December 30, 2007

New worm — be careful out there

Lee Hopkins wrote this 12:28 am:

If you're new here, you may want to subscribe to my RSS feed. You can even subscribe by email! Thanks for visiting!

According to eWeek’s Security Watch, there’s a very nasty bit of code embedded in a website at the moment, all geared up to lure the disarmed net traveller into a false sense of happy yuletide security.

Here’s just a sample of the subject lines in the email you might receive offering you

A fresh new year
A fresh new year…
As you embrace another new year
Blasting new year
Happy 2008 To You!
Happy 2008!
Happy New Year To (emailhere)
Happy New Year To You!
Happy New Year!
It’s the new Year
Joyous new year
Lots of greetings on new year
Message for new year
New Hope and New Beginnings…
New Year Ecard
New Year Postcard
New Year wishes for you
Opportunities for the new year
Wishes for the new year

According to Gary Warner, the main URLs he’s are seeing at this point are:
     uhavepostcard.com <== (majority use this one)
     happycards2008.com
There are more than 100 samples using these two URLs so far. The first was received December 24th at 12:10 PM.

Gary also noted that some of the anti-virus and anti-trojan software that failed to detect it were F-Prot, Kaspersky, McAfee, and Sophos. If you use any of these providers for your protection I assume that they have updated their data files and you should update yours accordingly (which is something you should do on a daily basis anyway — if you are in control of your computer then set your software to auto-update at midnight each night and leave your computer on, just turn your monitor off to save electricity and our planet).

Security Watch suggests you:

  • Install anti-virus software, and keep its virus signature files up-to-date.
  • Block executable and unknown file types at the e-mail gateway.
  • Refer to the Recognizing and Avoiding E-mail Scams document (.pdf) for more information on avoiding e-mail scams.
  • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

    • Very VERY good advice!

    Technorati Tags: , , , ,

    Stumble it!

    * Filed under: Uncategorized

     

    Leave a Reply

    Please note:
    1. If this is your first time commenting using the email address you have given, your comment will be held in 'moderation' and won't appear until one of us here at BetterComms Towers approves it. This stops spammers from flooding our posts with garbage. It may take up to 48 hours for your comment to appear -- sorry!
     
    2. This blog runs the WP-Cache plugin, which reduces the amount of processing our host's server has to perform on this blog. The result for you is that our site crashes less. The downside is that sometimes it might take a minute or two for your comment to appear. Please don't resubmit your comment if it doesn't appear straight away. Please be patient and try refreshing your browser after a minute or two... Thanks, Lee

    Trackback: trackback from your own site
    « « Virtual worlds are 2008’s ‘breakthrough technology’ | Thought of the Day » »