Internet security company Sophos is warning of a new Trojan out that displays pictures of a potential Russian love match that is secretly stealing information from the user’s computer. When run on a computer, the Trojan displays three pictures of a young woman called “Victoria Stasova.” Accompanying the photographs is a heart and an AOL email address. While the pictures are being displayed, the Trojan is secretly logging key presses and stealing information from the infected computer. Although Sophos has not received many reports of this Trojan, users are urged to be on the lookout and make sure their spyware is up to date.

Security companies are now warning of the spread of image based spam. Image spamming usually comes in email messages and contain images that lure victims into visiting a site and downloading malware. Although image spamming has been around for awhile, it is now rapidly growing. Security firm CypherTrust Inc. reports image spam now accounts for about 15% of all spam traffic. Many of those messages are reportedly not stopped by text-based spam filters. Postini Inc. reports that 25% and even as high as 30% of all spam is from image spam. These images are also increasingly being used in phishing attempts because pictures copying or closely mimicking the logo of a reputable financial company can be more convincing than text alone. Most security companies say that image spamming is not a big concern as long as you are using updated versions of security software but always be weary of where you click.

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-214A

Apple Mac Products Affected by Multiple Vulnerabilities

Original release date: August 02, 2006
Last revised: –
Source: US-CERT

Systems Affected

* Apple Mac OS X version 10.3.9 and earlier (Panther)
* Apple Mac OS X version 10.4.7 and earlier (Tiger)
* Apple Mac OS X Server version 10.3.9 and…

Read more at checksum.org…

Security company Sophos has reported that the number of virus threats and mass mail viruses and Trojans are on the decline. The number of infected emails for the month of July is 0.45% of total emails sent. This is a new low for email threats. This dramatic decline in email threats indicates that hackers are turning to more targeted threats using Trojan Horse threats and phishing scams. Users are urged to be especially alert when being asked for information online and to what websites you search.

Cyber crime, which is classified as introducing any malicious software onto computers is growing into one of the largest illegal revenue-earning industries. It is so big that over the past year it has turned more money in than drug trafficking. The more recent attacks are moving away from large multipurpose attacks to small focused attacks. Of these attacks, phishing threats appear to be the most commonly used attack. This cyber crime is now ruled more by the professional mafia rather than single people attempting attacks. This makes the attacks worse and harder to detect. Cyber crime is steadily growing and now the professional crime community is taking over. Computer users are urged to be on guard now more than ever before.    

Major companies are being warned of the risks of sending unencrypted emails. Computer security experts say that it is a simple task for fraudsters to interrupt emails possibly finding important confidential information. Incidents involving snooping of emails are on the rise. Many users have come accustomed to be wary of spyware, phishing scams, and viruses, but very few are aware of the risks of sending unencrypted email messages. All users especially in big business are urged to secure their emails and be aware of possible security threats.

A banner on the worlds most popular website, MySpace, has caused quite a headache for many users. The banner ad discovered by security firm iDefense was posted by a site called deckoutyourdeck.com has caused several spyware and adware problems to millions of MySpace users. The banner, when clicked, is able to exploit a flaw in Microsoft’s Internet Explorer downloads a Trojan Horse which causes many pop-up ads and monitors the users online activity. It is unknown how the banner got onto the MySpace website but users are warned to be aware.

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-208A

Mozilla Products Contain Multiple Vulnerabilities

Original release date: July 27, 2006
Last revised: –
Source: US-CERT

Systems Affected

* Mozilla SeaMonkey
* Mozilla Firefox
* Mozilla Thunderbird

Any products based on Mozilla components, specifically Gecko, may also
be affected…

Read more at checksum.org…

Social networking website MySpace is becoming a major target for cyber criminals, with credit card fraud, phishing attacks and spyware all growing concerns for users of the site. One reason for the problems arising is the overwhelming popularity of the site which has created an ecosystem ripe for the picking by criminals. It is possible to buy tools that automate attacks on the MySpace Community. They can even set up automated conversations (which are very common and cheap to purchase) with users which exploit social engineering to encourage users to either follow links or even, in some cases, hand over credit card numbers, supposedly for age verification. Users are urged to beware that malicious software is plaguing the MySpace Community. Always be aware of what you are clicking. 

There are now seven new phishing scams targeting PayPal users. These scams send users emails about their PayPal accounts. The user then goes to a mock PayPal webpage when they click the link in the email and the scammer is able to get their login data. As always, be aware of any emails you receive and always login to PayPal and all websites by typing the web address into the browser instead of clicking links.

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

New US-CERT PGP Key

US-CERT has generated a new PGP key. We use this key to sign all
publications, including documents sent to this list. Effective
immediately, this new key is available and will be valid until Monday,
October 1, 2007. To obtain further information or to download the new
US-CERT public PGP key, please visit

or

A copy …

Read more at checksum.org…

An email coming from a Yahoo! email address claims that the 19-year-old correspondent has found a herbal root that has successfully helped the sick recover from AIDS, and that hospitals have confirmed that patients are no longer HIV positive. The email continues, asking for help in bringing the cure to English-speaking markets. People that receive the email believe they are helping the world fight AIDS and also potentially make money on the distribution of the cure. However, this is just a ruse to steal personal details, and that the fraudsters behind the scam campaign can use such information to steal money from bank accounts and commit identity fraud. This email con is the latest of many 419 scams. These scams are named after the relevant section of the Nigerian penal code where many of the scams originated and are unsolicited emails where the author offers a large amount of money. Once a victim has been drawn in, requests are made from the fraudster for private information which may lead to requests for money, stolen identities, and financial theft. 

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-200A

Oracle Products Contain Multiple Vulnerabilities

Original release date: July 19, 2006
Last revised: –
Source: US-CERT

Systems Affected

* Oracle10g Database
* Oracle9i Database
* Oracle8i Database
* Oracle Enterprise Manager 10g Grid Control
* Oracle Application Server 10g
…

Read more at checksum.org…

eBay has announced that it has formed a partnership with AOL, focusing on safety and security. eBay is launching counters this week, which will link to a special co-branded page within eBay’s Security & Resolution Center section on its website. There, in addition to information about staying safe from phishing and identity theft, is an editorial pitch that links to a page promoting AOL’s “Safety and Security” offering. The service is available for free to AOL users, but non-AOL uses must pay a monthly fee for the service, which offers protection against spyware, phishing and viruses as well as offering firewall spam and popup controls.

According to reports, more than 50% of small and medium sized businesses experienced spyware attacks during the first quarter of 2006. Small Businesses are especially attractive to hackers because of limited IT support and lack of network security. These businesses experienced slowed system performance, reduction in productivity, and even a loss in sales. Small business owners beware because you are being targeted.