Wiz's Computer and Website Security Blog

After increasing slightly last week, my incoming volume of spam has decreased significantly. However, botnets are still spewing out email spam for fake Viagra, counterfeit watches, fake and illegal to import Russian prescription drugs, Nigerian lottery/419 scams, pirated software and work at home kit scams.

This past 7 days, spam for various types of garbage amounted to 24% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.

Here are some statistics regarding the spam received and categorized, from Feb 14 - 20, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.

Percentage classified as spam: 24%; down 10% from last week
Number of messages classified as spam: 106 
Number classified by my custom spam filters: 97
Number and percentage of spam according to my custom blacklist: 8
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 1
Number of spam messages seen, reported to SpamCop & manually deleted: 18

Pharmaceuticals and fake prescription drugs: 25.47%
Fake Viagra and Cialis: 15.09%
Counterfeit Watches: 12.26%
Blacklisted sender names and domains (my blacklist): 7.55%
Work At Home Scam: 6.60%
Known Spam Domains in links (usually Russian: .RU): 5.66%
Male Enhancement scams: 5.66%
Other Filters (with small percentages): 5.66%
Diploma Spam: 4.72%
Counterfeit Goods: 3.77%
URL Shortener spam links (t.co, etc): 3.77%
Lottery Scam: 2.83%
DNS Blacklist Servers: 0.94%

I made these 2 additions/updates to my custom filters:
Counterfeit Goods
Work At Home Scam

I made 0 changes to my custom Blacklist:

See my extended content for more details about protecting your computers from the threats posed by email spam.

As mentioned in the previous paragraphs, I use MailWasher Pro to delete spam before I download it to my email program (Windows Live Mail). This is my first line of defense against email-borne threats. If you are using a desktop email client (Windows Live mail, Outlook, Outlook Express, etc) and are not pre-screening incoming email for threats, you may be at risk from scripted attacks carried inside email messages, or from infected attachments, or from hostile links enclosed in them.

Note, that currently, all spam email is sent from infected PCs that are zombie members of various Botnets. Hopefully, your computers aren't part of any spam Botnets! If that is true, let's keep it that way, by using the best spam and malware detection and prevention software you can afford.

How to prevent your computer from becoming a member of a spam Botnet

First of all, if you use a desktop (POP3) email client (program), rather than your browser, to send and receive email, try using MailWasher Pro to screen your incoming email for spam, before you download it to your desktop email client. Set MailWasher to check for mail every 15 or 20 minutes, but disable automatic checking in your email client. Once MailWasher has inspected your incoming messages and you have deleted spam and malware infected threats, then manually sync or receive the desirable email to your email program. My custom MailWasher filters will make it easier to identify and delete spam and known threat email.

One of the great features of MailWasher Pro is that it does not render HTML layouts or images in email, nor does it react to scripting tricks. All email is displayed as plain, safe text. You can instantly view the source code with the click of a mouse. This reveals and hidden HTML word placement tricks, shows the real destination of cloaked links, and alerts you to script threats that could be triggered if you opened those messages in your POP3 desktop email client. You can also see if there is a possibly hostile attachment in an email message. Attachments are used to spread Trojans that draft PCs into spam Botnets, or to install keyloggers that steal your login credentials to banks and other important web sites.

Next, you need to protect your PC from constantly evolving viruses, spyware, keyloggers and Bot malware. I recommend Trend Micro Internet Security (TMIS), with its "cloud-based" definitions that are updated constantly, as malware is altered by criminal software writers, hackers and Bot herders. You can read about TMIS and download it from my webpage about Trend Micro security products. You can even try it for free for a month! A nice feature of TMIS, is that one annual license allows you to install it on 3 PCs.

Trend Micro security programs all feature what they call the Smart Protection Network. It is part of the "cloud" based protection I mentioned. As hostile web pages are discovered their locations are added to the definitions in the cloud. Any computers that use TMIS, with valid subscriptions, are blocked from accessing those pages, until their webmasters remove the infections (if ever).

If you use your Internet browser to handle email, any embedded threats will be downloaded into the browser's cache, or temporary files. These threats may be able to launch from those hidden caches and infect your computer. MailWasher Pro doesn't protect browser based email, but Trend Micro Internet Security does. With its advanced Bot detection and prevention mechanisms, it could become your computer's best friend.

Posted by Wiz at 4:37 PM | Permalink

back to top ^

After declining for two weeks in a row, my incoming volume of spam has increased slightly. Botnets are still spewing out email spam for fake Viagra, counterfeit watches, fake and illegal to import prescription drugs, Nigerian lottery/419 scams and work at home kit scams.

This past 7 days, spam for various types of garbage amounted to 34% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.

Here are some statistics regarding the spam received and categorized, from Feb 14 - 20, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.

Percentage classified as spam: 34%; up 4% from last week
Number of messages classified as spam: 196 
Number classified by my custom spam filters: 168
Number and percentage of spam according to my custom blacklist: 10
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 1
Number of spam messages seen, reported to SpamCop & manually deleted: 39

Pharmaceuticals and fake prescription drugs: 31.84%
Other Filters (with small percentages): 12.29%
Fake Viagra and Cialis: 12.29%
Counterfeit Watches: 9.50%
Known Spam Domains in links (usually Russian: .RU): 7.82%
Blacklisted sender names and domains (my blacklist): 5.59%
Image Spam: 5.03%
Pills Spam: 4.47%
Male Enhancement scams: 2.79%
Pirated Software: 2.79%
Work At Home Scam: 2.79%
Subject is All Capital Letters: 2.23%
DNS Blacklist Servers: 0.562%

I made these 7 additions/updates to my custom filters:
APNIC (Asia-Pacific),
Image Spam #11,
Known Spam Domains,
Nigerian 419 Scam #3 [S, F, R],
Pills,
Work At Home Scam (2x)

I made 0 changes to my custom Blacklist:

See my extended content for more details about protecting your computers from the threats posed by email spam.

As mentioned in the previous paragraphs, I use MailWasher Pro to delete spam before I download it to my email program (Windows Live Mail). This is my first line of defense against email-borne threats. If you are using a desktop email client (Windows Live mail, Outlook, Outlook Express, etc) and are not pre-screening incoming email for threats, you may be at risk from scripted attacks carried inside email messages, or from infected attachments, or from hostile links enclosed in them.

Note, that currently, all spam email is sent from infected PCs that are zombie members of various Botnets. Hopefully, your computers aren't part of any spam Botnets! If that is true, let's keep it that way, by using the best spam and malware detection and prevention software you can afford.

How to prevent your computer from becoming a member of a spam Botnet

First of all, if you use a desktop (POP3) email client (program), rather than your browser, to send and receive email, try using MailWasher Pro to screen your incoming email for spam, before you download it to your desktop email client. Set MailWasher to check for mail every 15 or 20 minutes, but disable automatic checking in your email client. Once MailWasher has inspected your incoming messages and you have deleted spam and malware infected threats, then manually sync or receive the desirable email to your email program. My custom MailWasher filters will make it easier to identify and delete spam and known threat email.

One of the great features of MailWasher Pro is that it does not render HTML layouts or images in email, nor does it react to scripting tricks. All email is displayed as plain, safe text. You can instantly view the source code with the click of a mouse. This reveals and hidden HTML word placement tricks, shows the real destination of cloaked links, and alerts you to script threats that could be triggered if you opened those messages in your POP3 desktop email client. You can also see if there is a possibly hostile attachment in an email message. Attachments are used to spread Trojans that draft PCs into spam Botnets, or to install keyloggers that steal your login credentials to banks and other important web sites.

Next, you need to protect your PC from constantly evolving viruses, spyware, keyloggers and Bot malware. I recommend Trend Micro Internet Security (TMIS), with its "cloud-based" definitions that are updated constantly, as malware is altered by criminal software writers, hackers and Bot herders. You can read about TMIS and download it from my webpage about Trend Micro security products. You can even try it for free for a month! A nice feature of TMIS, is that one annual license allows you to install it on 3 PCs.

Trend Micro security programs all feature what they call the Smart Protection Network. It is part of the "cloud" based protection I mentioned. As hostile web pages are discovered their locations are added to the definitions in the cloud. Any computers that use TMIS, with valid subscriptions, are blocked from accessing those pages, until their webmasters remove the infections (if ever).

If you use your Internet browser to handle email, any embedded threats will be downloaded into the browser's cache, or temporary files. These threats may be able to launch from those hidden caches and infect your computer. MailWasher Pro doesn't protect browser based email, but Trend Micro Internet Security does. With its advanced Bot detection and prevention mechanisms, it could become your computer's best friend.

Posted by Wiz at 11:33 PM | Permalink

back to top ^

On Wednesday, February 16, 2011, Oracle, the current owner of the Java technology developed by Sun Corporation, released their Java second update in 6 days. It was just on Feb 10 that Java 6 build 23 was released, plugging a critical vulnerability, which I included in my last Security Patch Roundup, published on Feb 11, 2011. Now, just six days later, Java 6 build 24 has been released, plugging 21 more security holes!

Multiple vulnerabilities have been reported by Secunia and others in Sun Java, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

One doesn't really get a sense of how big of a deal this is, until one reads an outline detailing each one of those 21 vulnerabilities and the impact each one can have. Take a stroll over to Secunia Vulnerability Advisory 43262 and scroll down through the long list of these 21 exploitable weaknesses that were just fixed with this week's Java update.

Here is how the impacts of the 21 patched vulnerabilities break down:

• Execution of arbitrary code on unpatched machines: 10


• Disclosure and/or manipulation of sensitive data (espionage, sabotage, data theft): 8


• Code escaping the Sandbox security field (system invasion): 1


• Denial Of Service (DOS) on a server running Java: 1


• Infinite Loop condition (Denial of use of browser, user's Desktop, or even the entire computer): 1

Of these 21 vulnerabilities, the one about the infinite loop is the most interesting, from a mathematical viewpoint:

An error in the "doubleValue()" method in FloatingDecimal.java when converting "2.2250738585072012e-308" from a string type to a double precision binary floating point can be exploited to cause an infinite loop.

This infinite loop condition could be used to sabotage a particular computer, or a network, or computers that manage electro-mechanical systems, reactors and municipal utilities.

The vulnerabilities that allow arbitrary code usually lead to complete takeover of infected machines by cyber criminals. They use these vulnerabilities to download remote control backdoor Botnet executables (used to send spam or launch DDoS attacks), to install hidden rootkits to oversee and protect other installed malware; like data stealing keyloggers to empty your bank, PayPal and stock accounts and fake/rogue security programs that extort cleanup money from victims owning the infected computers.

Go here to download the latest Java Virtual Machine, or go here to see if you have the latest version, or an older, vulnerable version. You must make sure that older versions are uninstalled from your computers, not just left behind. Malware can still exploit older versions left on a computer by specifying the original default path to their executables and JAR files. The new version of Java does remove older versions of the same series, but not previous ones. You'll need to uninstall them manually, via Control Panel (Windows) , or drag them to your Mac's Trash Can.

You can check the security and patch availability status of many types of commonly installed software by routinely running the Secunia Online Software Inspector, which ironically runs on Java technology.

Now, go fix yourself a cup of Mocca Java and get busy updating Virtual Java on all of your computers (including Mac and Linux)!

Posted by Wiz at 3:49 PM | Permalink

back to top ^

Every weekend I write an article about my spam analysis for that week. This often includes details about phishing scams that target individuals and company employees, for the purpose of stealing your identity, logins and passwords to important web sites, private or company information, or trade secrets.

The following is a guest article sent to me by GFI Software, a leading software developer that produces network and email/messaging security solutions for SMEs. GFI is also the owner of Vipre Antivirus. This article deals with protecting your employees from falling victim to phishing scams that arrive via email.

Data, the lifeblood of every organization, is also a magnet for phishing emails and other social engineering scams. Phishing scams come in a variety of flavors but predominately are pushed through email or, recently on the increase, through social networking sites and Instant Messaging. In essence these carefully crafted emails, appearing totally legitimate, aim to trick unsuspecting employees in giving up personal or financial information which the phisher, in turn, uses to commit fraud and for personal gain.

Understanding how to identify phishing emails and scams is important because it will lead to better management of the problem and afford better protection for your network and data (before your employees thoughtlessly click on them). Below are some points to keep in mind:

1. Do not trust emails with urgent requests for personal or financial information. Such emails are often near-genuine messages from banks, credit agencies, official government bodies and online vendor or payment sites. They also tend to come with a lot of dire 'warnings' -deliberately attempting to scare the recipients and force them to click on links and give out details before they have time to properly assess the veracity of the claim. Keep in mind that the legitimate senders usually rely on other means to contact you, rather than through email. If you have any doubts about the content in, or the sender of, the email, pick up the phone and speak to them directly. Better safe than sorry.


2. Look out for misspelled URLs and incorrect English - A classic in phishing emails. They are great in tricking people but they are not always drafted by good writers. The content is usually peppered with grammatical areas. Phishers also make subtle changes to the spelling of website URL, for example: http://www.christinsblog.com instead of http://www.christinasblog.com. Look out for these errors.


3. When receiving an email which addresses you as 'Dear customer', rather than by your first and/or last name, it is probably a scam.


4. Look out for keywords, such as: 'verify your account' or 'verify your ID' - these are usually found in phishing emails.


5. Always be suspicious of emails which ask you to click on links. Unless you are sure that the sender is legitimate, never click on links in emails.

Read these three points defining how to stop phishing emails from succeeding in the first place:

1. Employee education - It is very important that employees are well informed about the web threats out there and how they can be avoided. Your staff needs to know, for example, that opening attachments or keying personal or company information must be averted unless they are sure these are legitimate requests. It is better for employees not to take any action than to do something they'll immediately regret.


2. Apply Spam Filtering and SIDF - Investing in a solid spam filtering solution is imperative. This will help you block and detect phishing scams, while allowing you to monitor your email traffic. Moreover, security experts and email companies recommend the use of SIDF (Sender ID Framework). This tests whether a particular email really does originate from its claimed source or not - meaning you will be able to verify whether an email is legitimate or if it has been sent from a forged sending address.


3. Check your browser and ensure your computer is up-to-date - Make sure your machines are fully patched with the latest security updates and you have the latest version of browser installed.


4. Update your antivirus regularly - most of the latest antivirus solutions have heuristic capabilities which can decrease the possibilities of new malware evading detection.

Additional readings

You've Got Phish
Phishing primary cause of bogus iTunes charges

This guest post was provided by Christina Goggi on behalf of GFI Software, a leading software developer that produces network and messaging security solutions for SMEs. More information about GFI anti-spam solution can be found at http://www.gfi.com/mes

Posted by Wiz at 2:56 PM | Permalink

back to top ^

Something is up with the spam botnets. For the 2nd week in a row my incoming volume of spam has decreased. However, the remaining active botnets are still spewing out email spam for fake Viagra, counterfeit watches, fake and illegal to import prescription drugs, pump and dump stocks, Nigerian lottery/419 scams and work at home kit scams.

This past 7 days, spam for various types of garbage amounted to 30% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.

Here are some statistics regarding the spam received and categorized, from Feb 7 - 13, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.

Percentage classified as spam: 30%; down 5% from last week
Number of messages classified as spam: 138 
Number classified by my custom spam filters: 129
Number and percentage of spam according to my custom blacklist: 3
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 0
Number of spam messages seen, reported to SpamCop & manually deleted: 17

Pharmaceuticals and fake prescription drugs: 30.30%
Fake Viagra and Cialis: 25.00%
Counterfeit Watches: 20.45%
Known Spam Domains in links (usually Russian: .RU): 5.30%
Work At Home Scam: 4.55%
Nigerian 419 Scams: 3.04%
Lottery Scams: 3.03%
Other Filters (with small percentages): 3.03%
Blacklisted sender names and domains (my blacklist): 2.27%
Pump and Dump stock spam: 1.52%
URL Shortener Links to spam: 1.52%

I made 10 additions/updates to my custom filters:
Canadian Pharmacy,
E-Card Scam,
Known Spam Subjects #2,
Nigerian 419 Scam #3 [S, F, R],
Pump & Dump Scam (2x),
Watches Spam,
Work At Home Scam (3x)

I made 0 changes to my custom Blacklist:

See my extended content for more details about protecting your computers from the threats posed by email spam.

As mentioned in the previous paragraphs, I use MailWasher Pro to delete spam before I download it to my email program (Windows Live Mail). This is my first line of defense against email-borne threats. If you are using a desktop email client (Windows Live mail, Outlook, Outlook Express, etc) and are not pre-screening incoming email for threats, you may be at risk from scripted attacks carried inside email messages, or from infected attachments, or from hostile links enclosed in them.

Note, that currently, all spam email is sent from infected PCs that are zombie members of various Botnets. Hopefully, your computers aren't part of any spam Botnets! If that is true, let's keep it that way, by using the best spam and malware detection and prevention software you can afford.

How to prevent your computer from becoming a member of a spam Botnet

First of all, if you use a desktop (POP3) email client (program), rather than your browser, to send and receive email, try using MailWasher Pro to screen your incoming email for spam, before you download it to your desktop email client. Set MailWasher to check for mail every 15 or 20 minutes, but disable automatic checking in your email client. Once MailWasher has inspected your incoming messages and you have deleted spam and malware infected threats, then manually sync or receive the desirable email to your email program. My custom MailWasher filters will make it easier to identify and delete spam and known threat email.

One of the great features of MailWasher Pro is that it does not render HTML layouts or images in email, nor does it react to scripting tricks. All email is displayed as plain, safe text. You can instantly view the source code with the click of a mouse. This reveals and hidden HTML word placement tricks, shows the real destination of cloaked links, and alerts you to script threats that could be triggered if you opened those messages in your POP3 desktop email client. You can also see if there is a possibly hostile attachment in an email message. Attachments are used to spread Trojans that draft PCs into spam Botnets, or to install keyloggers that steal your login credentials to banks and other important web sites.

Next, you need to protect your PC from constantly evolving viruses, spyware, keyloggers and Bot malware. I recommend Trend Micro Internet Security (TMIS), with its "cloud-based" definitions that are updated constantly, as malware is altered by criminal software writers, hackers and Bot herders. You can read about TMIS and download it from my webpage about Trend Micro security products. You can even try it for free for a month! A nice feature of TMIS, is that one annual license allows you to install it on 3 PCs.

Trend Micro security programs all feature what they call the Smart Protection Network. It is part of the "cloud" based protection I mentioned. As hostile web pages are discovered their locations are added to the definitions in the cloud. Any computers that use TMIS, with valid subscriptions, are blocked from accessing those pages, until their webmasters remove the infections (if ever).

If you use your Internet browser to handle email, any embedded threats will be downloaded into the browser's cache, or temporary files. These threats may be able to launch from those hidden caches and infect your computer. MailWasher Pro doesn't protect browser based email, but Trend Micro Internet Security does. With its advanced Bot detection and prevention mechanisms, it could become your computer's best friend.

Posted by Wiz at 3:46 PM | Permalink

back to top ^

It's been over a month since I published a roundup of security news and bulletins that have a major impact on computer users. Quite a lot of vulnerabilities and fixes have been announced just in the first 11 days of this month. Links are provided to obtain patched versions of affected software. All of these are very serious and could be, or are being exploited in the wild. I will start with the newest announcements and work my way back to early January.

Oracle Releases Security Alert for Java Runtime Environment
February 10, 2011

Oracle has released a security alert to address a vulnerability in the Java Runtime Environment (JRE) component of the Oracle Java SE and Java for Business products. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition. To cut through the geek-speak, this involves the Java "plug-in" that many computers use in the browsers to be able to use and interact with Java Applets in web pages. This plug-in, as well as the standalone version of Java need to be updated as soon as possible, if not sooner.

The new Java is coded Version 6 Update 23 - for Windows, Solaris, and Linux. Go here to download the latest Java Virtual Machine, or go here to see if you have the latest version, or an older, vulnerable version. You must make sure that older versions are uninstalled from your computers, not just left behind. Malware can still exploit older versions left on a computer by specifying the original default path to their executables and JAR files.

I want you to be aware that Java is the most frequently exploited browser plug-in for the last year. When an update is released, do not delay in applying it. Java normally is setup for automatic updates. You can verify this, or even change the frequency of checking, via Control Panel > Java > "Update" tab.

Google Releases Chrome 9.0.597.98
February 10, 2011

Google has released an updated version of their Chrome browser: Chrome 9.0.597.98, for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This update also includes a recently released version of Adobe Flash Player that repairs several vulnerabilities.

If you have the Chrome browser installed, open it and click on the wrench icon to the right side of the browser, which opens the Tools menu. From there, click on "About Google Chrome" - which launches a check for updates, or tells you if it has already updated itself in the background (it does that via the Google Updater).

Adobe Releases Security Update for Flash Player
February 9, 2011

Adobe Flash Player has also been updated this week, to version 10.2.152.26, to address multiple vulnerabilities in Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. (This leads to taking over your computer, if you operate with Administrator level privileges)

You can download the latest version of Flash Player from the Adobe Flash Player page. If you have the Windows operating system and use other browsers too, you'll need to visit the Flash Player page once with Internet Explorer, and once with Firefox, or Opera. Google Chrome maintains its own installation of Flash and updates the entire browser when Adobe updates the Flash plug-in.

Find out what version of Flash Player you have installed, for Internet Explorer and your other browsers, on the Adobe About Flash page. Only install Flash Player at Adobe.com! Criminals use fake Flash Player icons and links to fool people into installing Trojan Horse Botnet programs, from hostile web pages linked to in spam emails.

RealNetworks, Inc. Releases Security Updates for RealPlayer
February 9, 2011

RealNetworks, Inc. has released security updates to address a vulnerability affecting Windows RealPlayer 14.0.1 and earlier versions and RealPlayer Enterprise 2.1.4 and earlier versions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the browser. You can update your version of RealPlayer here.

Adobe Releases Updates for Adobe Reader and Acrobat
February 8, 2011

Adobe has released updates for Reader and Acrobat to address multiple vulnerabilities affecting the following software versions:

* Adobe Reader X (10.0) and earlier versions for Windows and Macintosh
* Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh, and Unix
* Adobe Acrobat x (10.0) and earlier versions for Windows and Macintosh

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges, or conduct cross-site scripting attacks.

At this time, updates are available for the Windows platform. Adobe indicates that it plans to release updates for Macintosh and Unix the week of February 28, 2011. All recent versions of Adobe Reader and Acrobat are now set to automatically check for updates. I still recommend manually checking by opening Adobe Reader, clicking on Help, then "Check for Updates."

Adobe Reader updates require Administrator privileges.

Patch Tuesday Windows Updates

Microsoft released a bunch of Windows Updates on Patch Tuesday, February 8, 2011. If you operate a Windows XP (with SP3), Vista, or 7, or Server 2008, you need to make sure you have received all updates available for your computers. There is a link to do so in your Start Menu, and in Internet Explorer's Safety menu.

Webmaster Alert! WordPress Releases Version 3.0.5
February 8, 2011

WordPress has released WordPress 3.0.5 to address multiple vulnerabilities. Execution of these vulnerabilities may allow an attacker to conduct cross-site scripting attacks or obtain sensitive information.

To download WordPress 3.0.5, update automatically from the Dashboard > Updates menu in your site's admin area or visit the Wordpress.org current stable version download page.

This updated followed closely on the heels of a previous mandatory security updated for WordPress, which was version 3.0.4, which was released on January 3, 2011.

That is the roundup for January 3, through February 11, 2011. You can keep up with all of these updates by using the Secunia Online Software Inspector. It scans your computer, using Java, then displays a readout of any vulnerable software it finds, along with links to download the latest versions.

Posted by Wiz at 10:14 PM | Permalink

back to top ^

After three weeks of increases, my incoming volume of spam has decreased, this time by a whopping 14%. Still, Botnets are still spewing out email spam for fake Cialis and Viagra, counterfeit watches, bogus male enlargement herbs and pills, illegal to import prescription drugs, pirated software, dating scams and work at home (Money Mule - criminal money laundering) scams.

This past 7 days, spam for various types of garbage amounted to 35% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.

Here are some statistics regarding the spam received and categorized, from Jan 31 - Feb 6, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.

Percentage classified as spam: 35%; down 14% from last week
Number of messages classified as spam: 166 
Number classified by my custom spam filters: 148
Number and percentage of spam according to my custom blacklist: 14
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 0
Number of spam messages seen, reported to SpamCop & manually deleted: 10

Pharmaceuticals and fake prescription drugs: 26.54%
Counterfeit Watches: 19.14%
Fake Viagra and Cialis: 16.05%
Known Spam Domains in links (usually Russian: .RU): 13.58%
Blacklisted sender names and domains (my blacklist): 8.64%
Male Enhancement scam: 3.09%
Other Filters (with small percentages): 3.09%
Pills spam: 3.09%
Dating spam: 2.47%
Software Spam: 1.85%
URL Shortener Links to spam: 1.87%
Work At Home Scam: 1.23%

I made 4 additions/updates to my custom filters:
Diploma Spam (now using HTML positioning tricks and salad words),
Known Spam Domains,
Unlicensed Prescription Drugs,
Work At Home Scam (money mule scams)

I made 0 changes to my custom Blacklist:

See my extended content for more details about protecting your computers from the threats posed by email spam.

As mentioned in the previous paragraphs, I use MailWasher Pro to delete spam before I download it to my email program (Windows Live Mail). This is my first line of defense against email-borne threats. If you are using a desktop email client (Windows Live mail, Outlook, Outlook Express, etc) and are not pre-screening incoming email for threats, you may be at risk from scripted attacks carried inside email messages, or from infected attachments, or from hostile links enclosed in them.

Note, that currently, all spam email is sent from infected PCs that are zombie members of various Botnets. Hopefully, your computers aren't part of any spam Botnets! If that is true, let's keep it that way, by using the best spam and malware detection and prevention software you can afford.

How to prevent your computer from becoming a member of a spam Botnet

First of all, if you use a desktop (POP3) email client (program), rather than your browser, to send and receive email, try using MailWasher Pro to screen your incoming email for spam, before you download it to your desktop email client. Set MailWasher to check for mail every 15 or 20 minutes, but disable automatic checking in your email client. Once MailWasher has inspected your incoming messages and you have deleted spam and malware infected threats, then manually sync or receive the desirable email to your email program. My custom MailWasher filters will make it easier to identify and delete spam and known threat email.

One of the great features of MailWasher Pro is that it does not render HTML layouts or images in email, nor does it react to scripting tricks. All email is displayed as plain, safe text. You can instantly view the source code with the click of a mouse. This reveals and hidden HTML word placement tricks, shows the real destination of cloaked links, and alerts you to script threats that could be triggered if you opened those messages in your POP3 desktop email client. You can also see if there is a possibly hostile attachment in an email message. Attachments are used to spread Trojans that draft PCs into spam Botnets, or to install keyloggers that steal your login credentials to banks and other important web sites.

Next, you need to protect your PC from constantly evolving viruses, spyware, keyloggers and Bot malware. I recommend Trend Micro Internet Security (TMIS), with its "cloud-based" definitions that are updated constantly, as malware is altered by criminal software writers, hackers and Bot herders. You can read about TMIS and download it from my webpage about Trend Micro security products. You can even try it for free for a month! A nice feature of TMIS, is that one annual license allows you to install it on 3 PCs.

Trend Micro security programs all feature what they call the Smart Protection Network. It is part of the "cloud" based protection I mentioned. As hostile web pages are discovered their locations are added to the definitions in the cloud. Any computers that use TMIS, with valid subscriptions, are blocked from accessing those pages, until their webmasters remove the infections (if ever).

If you use your Internet browser to handle email, any embedded threats will be downloaded into the browser's cache, or temporary files. These threats may be able to launch from those hidden caches and infect your computer. MailWasher Pro doesn't protect browser based email, but Trend Micro Internet Security does. With its advanced Bot detection and prevention mechanisms, it could become your computer's best friend.

Posted by Wiz at 4:07 PM | Permalink

back to top ^