Saturday, April 22, 2006

Email spoofing.

Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source.

Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).
Spoofed email can range from harmless pranks to social engineering ploys.

Examples of the latter include email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

Note that while service providers may occasionally request that you change your password, they usually will not specify what you should change it to. Also, most legitimate service providers would never ask you to send them any password information via email.

If you suspect that you may have received a spoofed email from someone with malicious intent, you should contact your service provider's support personnel immediately.

Solution:

Don't open unknown email attachments

Before opening any email attachments, be sure you know the source of the attachment. It is not enough that the mail originated from an address you recognize. The Melissa virus spread precisely because it originated from a familiar address. Malicious code might be distributed in amusing or enticing programs.

If you must open an attachment before you can verify the source, we suggest the following procedure:

* be sure your virus definitions are up-to-date
* scan the file using your antivirus software open the file

For additional protection, you can disconnect your computer's network connection before opening the file.
Following these steps will reduce, but not wholly eliminate, the chance that any malicious code contained in the attachment might spread from your computer to others.

Courtesy: http://cert.org

Wednesday, April 05, 2006

Warning! New Virus on the prowl.

News from Deccan Chronicle dt 5th April 2006

"Refined Virus to target servers.
The 'Bagel' worm, that was originally designed to tick receipients into opening malicious programmes attached to emails, has returned to infect Indian servers.

However, this time around, the worm has been modified by hackers and comes equipped with root kit technology, that gives the worm the ability to bury itself in hidden locations, download programmes and caputure information for days or weeks, without being discovered.

The improved worm has Bagel worm also has the ability to delete any security related files such as Firewalls and anti-virus software, when opened. "

Last week an e-securty firm from Finland reported that an ISO 9001:2000 company in New Delhi involved in prosthetics, was hacked and infected by Bagel worm. Warnings were issued to system admins around the world to block access to the infected Indian server.

Although, their servers appear to be disinfected, the company learnt of the breach only when this newspaper contacted the officials for a response.