Wiz's Computer and Website Security Blog

Look out Holiday shoppers! Spammers are ramping up their efforts to get some of your hard earned dollars. There is a virtual flood of crap mail deluging email inboxes this week, mostly hawking things like fake Viagra, counterfeit watches, illegal to import prescription drugs and bogus male enlargement herbs and pills.

This past 7 days, spam for these types of garbage amounted to 60% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.

Here are some statistics regarding the spam received and categorized, from November 22, through 28, 2010. These classifications are based upon my own custom MailWasher spam filters.

Percentage classified as spam: 60%; up 6% from last week
Number of messages classified as spam: 479 
Number classified by my custom spam filters: 393
Number and percentage of spam according to my custom blacklist: 58
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 4
Number of spam messages seen, reported to SpamCop & manually deleted: 19

Counterfeit watches: 22.42%
Fake Viagra and Cialis: 21.98%
Illicit pharmaceuticals: 19.34%
Blacklisted sender names and domains: 12.75%
Male Enhancement scams: 8.57%
Known Spam Domains in links (pirated software): 4.40%

I made only one addition to my custom filters:
Eastern European Sender

I made these changes to my custom Blacklist:
*penis+@+
en1arge+@+
[email protected]
[email protected]

Take my advise and never reply to spam email, just delete it. Never buy anything that is spamvertised. If you do, you will give your credit or debit card details to hardened criminals. If you purchase illicit controlled drugs from abroad, they are subject to seizure by US Customs. It is against the law to import prescription drugs without a valid prescription issued by a physician who is validly licensed in the USA. Finally, there is no actual Canadian Pharmacy. If you see email purporting to come from Canadian Pharmacy, or any variation of those words, delete it. The non-existent company was conceived by Russian spammers. Any drugs actually shipped come from illicit pharmaceutical knockoff factories in Asia.

Posted by Wiz at 1:48 PM | Permalink

back to top ^

On Thursday night I wrote a blog article about the then upcoming Black Friday super sale at HostGator web hosting. That sale has come and gone, but, due to popular demand, HostGator is going to run their 50% off all hosting packages and lengths of contract, on Cyber Monday, November 29, 2010. Here are the basic details you need to know.

1: This is a straight 50% off sale, based solely on your first invoice as a new customer.

2: All HostGator hosting packages are included. This means whether you want the cheapest shared hosting or your own dedicated server, you will be invoiced 1/2 of list price.

3: Since the discount only comes off your first invoice, it is wise to buy into as long a term as you can afford. Renewals will be at the going rate, when they come due.

4: This deal does not apply to existing customers with current accounts on HostGator.

5: All you have to do to sign up for any hosting services online at the HostGator website and the 50% off coupon will be AUTOMATICALLY applied.

This is what a typical deal will cost you, based on the four most popular types and lengths of hosting (longer and shorter terms are available):

Shared Hosting: ONLY $2.48/month
Reseller Hosting: ONLY $12.48/month
VPS Hosting: ONLY $9.98 First Month
Dedicated Servers: ONLY $87 First Month

Note: You can get a free domain with your purchase of a hosting package, should you need one. Otherwise, you can transfer your existing domains for free. Here are just a few of the features included in the shared hosting accounts.

* Unlimited Disk Space
* Unlimited Bandwidth
* Free SiteBuilder (Try Demo)
* Easy Control Panel (Try Demo)
* 1-Click Script Installs
* 4,500 Free Website Templates
* 99.9% Uptime Guarantee
* 45 Day Money Back Guarantee
* 24/7/365 Technical Support
* $100 Google AdWords Credit

Get HostGator Web Hosting Now! This promotion will only run Monday November 29th, from 12:00AM to 11:59PM CST (-6 GMT).

If you miss out on this discount, HostGator still has shared hosting plans for as little as $4.95 per month.

Posted by Wiz at 1:09 PM | Permalink

back to top ^

If you own domain names and have hosting that is too expensive (especially come renewal time), or want to create your first website, but don't want to be locked into high monthly or annual prices, HostGator has the deal of a lifetime. For one day only, Friday, November 26, 2010, beginning at 12:00 AM Central Standard Time, HostGator is offering the following humongous discounts on all of their web hosting packages (regular $4.95/month for shared hosting, up to $174/month for a dedicated server).

• 50% OFF EVERYTHING From 12:00AM CST to 5AM CST
• 80% OFF EVERYTHING From 5AM to 9AM CST (While Spaces last)
• From 9AM to 11:59PM CST, or after all 80% off accounts have sold out, they will continue to offer 50% OFF ALL HOSTING PACKAGES

This applies to ALL Accounts and ALL Term Lengths. If you are one of the lucky people to get in on the 80% off discount, you will have the opportunity to receive up to 80% off of up to 3 years worth of Hosting! That would come out to $35.64 for 3 FULL YEARS!

The Black Friday discounts include Shared Hosting, Reseller Hosting, VPS Hosting AND even Dedicated Servers! Never before has HostGator allowed such a promotion on EVERYTHING including reseller, VPS and dedicated servers AND ALL Term Lengths.

Note; The discount will apply to your first invoice (first term length you sign up for whether that be 1 month or for 3 years). You may as well sign up for three full years at these prices.

Get HostGator Web Hosting Now! Comes with 24/7 Support via Phone, Live Chat, and Email and a 30 day money back guarantee. Lease terms range from 1 month, up to 3 years.

Remember; all of these discounts end at 11:59 PM, CST! Don't let this one slip past you. Act Now!

Posted by Wiz at 8:56 PM | Permalink

back to top ^

With the Black Friday Christmas 2010 season about to kick off, many people will be getting brand new Windows 7 computers, to replace their old XP and Vista computers. If you are getting a new computer to replace your old one, but want to keep your installed programs and settings, LapLink's PCMover is the easiest way to accomplish this task.

PCMover is a software program that you install on both the old and new computers. The computers must be connected by some means, either by a network connection, or LapLink crossover cable. Your files, settings and program installations will be transferred over that connection, from the old, to the new PC.

PCmover is the ONLY software that moves programs, files and settings from your old PC to your new PC - even restore from an image (or old hard drive) or perform an in-place upgrade.

The easy-to-use wizard will guide you in selecting which programs, files and settings you want on your PC. When complete, your new computer will have the personality and functionality of your old PC. And, PCmover is safe. it removes nothing from your old PC, and won't overwrite anything on your new PC, plus it includes an easy "Undo" feature.

I have written an entire web page describing PCMover, along with links to buy it (and a LapLink cable if needed). This is a licensed per use program, where you pay for each move you want to perform. Additional licenses are available at discounted prices, for people with multiple computers being replaced.

PCMover Home, selling for $39.95, moves all of your programs (no selections) at once, plus all of the files and settings of the logged in user performing the move. In contrast, PCmover Professionalâ„¢ automatically moves all the programs, licenses, files and settings that you select, along with all user profiles and settings, from your old PC to your new one and all of your applications will be installed automatically ready to use. It even moves use accounts joined to network Domains.

Black Friday through Cyber Monday Super Discount Announcement

If you read this article between November 25 and November 29, 2010, you can save a whopping 50% off the regular price of PCMover Professionalâ„¢. The normal price for the Professional version is $59.95, but it is on sale through my links for only $29.95. This makes the Professional version $10 cheaper than the more limited Home version! This sale price runs from 12:01 AM Nov 25, through 11:59 PM Nov 29, Pacific Time Zone. I hope you don't miss out on this deal!

Posted by Wiz at 12:18 AM | Permalink

back to top ^

There have been some very important security updates issued over the last 2 weeks, for commonly used and exploitable programs. Patching vulnerable software will help you protect your computers from hostile takeover, and/or having them drafted into spam botnets.

Here's the rundown of the latest updates that affect millions of computer users, the World over.

On November 9, 2010, Microsoft released critical patches for several of its newer MS Office applications. One patch plugged a security issue involving .dll path hijacking, which affects 20 top Microsoft programs, including Windows itself. Unfortunately, this vulnerability was not patched for Windows XP users running Office XP. Microsoft also released its monthly update to the Malicious Software Removal Tool. The MSRT runs during your Windows Updates process and automatically removes certain malicious software, such as botnets and other crimeware it has been updated to target.

Solution: Turn on Automatic Windows Updates. Set the time to check for updates to a time when the PC is usually on. Check manually by opening going to the Start Button, then up/over to the link for Windows Update, or Microsoft Update. Clicking that link opens Internet Explorer to the Windows Update page. Note; you must be logged in as an administrator to run manual Windows Update checks and installations.

Adobe comes through with a big update!

On November 16, 2010, Adobe released the promised security updates for its ubiquitous PDF Reader and Acrobat PDF encoder. The latest version is 9.4.1 and you can download it, and future updates, by opening Adobe Reader, or Acrobat, then go to Help, then click on "Check for Updates." If an update is available, take it! Vulnerabilities in Adobe Reader can lead to takeover of your computer, should you be tricked into opening a malicious PDF file (like those delivered in spam email as fake scanned documents, or fake courier delivery labels).

You can also download Adobe Reader updates directly from www.adobe.com. Click on the button for "Adobe Reader." This also installs an online PDF creation and sharing application called Adobe Air.

On November 12, 2010, Apple Released Mac OS X v10.6.5 and Security Update 2010-007, to address multiple vulnerabilities affecting a number of packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, conduct cross-site scripting attacks, cause a denial-of-service condition, or bypass security restrictions. Use your built in Mac software updater to get these critical patches.

On November 19, 2010, Apple Released updated Safari 5.0.3 and 4.1.3 web browsers, to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

The Windows Applications Insecure Dll Library Loading vulnerability that was disclosed several months ago now has at least 222 programs on the Secunia list. Microsoft has 20 programs listed, with only one patched (on Nov 9). They have supplied a workaround and Fix It Tool that renders exploit attacks targeting these dll paths ineffective. I advise you to install the workaround and test your programs to make sure none break as a result of securing your PC from this exploit path.

That covers the most important security updates of the last two weeks. Stay tuned for more news as updates roll in. Criminals are not resting in their efforts to take over your PCs and you need to keep your guard up and your installed software updated. Also, operating your PC with reduced user privileges can render over 90% of malware ineffective and uninstallable. I have written several articles about this, including these:

Running a PC with reduced user privileges stops 92% of malware

Limited User Privileges Protect You

Windows 2000, XP, Vista & 7 User Account Privileges Explained

Posted by Wiz at 1:22 AM | Permalink

back to top ^

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 10% this week, to 54% of all my incoming email. Most of the spam was for counterfeit Viagra, male enhancement herbal scams, illicit and dangerous pharmaceuticals, counterfeit Chinese "Rolex" watches and cuff-links, fake diplomas, Russian dating scams and pirated software hosted on a "bulletproof" Ukrainian spam server. There were a few phishing scams and a bunch of strange spams with nothing but a couple of random characters in the subject and body. These come from Latvia and neighboring countries, and use the ISO 8859-2 character code.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Nov 15 - 21, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Nov 15 - 21, 2010. Spam amounted to 54% of my incoming email this week. This represents -10% change from last week.

Here are some facts from my MailWasher Statistics for the past week. Of the 349 incoming email messages that were classified as spam, 299 were classified by my custom filters, 39 were deleted by my custom Blacklist, and 2 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 34 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

The latest updates to my custom MailWasher Pro filters:
Known Spam [From]

Blacklist updates this week:
[email protected]

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer. You can find my most effective published Blacklist on my MailWasher Pro Custom Filters page.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 2:02 PM | Permalink

back to top ^

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 10% this week, to 64% of all my incoming email. Most of the spam was typical junkmail for male enhancement scams, illicit pharmaceuticals, counterfeit Chinese watches and cufflinks, counterfeit Cialis and Viagra, fake diplomas, Russian dating scams, a new pump and dump stock scam, and a few fake DHL messages containing malware attachments.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Nov 8 - 14, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Nov 8 - 14, 2010. Spam amounted to 64% of my incoming email this week. This represents +10% change from last week.

Here are some facts from my MailWasher Statistics for the past week. Of the 403 incoming email messages that were classified as spam, 378 were classified by my custom filters, 9 were deleted by my custom Blacklist, and 3 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 22 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

The latest updates to my custom MailWasher Pro filters:

Known Spam [From]
New filter: Pump and Dump Scam

Blacklist updates this week:

enlargepen+@+
ci?lis+@+
ci?liz+@+

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer. You can find my most effective published Blacklist on my MailWasher Pro Custom Filters page.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 4:49 PM | Permalink

back to top ^

November 1-7, 2010 has been a busy week for security news and application updates. Several new zero day vulnerabilities have been reported and are being exploited in the wild. An entire country was taken offline by a targeted DDoS attack. Some major programs received updates to fix critical vulnerabilities.

Let's start with the DDoS attacks that took most of a country offline, on or about November 3, 2010.

In a politically motivated attack, the nation of Myanmar, formerly known as Burma, found itself cut off from the Internet by a massive denial of service attack on the country's Ministry of Post and Telecommunication (or PTT), which is the main conduit for Internet traffic in and out of the nation. Internet access was disrupted for both government agencies and private sector firms, with major disruptions to Myanmar's important tourism industry. The cyber attack crippled Myanmar's servers, just days ahead of the its first election in two decades. The attack on Myanmar could be the largest DDoS ever targeting a single country; it was far larger than the attacks on Estonia and Georgia in 2007.

According to Arbor Networks, the DDoS attack against Myanmar was attempting to push 10-15 gigabits of data through those connections, which can only support about 45 megabits per second! The attacks have actually been ongoing since October 25; getting worse as the Nov 7 election date approaches.

Next in line is a new, zero day vulnerability affecting most versions of Microsoft's Internet Explorer browser.

Microsoft Corp. has warned Internet Explorer users that attackers are exploiting a previously unknown security hole in the browser to install malicious software. The company is urging users who haven't already done so to upgrade to IE8, which includes technology that makes the vulnerability more difficult to exploit. Microsoft has released Microsoft Security Advisory 2458511 to alert users of the new vulnerability affecting all supported versions of Internet Explorer (versions 6 - 8). This vulnerability may allow an attacker to execute arbitrary code.

Microsoft has released a Fix it Toolto help mitigate the risks until a security update is available. It is unlikely that the update will be ready for inclusion in this month's Windows Updates, due for release on November 9, 2010. Apparently, Microsoft has deemed this vulnerability as less critical, due to flaws in the coding of the initial attacks. One can expect that hackers will fix those problems before Microsoft plugs the vulnerable code. Look out IE users! There's no better time to switch to Mozilla's Firefox or Google Chrome (I use Firefox exclusively).

Speaking of Firefox and Google Chrome, both browsers were updated for security reasons over the past week or so. Firefox was updated to version 3.6.12, on Oct 27, and Chrome was updated to version 7.0.517.44, on Nov 4. Use the built-in check for updates links to get the latest versions of these browsers.

Adobe Releases Security Bulletin for Flash Player, Shockwave, Reader, and Acrobat.

Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player 10.1.85.3 and earlier for Windows, Macintosh, Linux, and Solaris. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that there are reports of active exploitation affecting Adobe Reader and Acrobat. Updates for Adobe Reader and Acrobat will be available by November 15, 2010.

On November 5, 2010, Adobe has already released Flash Player 10.1.102.64 for Windows, Macintosh, Linux, and Solaris to address multiple vulnerabilities described in the aforementioned advisory. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass cross-domain policy file restrictions. The Adobe security bulletin indicates that updates for Android will be available by November 9, 2010.

On October 29, 2010, Adobe released a security update for Shockwave Player to address multiple vulnerabilities. The new version is 11.5.9.615.

Please visit http://www.adobe.com to obtain updates for their Flash and Shockwave players and for Adobe Reader and Acrobat.

Note, that for Flash and Shockwave, you will need to visit the appropriate Adobe installation page with Internet Explorer and your other browsers. This is because Microsoft uses an ActiveX version of Flash and Shockwave, while Firefox and others use a different, universal technology. Chrome, on the other hand, uses a proprietary version of Flash, made specifically for their browser. Oi!

Stay away from dangerous links leading to browse exploit pages, keep your anti-malware programs fully up to date, and always practice safe Hex.

Posted by Wiz at 3:40 PM | Permalink

back to top ^

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 1% this week, to 54% of all my incoming email. Most of the spam was typical junkmail for illicit pharmaceuticals, counterfeit Cialis and Viagra, counterfeit Chinese watches, male enhancement scams, fake diplomas, Russian dating scams 419 fraud and a few phishing scams.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Nov 1 - 7, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Nov 1 - 7, 2010. Spam amounted to 54% of my incoming email this week. This represents -1% change from last week.

Here are some facts from my MailWasher Statistics for the past week. Of the 366 incoming email messages that were classified as spam, 334 were classified by my custom filters, 22 were deleted by my custom Blacklist, and 2 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 19 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer. You can find my most effective published Blacklist on my MailWasher Pro Custom Filters page.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 2:51 PM | Permalink

back to top ^