A worm is a small piece of software that will use a computers networks and securities to replicate itself. The worm will scan the network for more machines that may have this specific security hole. If it finds one, it will copy itself to the new computer and using the security hole, will then replicate itself again and again in this manner.

Worms can work in many ways and one of the most common ways is through emails. They can attach themselves to your contact list and then send emails out to everyone on your list. This is an ingenious way to get the worm spread around since most people see no harm in opening an email that originates from someone they know and trust.

Computer Worms Detection

Over the years I have found a foolproof way to discover whether a worm has attached itself to my contact list. Create a contact named AAAAA, five A’s should be plenty. List AAAAA’s email address as your own. This way if a worm attaches itself to your computer and sends out a worm to all of your contacts, you will be the first one to get it. Should you ever open your email and find an email from AAAAA in there, you will know that a worm has attached itself and can then send out another email warning your contacts to avoid emails from your address until you have corrected the problem.

Unfortunately for any computer user viruses and Spyware are a common problem. The worst part is that most people are not aware of some things that may install Spyware or other malicious items onto their computers. Most people wrongly assume that they have to download something or open themselves up to a vulnerability manually. This is not always true.

How Do I Keep Getting Spyware?

Actually, one of the main ways that hackers have found is the easiest to use to get PC users to execute their malicious software is through emails. All of those inspirational or chain emails can be the biggest source of problems for some users who do not even frequent sites that may contain Spyware or viruses.
All of those nice inspirational emails can have malicious coding embedded that may cause security vulnerabilities within your computer. Clicking links that you are unsure of inside emails is also a great way to install Spyware on your system.

For new users this may be the biggest problems. Most people who regularly use computers for personal or business related activities are aware of the dangers of the internet and the possibility of getting Spyware of viruses. However, most think that in order to get them, you have to execute a program. This is entirely untrue.

Delete Those Emails Before You Open Them!

Whatever the title and whomever it has come from does not matter. Always keep in mind that others may not know the dangers of simple emails or links as well. The best way to deal with emails from unfamiliar sources or emails that contain inspirational or chain letter type messages is to delete them as soon as possible. Do not open them ever!

PayPal announced plans to ban older and unsafe Web browsers in an effort to provide anti-phishing protection with the use of EV SSL certificates.

PayPal, the world’s largest online payment service, announced on Thursday that it is working on a plan to block users from making transactions from unsafe Web browsers.

PayPal released a white paper that outlines a five-pronged action plan aimed at slowing down the phishing epidemic. Part of this plan is to block any transactions from going through on browsers that don’t support EV SSL certificates.

PayPal’s chief information security officer Michael Barrett says letting users view the PayPal site on a browser that doesn’t have anti-phishing protection is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.

Some of the browsers PayPal is looking at blocking are old, out-of-support versions of Microsoft’s Internet Explorer and Apple Safari which offers no anti-phishing protection and doesn’t support the use of EV SSL certificates.

Firefox and Opera have announced that they will be offering support for EV SSL in their upcoming releases. It is unknown whether Safari will be offering EV SSL support in the near future.

Another recommendation outlined in the PayPal white paper is the “creative use of new email signing standards and cooperation with major ISPs to block unsigned email” that looks to be from PayPal, but isn’t, before it even reaches the customers.

Barrett says that if phishmail never makes it into a customer’s inbox, the customer cannot become a victim. Thus, ISPs need to adopt technologies to block fraudulent emails at the network edge. PayPal recommends installing anti-phishing and anti-spam technologies, like DomainKeys and Sender Policy Framework.

source: www.halflifesource.com/paypal_targets_phishing_epidemic/article2390.htm

Spam king Sanford Wallace and phishing buddy Walter Rines hijacked some 300,000 MySpace accounts and sent hundreds of thousands of spam messages and comments across the service. They got their punishment: a whopping $225 million judgment in favor of MySpace, Information Week reports.

MySpace decided to sue when it discovered the duo had lured MySpace users into revealing their login information through phishing sites. After obtaining user IDs and passwords, the pair distributed messages to the users’ friends list with links to various Web sites involving gambling, pornography and ringtones. According to court documents, Wallace and Rines distributed 735,925 messages during the scam and earned over $500,000 in the process.

A blog purporting to be from Sanford Wallace (The site registration address matches the address on the court docuuments.) Says:

I am amazed whenever I read an article written about the latest crimes I’ve committed and the latest court orders I’ve broken.

I don’t even learn about most of these claims until I read about them somewhere on the Internet. I live a low profile life. In the meantime, the world around me apparently still blames me for every spam and phish page on the Internet.

Please, move on to the real spammers.

..I am still waiting to be served. And I haven’t been hiding either. The whole case was one big PR move..

source:

www.crn.com/security/207800154

government.zdnet.com/?p=3813

blogs.pcworld.com/staffblog/archives/006956.html

http://en.wikipedia.org/wiki/Sanford_Wallace

The scams rely on a technique known as social engineering to trick computer users into divulging personal information that the cybercriminals or their customers can use to bilk unwary taxpayers.

The new phishing scams use spam e-mails to gull prospective refund recipients into providing their bank account information and other personally identifiable data via a fraudulent form that is attached to the original message by a hyperlink.

“To convince consumers to reply, the e-mail warns that a failure to complete the form in a timely manner will delay the issuance of the rebate check,” the bureau said in a warning.

The bureau urged people to use caution when dealing with e-mail from unknown senders, repeating the frequently heard warning that such electronic messages often include malware. The FBI notice also included examples of the types of deceptive wording the phishing e-mails have used.

The latest FBI warning about the online flood of fraudulent tax refund e-mails comes on the heels of a rising tide of IRS-related online fraud, as reported by GCN. The recent notice follows earlier warnings on the same topic by MX Logic, which predicted the fraud tactic earlier this year.

The bureau’s fraud notice also echoes IRS’ own anti-phishing warnings and actions against IRS spoof sites. The IRS recently stated that the number of bogus IRS sites has increased twelvefold this year over last year.

source:

FBI Warns of Phishing Scam Related to Economic Stimulus Checks

IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting

www.gcn.com/online/vol1_no1/46255-1.html

Panda Labs posted a report about a string of Phishing kits discovered recently, which unlike some of their better known counterparts are free to use. The news is not groundbreaking, but it does serve as a reminder that nowadays anyone can get in to the act of performing criminal activities online.

Panda Labs is reporting on the discovery of free Phishing kits that allow criminals, both professional and script kid in nature, to spoof bank pages and emails, online pay platforms, GMail and Yahoo accounts, online games (Xbox password theft) and blogs (Fotolog access credentials).

Upon accessing a URL that contains the kits, users obtain the files to create a fraudulent mail; one file allows them to spoof mails of banks, pay platforms etc., and the other allows them to create a fraudulent page that resembles the original. Additionally, the kit includes a PHP program, which is also free, to send emails from the spoofed page.

“The really amazing thing is, these kits are free,” explains Luis Corrons, Technical Director of PandaLabs. “Due to the simplicity of the tools, the number of Phishing attacks increases, causing companies and consumers large losses. According to a study conducted by Gartner, Phishing attacks caused U.S. consumers losses for US$3.2 billion in 2007.”

source:

http://pandalabs.pandasecurity.com/archive/Scampages.aspx

thetechherald.com/article.php/200820/948/Panda-Labs-locates-phree-Phishing-kits

Web surfing offers many different kinds of experience – the useful and the redundant, the profitable and the idle, the regular and the bizarre. And certainly one of the strangest experiences is when you try to visit a familiar page and suddenly find yourself on a completely different one, related or unrelated to the page you were trying to reach. What happened? Has the website changed its business?

Actually, the page got jacked. Perhaps you were searching for the page in a search engine, and got a link which you thought should be what you were looking for. But when you clicked on the link, you found that you were in the wrong place. Even wrong enough to get you embarrassed when there are other people nearby. Search engines do not make that kind of mistake, so what happened was the page go jacked, which fooled the search engine into thinking that it was relevant for your search.
You know how the internet works. There are banner ads and other kinds of ads which earn revenue for that site, and that is how they make a profit. Websites and businesses for alliances among themselves, and carry each other’s ads on their sites. When you got to a particular site and click on an ad that you find interesting, the original website gains some amount of money from the site to which your click takes you. So it’s possible for websites to make a profit from your visit. Naturally, they want you to visit their page.

That all fine and acceptable, as long as they use legitimate means of bringing you to their site. Like optimize their site for search engines, or promote their site in some other way. But when they become too eager, they sometimes cross the line between what’s acceptable what what isn’t. And sometimes they use pagejacking.
Sometimes in order to increase the rating of some visitor-starved website, the whole content of a popular site is copied by an unscrupulous webmaster and duplicated on his own site. This is done merely in order to fool the search engines into thinking that it was the original item. And when this ploy works, the duplicate site appears among the top results returned by a search engine on a search made using the relevant key words or phrases.

This increases the chance that users will click on that link on the results page, without looking to carefully at the address to which it leads. And when they do, they will be taken to the duplicate site briefly, before being automatically redirected to another site – the one that could use some visitors to generate revenue. This is known as pagejacking.
As a user, there is little you can do in order to prevent this kind of nuisance, except be more careful about the actual URL of the link you’re clicking on the search engine results page. If you are opening asite from your bookmarks, or typing in the URL directly, there’s no chance of your being duped by a pagejacker.

If you’re the owner or the maintainer of the website that got jacked, however, it’s a different story. The main way you can hit back against the offenders is by suing them or threatening to sue under the copyright law. The content and design of your website is copyright material, and they’re violating you copyright by reproducing it without your permission. So send them a formal letter asking them to cease and desist, and follow it up with a letter from your lawyer. Pagejackers are normally sniveling cowards, and this should suffice to solve the problem. If it doesn’t, however, do not hesitate to go to court – you’re sure to win this one, and also get compensation for the business you lost because of this obstruction.

There are many programs out there that can help you with Spy ware and Mal ware protection.

Some of the best programs to us are as follows;

The Cleaner Trojan checker For Trojan checker.
Male-ware Protection – http://www.malwarebytes.org/mbam.php
AVG – Offers free virus protection for your pc without causing vulnerabilities

Many other are available but be sure you get them from reputable services. All information secured on hard drives makes some people thing they are secure. They are NOT if they do not follow the simple instructions to avoid opening up our computer to malicious attacks.