An dangerous email virus is circulating in the wild with the subject line “Internet Explorer 7 Downloads” that purports to be a download for Internet Explorer 7.

If you clink in the authentic looking graphic, you will download a file named “IE 7.exe”.

If you execute the file (double click), you install a new virus called Virus.Win32.Grum.A.

It will ruin your whole day.

A critical vulnerability has surfaced the affects many Microsoft products including Windows XP and Vista, and most versions of Outlook, plus Internet Explorer 6 and 7.

This bug exploits a flaw in how many Microsoft products process animated cursors.

Hey, this is a bad one! And it is not just theoretical, it is already actively in use.

All you have to do is view an infected HTML email or Web page, and your computer can be instantly compromised..

By compromised we mean, “It’s not your computer anymore.”

Microsoft does not have a patch.* They recommend turning off HTML viewing in Outlook (unless you have Outlook 2007, which is not vulnerable.) And be cautions about unknown web pages.

Microsoft Security Advisory (935423)

Fortunately, a patch has been developed by the eEye Digital Security Corp. A description and link for the patch can be found at their web site:

http://research.eeye.com/html/alerts/zeroday/20070328.html

Due to the insidious nature of this vulnerability, we strongly recommend installing the patch.

Alternatively, use a non-Microsoft Browser and email viewer.

* Update: Microsoft has announced that is will be issuing a patch for this exploit on April 3rd, instead of waiting for it’s regular monthly update. Those who have automatic updates enabled should get it automatically. Those who don’t, should visit Windows Updates and Office Updates on April 3rd, and install the patch ASAP.

In light of the recent announcement that over 45 million credit car numbers have been exposed by a major online retailer*, we suggest using the Citibank Virtual Account Number feature, which is available on many of their cards.

* Source: AP-TJX-Security-Breach

The automatically generated virtual account number:

1) may only be used once.
2) may only by the merchant you used it with.
3) expires at the end of the next month.

Therefore, after it is used to make a purchase online, it would not matter if the virtual account number were compromised, it would be of no use to thieves.

And if by chance the merchant does not deliver, you are also protected.

These “one use” numbers can be generated online, or by using the Virtual account number applet on your computer. Either method is very secure and convenient.

Highly recommended.

Here is an example of another phishing email. This one is probably trying to get your Amazon user name and password. (If you have one.)

Warning: Whatever you do, do not ever clink on any link in any email warning of any dire consequences with any account. Period.

If you have any concerns, check your account by manually entering the correct address in your browser and check your account. OR, simply pick up the phone and give them a call.

Click on the following thumbnail to view a screen capture of this phish. (Then use the back button to return to this page)

This phish contains many errors including unusual grammar, that should be big red flags. Check the bottom of the email and note the spelling errors:

Amazon sent this e-mail to you because your Notification Preferences indicate that you want to receive information about Special Events & Promotions. Amazon will request personal data (password, credit card/bank numbers) only on our home site, wich is securely incrypted with SLL.

Also, view the source code of this HTML email and you will find that the link to “amazon.com” has been spoofed. It definitely does not go to Amazon, it goes to an anonymous IP address. (You may also be able to view the actual link in the lower status bar of you email program while “hovering” the mouse pointer over the link.)

If you get a similar email and wish to report to Amazon, go to amazon.com and look under Help > Privacy and Security > Identifying Phishing E-Mails and follow the directions.

Chances are, you know somebody who’s computer is a bot, and chances are they don’t know it.

Definition – A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie – in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based.

According to a report from Kapersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.
Source

Yes, bot, as in robot, as in remote controlled zombie attack machine .

Why? Estimates are that as many as one quarter of all computers connected to the Internet are infected with Trojan Horse software that turns them into zombies under the command of the botnet creator. Source

Botnets are considered by many to be the biggest threat to the Internet.

So, how does one prevent a computer from becoming part of a botnet?

1) A good, two way, firewall.

2) Install all operating system security updates and service packs as soon as they are available.

3) Keep all vulnerable programs* up to date, such as Microsoft Office, Java, Flash, Reader, QuckTime, Real Media, web browser, etc.

* any program that is capable of accessing the Internet.

4) An Anti-virus program, updated regularly.

5) An Anti-spyware program, (with real-time prevention) updated regularly.

6) Inoculate your computer to prevent infection, with programs such as Spybot Search and Destroy and Spyware Blaster.

7) If you are particularly security conscious, install an active defense such as an intrusion prevention system.

Hey, it is a lot of work to keep computer systems secure. If you are not up to it, unplug that machine and never connect it to the Internet.

So, perhaps you are savvy enough to have a relatively secure computer. But how about your friends and relatives? If you can, take the time to help someone else who is not as computer savvy, and who might really need the help. It helps us all if there are fewer compromised computers on the Internet.

Friends don’t let friends surf insecurely.

It really should be common knowledge that “deleting” a file does not really delete it. It simply flags the file as “deleted” by changing one small bit of information in the file name.

The file is still readily accessible through the use of an “undelete” utility until at some point in the future, that files location on the hard drive is overwritten.

Even then, there are “forensic” tools that can often reconstruct files even after they have been simply overwritten.

Therefore sometimes it is wise to “shred” files, so that they cannot be reconstructed. Shredding is a common name for a technique that overwrites the file numerous times in a manner that as been carefully developed to prevent that file from being reconstructed.

We recommend the Eraser secure file shredder utility, which is available *free of charge* at the authors web site:
http://www.heidi.ie/eraser/

Torpark offers an excellent secure browser designed to run on a USB flash drive. Surf securely from Internet Café’s and other public computers. Surf securely on public wireless networks. All traffic is automatically encrypted for your privacy and security.

This software offers a customized version of FireFox, combined with the TOR secure network.

And best of all it is free.

It can be found at the following link:

http://www.torrify.com/software_torpark.html