This morning I happened to get a Phishing message from the contact form on this website. It was carefully crafted and was devised to obtain routing and bank information to most certainly relieve us of any and all funds in the account. When I went to investigate the site, I quickly learned that it had already been removed from the dns records of the hosting provider – precisely what I had intended to inform them of. Someone had already reacted to this would be phisher and stopped them in their tracks. This is always nice to see because often times when we do something as a responsible netizen administrators of websites and hosting companies lack the resources to respond and address the threats.
A particularly despicable scam is circulating this week. It involves a Spam email that contains a “death threat” the sender claims to be a hit man hired to kill you. In typical fashion the grammar and spelling are poor. This could indicate the authors are not skilled in the English language though it could also be an attempt to protect the guilty and obscure the trail of the actual perpetrator(s). If you happen to receive this Spam don’t worry, just delete the message. They are using this method to validate targets for future scams and Spam. If you do respond you will become a validated target. You can also contact the IC3 in the United States at www.ic3.gov to file a formal complaint. The entire text of the Spam is as follows (compliments of Swa Frantzen @ ISC):
“Hello, I wish to let you know that i have been paid by a client to assasinate you at convenience,and i have signed a contract of $650,000 yesterday for this.I have never met you before,but they gave me the full description of your identity and contact,together with your photograph which my boys have used to trace you.
The reason why they want you Dead is not disclosed to me as i was not allowed to know,but you are now not better that the dead ok.
My BOYS are now contantly watching you,they are following you-home,office,everywhere…..,you go and they are waiting for my instruction to terminate you.And they will strike at convenience.
THIS IS MY MESSAGE-
LISTEN VERY WELL !!!!,the Police cannot do much to help you out in this right now because you are being watched,any such attempt is very risky cause you will push us to terminate your life without option. Your calls are not safe also.In fact you are traced. I have no business with you but at least i have cleared the way as a pro-,but you may have one chance to live again if you can contact me not latter that 24 hours after this mssage.
There is an incredibly simple root exploit for computers running the Solaris operating system with telnet enabled. While in general terms it is a bad idea to have telnet enabled and particularly so on a forward facing or internet connected machine, this exploit is so simple and Solaris boxes are popular for forward facing roles such as web servers, etc. In general we would not be concerned with Solaris exploits at Managed Solutions. However this particular exploit has ramifications for all of us. Anything that has the potential for a very successful internet worm has the potential to affect the general availability of services we rely on. It could also lead to a compromise of our personal information should one of the hosts that we might have made a credit card purchase through become compromised. We will continue to monitor activity of this worm and update this article of any significant details.
As of 2/28/2007 there is a worm circulating for this previously reported simple exploit. We are actually surprised it took this long for something to hit the wild. Hopefully most organizations patched the vulnerability. Unfortunately it seems like things like this are far too often dealt with in a reactive fashion.
The United States Computer Readiness Team (CERT) is reporting today that multiple vulnerabilities exist for IOS. We recommend you review the bulletin if you use any Cisco networking products.
A Zero Day Exploit is an exploit that is circulating before the software vendor has learned of it. They can linger around as un-patched vulnerabilities if the vendor is slow or unable to respond to them.
Security software with lots of bells and whistles tends to encourage end users to feel more secure. They have firewalls, Antivirus protection, all sorts of resident programs and pretty icons. Something pops up now and then asking for their input; again insuring them it is working hard to protect them. They pay good money for this software, so it must give them some reason to rest easier at night. The sad fact is that even the best network protection scheme short of not having a network, is never safe. Let’s take a look at the situation today, and let’s talk about what we know. As of the writing of this article there are 3 un-patched vulnerabilities affecting Microsoft Word that have been known for over one month. That means that in spite of your efforts to protect yourself it is possible that a user at your company could receive an email containing an attached word document with an exploit designed to compromise your systems and your user would be the only line of defense. You’ve done everything you can do to layer your defenses, keep your systems up to date, and protect them pro-actively with other security software but there still is a chance that it could come down to the actions of that end user. That is why you should not overlook the human element in your security apparatus. Building a security aware culture is an important step in any IT security strategy. Teaching end users to get confirmation from third parties when they receive a message containing a suspicious attachment for example; can go a long way in preventing exploitation of your valuable resources. Scheduling regular training sessions where current issues are addressed can pay large dividends if even one compromise of your security apparatus is avoided. Educated users are safer users.
At Managed Solutions we advocate quarterly training sessions for existing employees and orientation for new users of our clients systems. By keeping the humans up to date with the latest information, our customers can substantially lower the chances of experiencing costly cleanup operations, loss of reputation and most importantly lost customers. What does your company do to educate its users? Perhaps it is time for you to consider a shift towards a more educated end user base. A security aware culture is the main protection we have against zero day exploits.