Hackers, virus authors and scam artists seem to be working overtime this week. In my inbox today I found a letter that appeared to be from Microsoft. I mean it REALLY looked authentic. In it was the claim to have a critical upgrade that you need to apply right away to “protect” yourself from a new virus. Well, guess what? That file IS the virus! When I scanned it McAfee did not catch it on the first pass. Still suspicious I went to the McAfee site and updated my virus definition files. The one I had was only 2 revisions old, less than one week old. The new version did identify the virus. I knew it was there. It had to be. There were too many warning signs. A) No legitimate company will EVER send you an executable file via email. Not ever. Not even Microsoft! B) The letter was delivered to an email address I do not have registered with Microsoft. The moral is never double click an executable file attached in an email without checking it with the very latest version of a good virus scanner utility. And even then, only from a known source that you asked to send it.
I also received today another entirely legitimate looking email, supposedly from ebay. I’ve reported on these before but this one was so authentic looking I felt it bears repeating. It claimed that I needed to update my personal information with ebay. All I had to do was click on a link which looked like a genuine ebay web address, fill in the form and click submit. Three clues told me this was a scam. A) Even though the printed address in the email looked like a valid ebay address, the url which opened up was a numeric IP address which does not belong to ebay. Many people might look at this and just assume it was owned by ebay and send in the form anyway. BAD IDEA. B) Like the virus it was sent to an address not registered with ebay. C) They were asking for way too much information. Ebay has no reason to ask me for SSN or credit card with ATM PIN. This has fraud written all over it. The FBI had been alerted and is hopefully tracing the origin of this web site which has been up all day today and, even as I write this, is still live.
And, alas, even Linux fans must be on guard. Two critical security flaws were discovered yesterday which I first learn of in the news feed at SurfSafely.com posted on ZDNet. One in OpenSSH that is used to establish secure connections with a server, the second in Sendmail, the most widely used mail service program in the entire world. If you manage a UNIX based web server, it is critical that you get the updates from your OS vendor installed immediately. If you have a personal web site, make sure your web hosting company has applied the upgrades. Otherwise, spammers could hijack the server you’re hosted on and send spam as if it originated from you, making you look bad and possibly getting your email blocked by other services.
<sigh> Maybe one of these days I’ll have some HAPPY news to report, like the FBI caught the creep that was stealing personal information under the identity of ebay as a direct result of the tip which I provided them. It could happen. Right?