass mailing worm has been putting up some impressive numbers.

The virus has its own SMTP server, which means it can send out e-mail on its own and it needs this, because one of the first things it’s going to do in your system is harvest all the e-mail addresses it can from you and mail a copy of itself out to them. The second thing it’s going to do is log onto some malicious sites and try to bring more applications into your machine. Here’s an example of some of the message bodies you might find in an infected e-mail:

  • Mail Transaction failed. Partial message is available.
  • The message contains Unicode characters and has sent as a binary file. The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment

These messages can be tempting, but that again, is social engineering. Hackers want you to open their e-mails and they don’t want you to just ignore them. Unfortunately, they are pretty good at it. Almost everything I talked about today revolves around social engineering and there is no software to protect you against that. You just have to have good sense. Stay away from all the e-mails out there that you are not 100 percent sure of or can verify. There is just too much going on and there are too many unpatched vulnerabilities in Windows to take any chances.

Until next week, stay safe out there.

~ Chad Stelnicki


Article printed from Worldstart's Tech Tips And Computer Help: http://www.worldstart.com

URL to article: http://www.worldstart.com/october-security-bulletin/

URLs in this post:

[1] MicroWorld Technologies: http://www.mwti.net/