See the Internet Storm Center for Internet Updates

I just happened upon a CBS News video that gave me pause for thought.  This once posted back in April however

I missed it until now.

http://www.cbsnews.com/video/watch/?id=6412572n

The video talks about the fact that "modern" digital copy machines, those sold after 2002, contain a hard drive.  These hard drives store the images copied.  These machines are traded in for new models and then refurbed and resold. However, the hard drives more than likely are not getting scrubbed to remove the content. One of the copy machines in the video not only contained content on the hard drive but also still had documents left on the copy bed.

This brings up some interesting discussions.  What is on your copymachine hard drive?  When it is sent in for repair what information may be gleaned from a quick glance at the drive?  Is your copy machine another potential target to aid in identity theft?
Food for thought.  Should there be processes and procedures in place for the disposal of these devices? Do you know what other devices in your organization contain a hard drive or other storage device?  Is there a process for cleaning before disposal? What does your company do if anything to ensure that no confidential data is leaked by disposal of old equipment?

Deb Hale Long Lines, LLC

by Dana Dratch
Friday, March 19, 2010

Reposted from www.creditcards.com

Debit cards have different protections and uses. Sometimes they’re not the best choice.

Sometimes reaching for your wallet is like a multiple choice test: How do you really want to pay?

While credit cards and debit cards may look almost identical, not all plastic is the same.

"It’s important that consumers understand the difference between a debit card and a credit card," says John Breyault, director of the Fraud Center for the National Consumers League, a Washington, D.C.-based advocacy group. "There’s a difference in how the transactions are processed and the protections offered to consumers when they use them."

While debit cards and credit cards each have advantages, each is also better suited to certain situations. And since a debit card is a direct line to your bank account, there are places where it can be wise to avoid handing it over — if for no other reason than complete peace of mind.

Here are 10 places and situations where it can pay to leave that debit card in your wallet:

1. Online

"You don’t use a debit card online," says Susan Tiffany, director of consumer periodicals for the Credit Union National Association. Since the debit card links directly to a checking account, "you have potential vulnerability there," she says.

Her reasoning: If you have problems with a purchase or the card number gets hijacked, a debit card is "vulnerable because it happens to be linked to an account," says Linda Foley, founder of the Identity Theft Resource Center. She also includes phone orders in this category.

The Federal Reserve’s Regulation E  (commonly dubbed Reg E), covers debit card transfers. It sets a consumer’s liability for fraudulent purchases at $50, provided they notify the bank within two days of discovering that their card or card number has been stolen.

Most banks have additional voluntary policies that set their own customers’ liability with debit cards at $0, says Nessa Feddis, vice president and senior counsel for the American Bankers Association.

But the protections don’t relieve consumers of hassle: The prospect of trying to get money put back into their bank account, and the problems that a lower-than-expected balance can cause in terms of fees and refused checks or payments, make some online shoppers reach first for credit cards.

2. Big-Ticket Items

With a big ticket item, a credit card is safer, says Chi Chi Wu, staff attorney with the National Consumer Law Center. A credit card offers dispute rights if something goes wrong with the merchandise or the purchase, she says.

"With a debit card, you have fewer protections," she says.

In addition, some cards will also offer extended warrantees. And in some situations, such as buying electronics or renting a car, some credit cards also offer additional property insurance to cover the item.

Two caveats, says Wu. Don’t carry a balance. Otherwise, you also risk paying some high-ticket interest. And "avoid store cards with deferred interest," Wu advises.

3. Deposit Required

When Peter Garuccio recently rented some home improvement equipment at a big-box store, it required a sizable deposit. "This is where you want to use a credit card instead of a debit," says Garuccio, spokesman for the national trade group American Bankers Association.

That way, the store has its security deposit, and you still have access to all of the money in your bank account. With any luck, you’ll never actually have to part with a dollar.

4. Restaurants

"To me, it’s dangerous," says Gary Foreman, editor of the frugality minded Web site The Dollar Stretcher. "You have so many people around."

Foreman bases his conclusions on what he hears from readers. "Anecdotally, the cases that I’m hearing of credit or debit information being stolen, as often as not, it’s in a restaurant," he says.

The danger: Restaurants are one of the few places where you have to let cards leave your sight when you use them. But others think that avoiding such situations is not workable.

The "conventional advice of ‘don’t let the card out of your sight’ — that’s just not practical," says Tiffany.

The other problem with using a debit card at restaurants: Some establishments will approve the card for more than your purchase amount because, presumably, you intend to leave a tip. So the amount of money frozen for the transaction could be quite a bit more than the amount of your tab. And it could be a few days before you get the cash back in your account.

5. You’re a New Customer

Online or in the real world, if you’re a first-time customer in a store, skip the debit card the first couple of times you buy, says Breyault.

That way, you get a feel for how the business is run, how you’re treated and the quality of the merchandise before you hand over a card that links to your checking account.

6. Buy Now, Take Delivery Later

Buying now but taking delivery days or weeks from now? A credit card offers dispute rights that a debit card typically does not.

"It may be an outfit you’re familiar with and trust, but something might go wrong," says Breyault, "and you need protection."

But be aware that some cards will limit the protection to a specific time period, says Feddis. So settle any problems as soon as possible.

7. Recurring Payments

We’ve all heard the urban legend about the gym that won’t stop billing an ex-member’s credit card. Now imagine the charges aren’t going onto your card, but instead coming right out of your bank account.

Another reason not to use the debit card for recurring charges: your own memory and math skills. Forget to deduct that automatic bill payment from your checkbook one month, and you could either face fees or embarrassment (depending on whether you’ve opted to allow overdrafting or not). So if you don’t keep a cash buffer in your account, "to protect yourself from over-limit fees, you may want to think about using a credit card" for recurring payments, says Breyault.

8. Future Travel

Book your travel with a check card, and "they debit it immediately," says Foley. So if you’re buying travel that you won’t use for six months or making a reservation for a few weeks from now, you’ll be out the money immediately.

Another factor that bothers Foley: Hotels aren’t immune to hackers and data breaches, and several name-brand establishments have suffered the problem recently. Do you want your debit card information "to sit in a system for four months, waiting for you to arrive?" she asks. "I would not."

9. Gas Stations and Hotels

This one depends on the individual business. Some gas stations and hotels will place holds to cover customers who may leave without settling the entire bill. That means that even though you only bought $10 in gas, you could have a temporary bank hold for $50 to $100, says Tiffany.

Ditto hotels, where there are sometimes holds or deposits in the hundreds to make sure you don’t run up a long distance bill, empty the mini bar or trash the room. The practice is almost unnoticeable if you’re using credit, but can be problematic if you’re using a debit card and have just enough in the account to cover what you need.

At hotels, ask about deposits and holds before you present your card, says Feddis. At the pump, select the pin-number option, she says, which should debit only the amount you’ve actually spent.

10.  Checkouts or ATMs That Look ‘Off’

Criminals are getting better with skimmers and planting them in places you’d never suspect — like ATM machines on bank property, says Foley.

So take a good look at the machine or card reader the next time you use an ATM or self-check lane, she advises. Does the machine fit together well or does something look off, different or like it doesn’t quite belong? Says Foley, "Make sure it doesn’t look like it’s been tampered with."

Click here for the full article

Posted: Sunday, March 21 2010 at 06:00 pm CT by Bob Sullivan

Most people think they’ll never fall for a scam. In fact, that frame of mind is precisely what con artists look for. Those who believe that they know better are often the last to raise their defenses when criminals are nearby. Yes, Virginia, people lose money online. A lot of it. They wire cash to London, they can’t help investigating the one-in-a-million chance they really are related to a dead prince from Africa, and they sometimes even travel to Nigeria to find out. Just in case.

Many of the scams you read about are sensational, such as the silly "hit man" scam created by real amateurs (recipients get an e-mail that says send me all your money or I’ll kill you). And you’ve also seen lists that offer oddly skewed results, such as the recent FBI announcement that scammers pretending to be FBI agents are now the most prevalent Internet crime. You’d figure those numbers are a bit exaggerated because victims of FBI scams are a bit more likely to report those scams to the agency.

Fantastic stories like these only serve to convince many consumers to let their guard down even more, helping to increase the pool of marks for the professional scammers.

I know, because I hear from victims all the time. My inbox is littered with people whose notes say,"I know I should have known better, but …." And with that, they beg me for help restoring their ravaged bank accounts. In fact, every single victim I’ve ever interviewed says they had an inkling that something was wrong from the outset, but they ignored that feeling. That’s why the single most important factor in avoiding fraud is this: Learn to trust the feeling in the pit of your stomach.

Usually, I can’t help restore those bank accounts. But I can help you, if your turn hasn’t come up yet. And even if you are convinced you’d never fall for any online con, someone in your circle of friends or family is vulnerable. Please forward this story to him or her.

Because I hear from so many victims all year long, I know what people really fall for. Here are the top 5 ways cyberthieves separate people from their money, based on my 12 years of writing about Net cons.

1.) Online dating scams

Anyone out there never done anything dumb for love? If you are raising your hand, congratulations. You may now relinquish your credentials as a human being. The rest of you should read on.

Love-based cons are the easiest to perpetrate. Why? Because love always involves a leap of faith — trusting something you can’t see or touch. Just like Internet scams. For years, criminals have made haunts out of dating services and lonely-hearts chat rooms. Broken-hearted folks are rarely in their right minds, so they make easy targets.

I once knew the FBI agent in charge of investigating cyber-love scams. He put it this way: Men could learn a lot from con artist lovers. They send flowers and candy constantly while wooing a mark (purchased with stolen credit cards, of course). Gifts really do put women in an agreeable state of mind, he assured me.

Some cons spend months grooming their marks, waiting until after several "I love yous" before asking for $800 to be wired to the passport office in London to help clear up a paperwork mess so he can come to America for a visit.

Yes, it all sounds ridiculous. It’s not. It’s so profitable that criminals actually pay monthly fees on some dating services. Generally, the more you pay for a service the fewer criminals you’ll see, and free Craigslist personal ads tend to be a cesspool. But I’ve heard from victims who never joined a dating service but were still conned into fake love from perfectly innocent-sounding places like Facebook groups or chat rooms devoted to hobbies like stitching or horses. It all starts with a simple e-mail, perhaps enhanced by a little Facebook research (“Hey, you love the New York Islanders and the Beatles, too! Wow”)

Since I’ve written about this scam many times, I’ve even heard from concerned family members who beg me to talk the deluded lover down off the cliff when he or she is about to send a bunch of money to a scammer. Usually, I fail. Love is blind; it’s also really, really stubborn.

In the latest flavor of the scam, when a deluded lover actually wises up and confronts the criminal, he or she admits to the crime but then adds this twist: "Yes, at first it was just a con, but while we were talking I’ve really fallen in love with you."

For a whole lot more on this insidious, more-common-than-you’d-believe crime, visit romancescams.org. The group, founded by former victims, has been fighting back for nearly 10 years. They post blacklisted photos there, e-mail addresses and typical opening lines from scammers , and lots of additional helpful scam-fighting tools. If you fall in love and have any doubts, visit the site.

2.) Fake or "rogue" anti-virus software

We’ve all seen the pop-ups: "Your computer is infected! Get help now!"

If you’ve ever clicked through such an ad (really, a hijacking), you know that the price for freedom is $20 or $30 a month. At first, the ads were clunky and the threats idle. But now, many pop-ups are perfect replicas of windows you would see from Windows or an antivirus product. Some sites actually employ so-called ransomware, which disables your PC until you pay up or disinfect it with a strong antivirus product. That’s why consumers forked over hundreds of millions of dollars to fake antivirus distributors in 2009, according to the Federal Trade Commission.

Your best bet? Make a plan now. This is the one scam that just about anyone can fall for. The best protection of all is to back up your important files, so the day your computer is hacked, your digital life won’t be on the line. It’s also important to have a fire extinguisher nearby. A second PC or laptop is often your best help when disaster strikes. Many viruses disable Internet access, so you’ll need a second computer to research your infection and download disinfectant software. Have a flash drive nearby, too, so you can move the inoculation from one computer to the other.

Meanwhile, if you aren’t paying for antivirus software, at least employ one of the popular free products like AVG or Windows Defender

3.) Facebook impersonation

Facebook is no longer a Web site — it’s a full-fledged platform, rapidly approaching the scale of the Internet itself. Many young users spend more time on Facebook than on e-mail, and actually use Facebook as their e-mail service. That means scammers are now crawling all over the service, since they always go where the people go. There are hundreds of Facebook scams, such as phishing e-mails, Trojan horse infections, misleading advertisements and so on.

But the crime you should most worry about is Facebook impersonation. A criminal who hacks into your Facebook account can learn a staggering amount of information about you. Worse yet, he or she can gain trusted access to friends and family. We’ve seen plenty of stories that showFacebook friends can easily be tricked into sending money in response to believable pleas for help.

For this reason, it’s time to upgrade your Facebook password. Treat it like an online banking site, because it’s not a stretch to say that a criminal who hacks your Facebook account is only one small step away from stealing your money (“Hello, First National Bank, I’ve lost my password. But my high school mascot is the Owl and my mother’s maiden name is Smith. Oh, and my first girlfriend’s name was Mary. Can you reset the password now?”)

4.) Becoming a bot

You may not know it, but your computer might be a criminal. Botnets — armies of hijacked home computers that send out spam or commit other crimes — remain the biggest headache for security professionals. The various botnets ebb and flow in size, but at any given time, tens of millions of computers on the Web are under the influence of a criminal. No one thinks it’s their PC, of course, but look at the odds. If one estimate claiming 100 million infections is accurate, then about one out of every 20 computers in the world is infected. In other words, someone in your extended family is aiding and abetting a spammer.

How can this be? Victims typically don’t notice the criminal activity. Cyberthieves can easily use your machine without leaving a trace or slowing down your PC performance. They do not deposit e-mails in your sent items folder. Instead of sending 1 million e-mails from your machine, they send one e-mail every hour from 1 million infected machines.

Any honest antivirus company will tell you that there is so much new malicious software created every day that the good guys simply can’t keep up. The Web is jammed full of e-mails and Web sites that can turn your home computer into a bot. Your PC could very easily be safe today but at risk tomorrow. That’s why it’s so important to keep your computer’s security tools up to date. But you shouldn’t assume that this will keep you 100 percent safe. Avoid the Web’s seedier side, and don’t let the kids download illegal music or games, a main source of infections. And always keep on the lookout for strange programs, files or surprising hiccups from your machine.

5) The fakosphere

The Web is now littered with fake blogs, fake ads, fake acai berry products, fake work-at-home jobs and fake Web sites saying how great all these things are. You’ll even see ads for such products on all major media Web sites, as they’ve become the Web’s answer to late-night infomercials.

The FTC recently issued an opinion clarifying that fake testimonials on Web sites are a violation of federal law, and some of the over-the-top ads have disappeared. But the fakosphere is far from dead.

I know it’s tempting to obey one rule that will make your tummy flat, make your bank account fat or make your cancer disappear. But you can’t believe everything you read online. Never purchase a product without searching Google using this search term: "(Product name) scam" and "(Product Name) complaint." Then, spend three minutes familiarizing yourself with the reputation of the item you are about to buy and the price you are about to pay. One or two complaints might say one thing, but 500 complaints should certainly scream at you that you should put that credit card back in your wallet.

Here are a few other top scam lists worth checking:

* Top 12 scams at BillShrink
* The Times (UK) top scam list
* FBI top scams list

http://www.usatoday.com/tech/columnist/kimkomando/2010-01-28-online-crooks_N.htm?csp=usat.me

Criminals are getting smarter and smarter. So, these days, it isn’t enough to just run security software on your computer. You need to keep up with the criminals’ latest tricks. Here are six threats to your security and tips for protecting yourself.

Flash drives

Flash or thumb drives provide an easy way to infect machines with malware. It’s no surprise that criminals are using them, particularly to target companies.

TECH TIPS: Ask Kim

Criminals use a flash drive with a company’s logo. They load it with malware and drop it in the company’s parking lot. An unsuspecting employee picks up the drive and connects it to his or her computer. What happens next is the scary part. Criminals gain access to the company’s network — and trade secrets.

Never use a flash drive that you find. If you find one at your company, alert the IT department. It can find the rightful owner or destroy the drive.

Facebook ‘friends’

Everyone seems to be on Facebook. It can be exciting to find new Facebook contacts. But pay close attention to who you grant access to your profile.

If you use your account for business, it can be a gold mine for competitors. You may unknowingly post information about projects that would benefit competitors. Even your contact list says a lot. It can give hints about an upcoming merger or partnership. It can also give criminals inroads at other companies.

That’s not the only danger. Information you post can be used for targeted phishing attacks. A criminal can post a link to a malicious site. It could be a phishing site or a site that installs malware.

Limit what others see and be careful about your posts. You may also prevent others from posting to your wall. Above all, be vigilant.

Clickjacking

Clicking on malicious links is known as clickjacking. It can happen anywhere online. Most notably, it threatens Facebook and Twitter users. A victim is lured to a malicious page. The victim’s profile page is opened behind the malicious page. The victim has no idea any of this is happening.

In the case of Facebook, clicking on the malicious page causes the victim to sign in to Facebook. The victim could then perform actions that compromise the Facebook account. Or, victims might be tricked into turning on webcams and microphones. They might even delete their Facebook accounts.

There is no certain way to protect against clickjacking. Your best bet is to watch for suspicious links or sites. Be alert.

Smart phone apps

Smart phone apps are hot. Criminals are looking to them to get your information. Apple checks apps before offering them to users. But other app stores may be less thorough.

For example, one developer recently offered banking apps for Android phones. The developer had no ties to the banks. The apps may have been password-stealing tools.

Although it’s less likely, apps could also infect a phone with malware. Even seemingly legitimate apps pose risks. They may collect location information or access information stored on the phone.

Watch out for unknown developers when installing apps. Read the developer’s privacy statement to understand what is collected and how it’s used. And understand the app store’s approval process. Read reviews.

If it is a third-party app, contact the service to which it connects. Make sure the developer is an approved partner. If in doubt, skip the app.

E-mail messages

E-mail has long been a popular method of attack. And e-mail attacks are improving. Obviously, beware of attachments. If you’re not expecting an attachment, call the sender. Verify that it is legitimate.

Watch out for links in e-mail messages as well. These can take you to attack sites. Links to videos are particularly popular. You may be prompted to download something to display the video. You can bet it’s a Trojan.

Remember that e-cards can lead you to malicious sites. So can e-mail messages telling you to check out pictures of yourself. These malicious sites often use drive-by downloads, targeting holes in Windows. Keeping Windows updated will generally protect you from malicious downloads.

Criminals are also targeting their attacks. Malicious messages may be personalized with information about you.

Remember that it is surprisingly easy to find someone’s e-mail address. Business addresses may be gleaned from company websites or directories. Marketing companies sell targeted lists. And, you can find personal e-mail addresses via Intelius.

A spam filter should stop most of these messages. But never underestimate the importance of vigilance.

Porn dialers

Porn dialers are making a comeback on cellphones. The dialers are Trojans posing as videos, software or utilities.

They affect phones that run Java. Many are found on porn sites. Once installed, they send premium text messages or call premium numbers without your knowledge. You’re hit with a whopping bill. The criminals behind the Trojans share in the proceeds.

Be careful about downloading software. Don’t download anything from unknown or untrusted sources. You could also receive links to premium numbers via text message. Be careful when texting or calling numbers sent to your phone.

Now that you are aware of the dangers, one thing should be clear. When it’s all said and done, the responsibility of not falling for these scams is on your shoulders. Keep your guard up.

Kim Komando hosts the nation’s largest talk radio show about computers and the Internet. To get the podcast or find the station nearest you, visit www.komando.com/listen. To subscribe to Kim’s free e-mail newsletters, sign up at www.komando.com/newsletters. Contact her at gnstech@gannett.com.

I’m still seeing a lot of fake e-mails from scammers trying to lure people into disclosing their financial information. Not just the guy in Nigeria who wants to split $10,000,000.00 with you if you just send him "good faith" money, but e-mails from what appear to be genuine notices from major banks and credit unions. And some of these e-mails look extremely real. There are many scams on the internet from crooks trying to get peoples personal information and believe it or not, some people actually fall for these scams. If someone banks at Bank of America and they get an e-mail stating that their account will be frozen unless they update their personal information, some people actually enter their account numbers, PIN numbers, Social Security numbers, etc thinking that they are keeping their accounts active. What they are actually doing is providing a thief all the information they need to drain their bank account and open new accounts in their name. Identity theft is the fastest growing crime nationwide. And if you become a victim of identity theft, it takes years to try to straighten out your tarnished credit history. You could be the victim of identity theft and not know about it until your credit history is ruined. A few tips to avoid identity theft:

NEVER, NEVER give out personal information on the internet unless it’s a site you initiated, know and trust. Even then, most just ask for names, addresses and credit card info. Be leery of sites asking for name, date of birth, social security numbers and other personal information. I never give out my social security number unless it is absolutely necessary and I know and trust the company I am dealing with. Most companies have a contact phone number if you are unsure. Banks, credit unions etc will never ask you to update your personal information over the internet. Also be suspicious of phone calls threatening interruption to your phone or utility service unless you verify your personal information over the phone. If in doubt, call your bank or utility company to verify.

Get a copy of your credit report from the three major reporting agencies at least once yearly and verify that all the information is correct. You can get one free copy of your credit report each year by checking with the credit reporting agencies. There are also companies offering services that you can purchase which monitor your credit history and notify you whenever an inquiry is made to your accounts or new accounts are opened in your name.

NEVER give out your PIN number to anyone and do not write it on the back of your card or keep it in your wallet or purse. If someone finds it they can clean out your account. If you need to write the PIN number down to remember it, hide the PIN in a false phone number. (example: if your PIN number is 4419, write a number down such as 516-4419. It looks like a phone number to anyone else but you’ll know the last four digits are your PIN #. Cover the keypad numbers with your hands when entering the PIN number in a store, store clerks already has access to your credit card or ATM number; don’t let them see what your PIN is too.

If a purse or wallet is stolen or lost, report the loss to the credit card companies, banks and DMV immediately. A 2 hour delay can clean out your accounts. I once had a case where $20,000 was charged on various cards within 2 hours of a purse theft. Also report the loss to the local police department if credit cards and a driver’s license is stolen. 

And back to what we originally spoke about, fake e-mails. I’ve seen these for Bank of America, Bank of the West, ebay, PayPal, Wells Fargo, several Credit Unions and many others. They send them out whether you actually bank at these establishments or not, hoping that it will reach some people that will actually fall for it. And they look EXTREMELY real because they use the company’s logos, graphics and other information. Most say there is suspicious activity on your account and your account has possibly been accessed by an unauthorized person. They say your account will be frozen unless you update and verify your personal information by clicking on a link and filling in the information. No matter how real they look DO NOT click on the link or put in your personal information. If in doubt, call your bank or account holder to report the suspicious e-mail. Many companies request that you forward the entire fake e-mail to their security departments.        

I could go on for hours on the topic of identity theft and the nightmares it creates but just use common sense to protect your personal information. Check out the rest of our web-site for lots of FREE safety information. While your browsing our site, check out our book "Coptalk" to find out how to keep yourself and loved ones from becoming victims of crime. In this day and age, there is no Mayberry left. Protect yourself and keep yourself safe.

Mark
Coptalk.info

“Plenty of government agencies are dipping their toes into the Twitter waters these days, but when we found the Denton Police Department’s Twitter page this afternoon, we knew we’d found something truly special.”

To See the rest of the story here – Click Here

Twitter is a service for friends, family, and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?

Why? Because even basic updates are meaningful to family members, friends, or colleagues—especially when they’re timely.

• Eating soup? Research shows that moms want to know.
• Running late to a meeting? Your co–workers might find that useful.
• Partying? Your friends may want to join you.
• Fighting Crime?

With Twitter, you can stay hyper–connected to your friends and always know what they’re doing. Or, you can stop following them any time. You can even set quiet times on Twitter so you’re not interrupted.

Twitter puts you in control and becomes a modern antidote to information overload.

You can join and follow us here at Coptalk on twitter by going to:

www.twitter.com/coptalk

Stories of how Twitter and Craigslist (the popular online classifieds) help to solve or deter crime:

Reposted from: www.Techdirt.com

“With all the stories of police getting worried about new technologies, it’s always good to see cases where they seem to be using them appropriately. Rick recently wrote in to point out a story where police in Maine used Craigslist to track down a prostitution ring. Compare that to others who have been blaming Craigslist for prostitution. And, now we’re seeing stories about some police departments that are actively using Twitter either to send out emergency alerts to people, or to better connect with the community they’re supposed to be protecting. Of course, that story worries about "impostors," but there are ways to deal with that issue. For police looking to make use of the technology, it can be quite useful, and it’s great to see some actually realizing that and embracing the technology.”

Related Stories:

Craigslist used in prostitution sting

What’s the newest police tool? Try Twitter

Please remember Twitter like any other online service comes with its issues for safety and security – please follow good online password practices and also understand how to use it and who to follow or not follow before you dive right in……

http://www.eeye.com/html/conficker/index.html

Conficker Worm Overview

Introduction

The Conficker worm is a very formidable threat to modern-day networks. The worm uses multiple methods to infect remote systems, and utilizes a very advanced P2P architecture in order to communicate with other infected systems. Furthermore, it has shown signs of an advanced update mechanism that would allow infected systems to rapidly received updates in order to evade detection or to be used in some malicious manner.

Below is a visualization of the propagation and communication mechanisms currently seen within Conficker infections.

As depicted above, Conficker is a very powerful threat utilizing a blend of exploits and functionality issues within the Microsoft Windows Operating System, while also utilizing human propagation means via thumb-drive sharing. The worm has been identified on millions of workstations, servers, and laptops throughout the world.

Suggested Actions

Administrators are strongly urged to utilize the Free Conficker / MS08-067 Detection Utility available for download here:

http://www.eeye.com/html/downloads/other/ConfickerScanner.html

This utility allows network administrators to rapidly assess their networks in order to find hosts that are infected by Conficker, or are missing the most critical patch necessary to blocking Conficker network propagation attacks.

Free Protection Utility

Users are also urged to use a powerful host-based protection suite with anti-virus, such as eEye’s Blink Personal or Professional. In addition to the detection of the Conficker worm, eEye Digital Security’s Blink Endpoint Protection Platform can effectively protect hosts, even if they are not patched, from the propagation of this worm. Using protocol based IPS analyzers, Blink can detect and stop the malicious traffic associated with MS08-067 and block the worm from self propagating. For installations that are already infected, Blink’s multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host. Free trials are available for Blink Professional here, and a free version of Blink is available for personal use here.

Maintain Microsoft Updates

Users and administrators are strongly urged to maintain all of the latest patches from Microsoft and all other software vendors with applications on endpoint systems. This can be easily maintained by using eEye’s Retina Network Security Scanner to identify all vulnerabilities on a network. Windows users can also enjoy the benefits of this vulnerability assessment by using eEye Digital Security’s Blink Endpoint Protection Platform to perform a vulnerability assessment of the host system on which it is installed.

References The HoneyNet Project:
http://www.honeynet.org/papers/conficker/
Felix Leder and Tillmann Werner Analysis:
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker
Microsoft Advisory – 967940
http://www.microsoft.com/technet/security/advisory/967940.mspx
Microsoft Malware Protection Center:
http://tinyurl.com/absz6f
Microsoft Security Bulletin MS08-067:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
SANS – Internet Storm Center:
http://isc.sans.org/diary.html?storyid=5860
Shadowserver Foundation:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212