I want to wish all of my friends and readers a happy, safe and prosperous New Year and hope for all the best for all of us in 2011. Whatever you do, do it well. People appreciate those who try hard. I believe good efforts will be rewarded, so do good deeds and keep a positive outlook for the future.
I have security stuff that I'll be writing about on Sunday, but for now, it's time to relax, reflect and refill!
Happy New Year Y'all! I'll be back in 2011!
With Christmas just over, spammers took what they could from the pockets of gullible Netizens. They used a variety of come-ons, including appeals to male vanity and a few Trojans to deceive and rob people of their hard earned money.
This week, spammers are still promoting fake Viagra, counterfeit watches, bogus male enlargement herbs and pills, illegal to import prescription drugs, fake e-cards (malware) and Russian dating scams.
This past 7 days, spam for various types of garbage amounted to 48% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from December 20 - 26, 2010. These classifications are based upon my own custom MailWasher spam filters.
Percentage classified as spam: 48%; up 1% from last week Number of messages classified as spam: 240 Number classified by my custom spam filters: 237 Number and percentage of spam according to my custom blacklist: 3 Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 0 Number of spam messages seen, reported to SpamCop & manually deleted: 5The order of spam according to the highest percentages, is as follows:
Fake Viagra and Cialis: 24.58% Male Enhancement scams: 20.83% Counterfeit (Rolex, etc) Watches: 19.58% Pharmaceuticals and fake prescription drugs: 16.67% Known Spam Domains in links (usually Russian: .RU): 10.83% Dating (Russian Bride scams): 3.75% Blacklisted sender names and domains: 1.26% Other miscellaneous filters (small percentages each): 1.25% Charset=iso-8859-2 (Latvia, etc): 0.83% Nigerian Lottery Scam: 0.42%
I made 2 additions/updates to my custom filters:
APNIC,
Known Spam Domains
I made 1 change to my custom Blacklist:
*e-card-delivery@+
Watch out for those fake e-cards this holiday season. They all lead to malware attacks that will hit your browsers with over a dozen exploit attempts. If just one of the installed pieces of software is a vulnerable version, your PC could be taken over by criminals without your knowledge. If your PC gets owned by cybercriminals, it will probably become a member of a criminal Botnet. This means that your computer will become a spam sending tool and may also be used as an attack tool against websites and Governments.
A word regarding knockoff watches: they are made in China, have no applicable warranty, cannot be returned if defective, are sold by criminal spammers, and are inferior to the real items they are copying. If you buy a counterfeit name brand watch, know that a fool and his money soon will part! Ditto for fake diplomas that are offered from time to time and all of the fake Viagra pills and enlargement scams that appear every day. Fake drugs may harm or kill you and are illegal to import into the USA and Canada and subject to seizure by Customs.
Take my advice and never reply to spam email, just delete it. Don't bother trying to unsubscribe from spam mail lists. Nobody ever gets de-listed; you will only confirm that your email address is valid by using the bogus unsubscribe links. Think about it: if you never signed up to receive the (fake) goods advertised in a spam email, why should you have to unsubscribe? The unsubscribe links are not honored. However, people using them are added to databases of proven live accounts and their names are sold to other spammers.
If you are tricked by an email message into visiting a malware attack site, scan your computer for acquired malware threats using the legitimate online scanner at http://housecall.trendmicro.com, or at kaspersky.com.
If malware is found, their scanners can remove most of it. If not, download a trial version of Trend Micro Internet Security. You can read about it and download it from my webpage about Trend Micro security products.
It has been reported that one of the Microsoft Updates of December 14, 2010 is causing serious trouble for many users of Microsoft Outlook; a popular desktop email client. According to a blog article just published on the MSDN, the three major issues have been reported by a significant number of people who applied patch number KB2412171.
These three issues were identified in the December 2010 update for Outlook 2007:
Uninstalling KB2412171 on Windows 7 or Windows Vista
Uninstalling KB2412171 on Windows XP
Once Microsoft sorts out the cause of these problems they will re-release KB2412171 for MS Outlook. It will be pushed out via Automatic Windows Updates, or once again, via manual updates.
With Christmas arriving this coming weekend, spammers have ramped up their efforts into overdrive, in order to divert some of your hard earned dollars into their purloined pockets. Don't be fooled by their email pitches. Spam offers are fraudulent, dealing in fake goods and payment ripoffs.
This week, spammers are mostly promoting fake Viagra, counterfeit watches, bogus male enlargement herbs and pills, illegal to import prescription drugs, and Russian dating scams.
This past 7 days, spam for various types of garbage amounted to 47% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from December 13 - 19, 2010. These classifications are based upon my own custom MailWasher spam filters.
Percentage classified as spam: 47%; down 4% from last week Number of messages classified as spam: 322 Number classified by my custom spam filters: 242 Number and percentage of spam according to my custom blacklist: 13 Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 2 Number of spam messages seen, reported to SpamCop & manually deleted: 13The order of spam according to the highest percentages, is as follows:
Fake Viagra and Cialis: 40.86% Counterfeit (Rolex, etc) Watches: 19.84% Male Enhancement scams: 10.51% Dating (Russian Bride scams): 6.61% Pharmaceuticals and fake prescription drugs: 6.23% Blacklisted sender names and domains: 5.06% Known Spam Domains in links (usually Russian: .RU): 4.67% Numeric IP hostile link (hijacked PCs): 1.95% Other miscellaneous filters (small percentages each): 1.95% Charset=iso-8859-2 (Latvia, etc): 0.78% Nigerian Lottery Scam: 0.78% DNS Blacklisted Servers: 0.78%
I made 1 additions/updates to my custom filters:
Known Spam [From]
I made 1 change to my custom Blacklist:
*easy-e-card*@+
Take my advice and never reply to spam email, just delete it. Don't bother trying to unsubscribe from spam mail lists. Nobody ever gets de-listed; you will only confirm that your email address is valid by using the bogus unsubscribe links. Think about it: if you never signed up to receive the (fake) goods advertised in a spam email, why should you have to unsubscribe? The unsubscribe links are not honored. However, people using them are added to databases of proven live accounts and their names are sold to other spammers.
Spammers are slimeball criminals and fraudsters, not legitimate business people. Never buy anything that is spamvertised. If you do, you will give your credit or debit card details to hardened criminals, in far away places. If you purchase illicit controlled drugs from abroad, they are subject to seizure by US Customs. It is against the law to import prescription drugs without a valid prescription issued by a physician who is validly licensed in the USA. And, if you actually receive Asian prescription pills ordered from a spam email link, the drugs may do nothing, or may harm you, or even kill you.
A word regarding knockoff watches: they are made in China, have no applicable warranty, cannot be returned if defective, are sold by criminal spammers, and are inferior to the real items they are copying. If you buy a counterfeit name brand watch, know that a fool and his money soon will part! Ditto for fake diplomas that are offered from time to time and all of the fake Viagra pills and enlargement scams that appear every day.
It has taken the Microsoft code writers 15 weeks to patch just half of the insecure library loading vulnerabilities they announced on August 23, 2010. These patches were released with the December 14, 2010 Windows Updates.
I first wrote about the insecure library loading vulnerabilities back on October 10, 2010. At that time there were 176 programs, 20 of which belong to Microsoft, that were affected by the underlying vulnerability in how applications can call on a .dll file (Dynamic Link Library) when a program loads in Windows (this is a Windows flaw). Now, there are 239 exploitable programs on list of vulnerable programs, maintained by the security firm Secunia.
It was revealed on August 23, in Microsoft Security Advisory 2269637, that Windows itself allowed for a wider range of actual paths to be searched when a ".dll" file was requested than most thought was the case. These paths allowed a software program to specify a remote location for a required dll file, which could include the Internet! Many commonly used programs could be exploited by adding a line of code that changed the path to their dll files. This made it possible for malware writers to infect Windows PCs by tricking users into opening their own installed vulnerable applications, that they had exploited to request remote mal-crafted dll files, instead of the legitimate files installed by the program.
Here is what I wrote about this remote vulnerability:
the security firm Secunia has identified 176 programs that can be exploited by directing one of these applications to load a remotely hosted hostile file, when the targeted program opens, or opens an associated file. The exploited files are .dll libraries, which just about every Windows program uses as includes to add functionality to the main program executable. The .dll files are actually executable files, but only when called by another executable.
On November 9, 2010, Microsoft released critical patches for several of its newer MS Office applications, one of which plugged a security issue involving .dll path hijacking. It took an additional 5 weeks for them to patch another 9 programs, on December 14, 2010. This brings their new total for MS programs affected by the insecure library loading issue to 10. Unfortunately, three of these unpatched programs include Windows XP Home, XP Professional and Windows Live Mail. Millions of people are using those operating systems and that email client!
Since there are still 10 Microsoft programs, include operating systems remaining exploitable, plus 229 from other very popular software companies, I recommend that technically adept PC users read the information on this Microsoft Support Article 2264107 and apply the Fix It Tool about half way down the page. You must first apply a Registry change, in the beginning of that article, before the Fix It Tool will work.
In the meantime, apply all available Microsoft patches, especially those for MS Office programs, and read the Secunia list of vulnerable programs, and apply the Fix It recommendations from Microsoft. As the other software companies released patched versions of their programs, you should install those new versions.
There have been some very important security updates issued over the last 3 weeks, for commonly used and exploitable programs. Also, critical patches are due to be released by Microsoft, on Dec 14, via Windows Updates. Patching vulnerable software will help you protect your computers from hostile takeover, and/or having them drafted into spam botnets.
Here's the rundown of the latest updates that affect millions of computer users, the World over.
Update!
Google Releases Chrome 8.0.552.224
added December 14, 2010
Google has released Chrome 8.0.552.224 to address multiple vulnerabilities, just 11 days after their previous security update. Apparently, they missed fixing something on Dec 3. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Google Chrome 8.0.552.215
On December 3, 2010, Google released an updated Chrome browser,version 8.0.552.215, to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. Use the built-in updater to download the latest version of Chrome. Alternately, visit the Chrome download page and get the newest version there.
Apple QuickTime 7.6.9
On December 8, 2010, Apple released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. You can use the updater in the Windows Control Panel icon, or your start menu Apple Softeare Updates shortcuts to download the latest version of QuickTime, or the previous link. Mac users can use the Apple Software Updater.
WordPress Version 3.0.3
On December 9, 2010, WordPress has released WordPress 3.0.3 to address a critical vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. You can review the information about this update, and get the latest version for your websites, on the Wordpress v3.03 details page.
Firefox 3.6.13
On December 10, 2010, the Mozilla Foundation released Firefox 3.6.13 to address 11 vulnerabilities, 9 of which were rated as Critical. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, spoof the location bar, or operate with elevated privileges. The Mozilla foundation has also released Firefox 3.5.16 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.7 and 3.0.11 and SeaMonkey 2.0.11.
Firefox users should receive this update automatically. If you didn't, you can download the current version of Firefox here. You can also use the Help menu Check for Updates link in Firefox browsers.
Microsoft Releases Advance Notification for December 2010 Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its December release will contain 17 bulletins, covering about 40 vulnerabilities. Two of these bulletins will have a severity rating of critical and will be for Microsoft Windows and Internet Explorer. Fourteen of the bulletins will have a severity rating of important and will be for Microsoft Windows, Office, and SharePoint. The remaining bulletin will have a severity rating of moderate and will be for Microsoft Exchange. Release of these bulletins is scheduled for Tuesday, December 14, 2010.
A simple step you can take to keep your exploitable software up to date.
You can use the Secunia Online Software Inspector to check for any out-dated software you may be running, along with links to get the newest versions of same. The report also shows any missing Windows Updates. I run it once a week and recommend you all do the same. They also have a downloadable version, called the PSI, that lives on your PC and checks for a much larger number of out-dated or end-of-life software programs.
Finally, the Windows Applications Insecure Library Loading list has now grown to 337 applications, including 19 from the Microsoft Mothership itself. In all, 97 different vendors have at least one, if not many more programs that could be exploited by a hostile script taking advantage of the dll path vulnerability described in the Microsoft Advisory of August 23, 2010.
With many of the threats targeting the vulnerabilities that were recently patched in these programs, it is imperative that you have up to date anti malware programs running on your PCs. I recommend Trend Micro Internet Security, with its in-the-cloud Smart Protection Network and instant definitions, and also Malwarebytes' Anti-Malware (licensed version for active protection and auto-updating). You may have to install Trend Micro first, then MBAM. That's because TM doesn't like competing products to be already running where it is installed.
With Christmas around the corner, spammers are ramping up their efforts to get some of your hard earned dollars and infect more machines, for use in Botnets. There is a virtual flood of crap mail deluging email inboxes this week, mostly hawking things like fake Viagra, counterfeit watches and designer bags and jewelry, illegal to import prescription drugs, bogus male enlargement herbs and pills, the tail end of a Pump and Dump penny stock scam (DYNV) scam and a handful of work at home money laundering scams (money mule recruiters for bank account stealing Trojans, like Zeus and similar info stealing Bots). There were a few phishing scams thrown into the mix, earlier in the week.
This past 7 days, spam for various types of garbage amounted to 51% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from December 6 - 12, 2010. These classifications are based upon my own custom MailWasher spam filters.
Percentage classified as spam: 51%; down 5% from last week Number of messages classified as spam: 370 Number classified by my custom spam filters: 353 Number and percentage of spam according to my custom blacklist: 15 Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 2 Number of spam messages seen, reported to SpamCop & manually deleted: 39The order of spam according to the highest percentages, is as follows:
Fake Viagra and Cialis: 37.30% Counterfeit (Rolex, etc) Watches: 14.05% Pharmaceuticals and fake prescription drugs: 13.24% Male Enhancement scams: 7.30% Other miscellaneous filters (small percentages each): 6.22% Known Spam Domains in links (usually Russian: .RU): 5.68% Counterfeit Goods: 5.41% Blacklisted sender names and domains: 4.05% Charset=iso-8859-2 (Latvia, etc): 2.16% Numeric IP hostile link (hijacked PCs): 1.62% Russian Sender: 1.35% Work At Home Scams (money laundering stolen funds): 1.08% DNS Blacklisted Servers: 00.54%
I made 1 additions/updates to my custom filters:
Counterfeit Goods
I made no changes to my custom Blacklist:
Take my advice and never reply to spam email, just delete it. Never buy anything that is spamvertised. If you do, you will give your credit or debit card details to hardened criminals, in far away places. If you purchase illicit controlled drugs from abroad, they are subject to seizure by US Customs. It is against the law to import prescription drugs without a valid prescription issued by a physician who is validly licensed in the USA.
A word regarding knockoff watches: they are made in China, have no applicable warranty, cannot be returned if defective, are sold by criminal spammers, and are inferior to the real items they are copying. If you buy a counterfeit name brand watch, know that a fool and his money soon will part! Ditto for fake diplomas that are offered from time to time.
Look out Christmas shoppers! Spammers are ramping up their efforts to get some of your hard earned dollars. There is a virtual flood of crap mail deluging email inboxes this week, mostly hawking things like fake Viagra, counterfeit watches, illegal to import prescription drugs, bogus male enlargement herbs and pills, Russian dating and "chat" scams and work at home money laundering scams (money mule recruiters for bank account stealing Trojans, like Zeus/Licat and similar Bots).
Note: if you fall for a money mule recruiter scam (work at home and make $$$ per day/week) and become involved in transferring stolen funds overseas, you could go to jail for being an active accomplice in a money laundering scheme (of money stolen from bank accounts by hidden keystroke logging Bots). Always use the best anti-malware protection you can afford, like Trend Micro Titanium Internet Security and Malwarebytes' Anti-Malware (MBAM). These two commercial programs can detect, remove and block most badware being released on a daily basis. If you run MBAM as freeware, make sure you update it before scanning, and scan every day!
This past 7 days, spam for various types of garbage amounted to 56% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from November 29, through December 5, 2010. These classifications are based upon my own custom MailWasher spam filters.
Percentage classified as spam: 56%; down 4% from last week Number of messages classified as spam: 469 Number classified by my custom spam filters: 419 Number and percentage of spam according to my custom blacklist: 23 Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 5 Number of spam messages seen, reported to SpamCop & manually deleted: 30The order of spam according to the highest percentages, is as follows:
Counterfeit (Rolex, etc) Watches: 23.49%
Fake Viagra and Cialis: 22.82%
Illegal to import and fake prescription drugs: 19.02%
Male Enhancement scams: 9.4%
Blacklisted sender names and domains: 5.15%
Other miscellaneous filters (small percentages each): 5.15%
Known Spam Domains in links (usually Russian: .RU): 4.25%
Dating/Chat scams ("Russian Brides"): 2.91%
Work At Home Scams (money laundering stolen funds): 2.24%
Numeric IP link (hijacked PCs): 1.79%
Pump and Dump Stock scams (like DYNV): 1.57%
Russian Sender: 1.12%
DNS Blacklisted Servers: 1.12%
I made 5 additions/updates to my custom filters:
APNIC (China, etc)
Dating Scams
Male Enhancement scams
Watches (fake, counterfeit Rolex, etc)
Work At Home Scams ("money mule" recruiters)
I made these changes to my custom Blacklist:
[email protected] (fails to honor repeated unsubscribe requests!)
Take my advice and never reply to spam email, just delete it. Never buy anything that is spamvertised. If you do, you will give your credit or debit card details to hardened criminals, in far away places. If you purchase illicit controlled drugs from abroad, they are subject to seizure by US Customs. It is against the law to import prescription drugs without a valid prescription issued by a physician who is validly licensed in the USA. Finally, there is no actual Canadian Pharmacy. If you see email purporting to come from Canadian Pharmacy, or any variation of those words, delete it. The non-existent company was conceived by Russian spammers. Any drugs actually shipped come from illicit pharmaceutical knockoff factories in Asia.
Sponsored Message
I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.
If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.
As an Amazon and Google Associate, I earn commissions from qualifying purchases.
About the authorWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.
Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.
Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.
MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.
This weblog is licensed under a Creative Commons License.