Alert: FaceBook Phishing Scam

Beware! There is a fraudulent email circulating claiming to be from FaceBook. If you receive an email like the following, do not click on any links:

From: “Facebook”
To:
Subject: New login system
Date: Wed, 28 Oct 2009 12:52:40 -0600

facebook
Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
Thanks,
The Facebook Team
Update your Facebook account
Update
This message was intended for me@myemail.com.
Facebook’s offices are located at 1601 S. California Ave., Palo Alto, CA 94304.

The IBM X-Force 2009 Mid-Year Trend and Risk report finds growing security concerns related to surfing the web.

“The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted,” said X-Force Director Kris Lamb. “There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity.”

“Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks,” Lamb said. “The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.”

National Cyber Alert System
Understanding ISPs
ISPs offer services like email and internet access. Compare factors like security, services, and cost so that you find an ISP that supports all of your needs.

What is an ISP?
An ISP, or internet service provider, is a company that provides its customers access to the internet and other web services. In addition to maintaining a direct line to the internet, the company usually maintains web servers. By supplying necessary software, a password-protected user account, and a way to connect to the internet (e.g., modem, phone number), ISPs offer their customers the capability to browse the web and exchange email with other people. Some ISPs also offer additional services.

ISPs can vary in size—some are operated by one individual, while others are large corporations. They may also vary in scope—some only support users in a particular city, while others have regional or national capabilities.

What services do ISPs provide?
Almost all ISPs offer email and web browsing capabilities. They also offer varying degrees of user support, usually in the form of an email address or customer support hotline. Most ISPs also offer web hosting capabilities, allowing users to create and maintain personal web pages; and some may even offer the service of developing the pages for you. Many ISPs offer the option of high-speed access through DSL or cable modems, and some still offer dial-up connections.

As part of normal operation, most ISPs perform backups of email and web files. If the ability to recover email and web files is important to you, check with your ISP to see if they back up the data; it might not be advertised as a service. Additionally, some ISPs may implement firewalls to block some incoming traffic, although you should consider this a supplement to your own security precautions, not a replacement.

How do you choose an ISP?
There are thousands of ISPs, and it’s often difficult to decide which one best suits your needs. Some factors to consider include

security – Do you feel that the ISP is concerned about security? Does it use encryption and SSL (see Protecting Your Privacy for more information) to protect any information you submit (e.g., user name, password)?

privacy – Does the ISP have a published privacy policy? Are you comfortable with who has access to your information and how it is being handled and used?

services – Does your ISP offer the services you want? Do they meet your requirements? Is there adequate support for the services?

cost – Are the ISP’s costs affordable? Are they reasonable for the number of services you receive, as well as the level of those services? Are you sacrificing quality and security to get the lowest price?

reliability – Are the services your ISP provides reliable, or are they frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons? If the ISP knows that services will be unavailable for a particular reason, does it adequately communicate that information?

user support – Are there published methods for contacting customer support? Do you receive prompt and friendly service? Do their hours of availability accommodate your needs? Do the consultants have the appropriate level of knowledge?

speed – How fast is your ISP’s connection? Is it sufficient for accessing your email or navigating the internet?

recommendations – Have you heard or seen positive reviews about the ISP? Were they from trusted sources? Does the ISP serve your geographic area? If you’ve uncovered negative points, are they factors you are concerned about?

For the fifth year, the National Cyber Security Division (NCSD) is spearheading National Cyber Security Awareness Month, a comprehensive outreach campaign to empower all Americans and businesses to take steps to secure their part of cyberspace. Click here to get more information on steps you can take to contribute to cyber awareness activities.

We are aware of public reports indicating that attackers are using legitimate web pages to run malicious code on victims’ machines.

Reports, including a posting by Sophos, indicate that these messages
* Include keywords and names related to a current event (such as, the 9/11/2001 terrorist attack)
* Prompt users with a fake virus scan that attempts to make users believe they have a security issue. The users are then asked to download fake security software that is actually malicious code.

Please note that these characteristics may change at any time.

The United States Computer Emergency Readiness Team encourages users and administrators to take the following preventative measures to help mitigate the security risks:
* Install anti-virus software, and keep its virus signature file up to date
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks

What is a social engineering attack?
To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

How do you avoid being a victim?
* Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

* Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.

* Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.

* Don’t send sensitive information over the Internet before checking a web site’s security (see Protecting Your Privacy for more information).

* Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

* If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.html).

* Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).

What do you do if you think you are a victim?

* If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

* If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.

* Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

A Texas U.S. district court ruled in favor of i4i Ltd in a patent dispute against Microsoft. i4i was awarded more than $290 million in damages. Microsoft was issued an injunction preventing them from selling versions of Word.

The patent being ruled on relates to the use of XML (extensible markup language) in the 2003 and 2007 versions of Microsoft Word. The injunction takes effect in 60 days.

“These filings are not unusual in patent cases,” said Kevin Kutz, Microsoft spokesman. “We believe the evidence clearly demonstrates that we do not infringe and that the i4i patent is invalid.”

Microsoft filed a motion to stay the injunction.

Apple has released Safari 4.0.3 for Windows and Mac OS X to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or spoof a website.

The Mozilla Foundation has released Firefox 3.0.13 and Firefox 3.5.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, display misleading SSL information about a web page, intercept and modify encrypted communication, execute arbitrary JavaScript with chrome privileges, or cause a denial-of-service condition.

Announcing the 5th Annual GFIRST National Conference
at the Omni Hotel at CNN Center in Atlanta, Georgia – August 23-28, 2009

GFIRST5: The Five Pillars of Cyber Security: Threat, Vulnerability, Attack & Detection, Mitigation and Reflection. These foundations support the cyber security and incident response community by identifying the core components of incident management. Regardless of what sector you work in, these five pillars provide a framework that must be covered to secure information systems.

The Five Pillars of Cyber Security:

Threat: Collection and analysis of information regarding attacks and/or malware utilized to breach controls in information systems that would otherwise be unavailable to our constituency. Organizations need to understand the threats: who are they, what their intent is, and what capabilities they have. Understanding the threat assists in protecting systems against them and helps organizations prioritize them.

Vulnerability: Providing identification and aggregation of exploitable weaknesses in information systems from an authoritative source. Understanding the vulnerabilities being exploited by attackers is key to planning the release of information and protecting systems. Once the vulnerabilities are understood, they can be prioritized against other vulnerabilities which will assist in determining those that are most important to protect against and mitigate first (i.e. patching). Prioritization allows organizations to release high quality products with the most important, relevant information.

Attack & Detection: Actions used to identify threat activity that exists in a complex, multi-agency, multi-platform environment. Attack & Detection is better implemented once an organization understands the threat and the vulnerabilities being exploited. Once this information is understood, organizations can implement the appropriate detection mechanisms on their systems.

Mitigation: Solutions that contain or resolve risks through analysis of threat activity and vulnerability data which provide timely and accurate responses. Mitigation is the way in which organizations prevent attacks, reduce vulnerabilities and fix systems. Mitigation is sometimes difficult to implement as it is time consuming and tedious, but prioritization coupled with understanding the threats and vulnerabilities assists in forming an effective mitigation strategy.

Reflection: Maturing and developing the defense of critical information systems by compelling or influencing changes in law, regulation, policy, or procedure. Reflection allows organizations to review the threats, vulnerabilities exploited, attacks and overall system posture to implement policy and technology changes that will assist in protecting systems from similar incidents in the future.

Don’t miss your opportunity to hear the latest in cyber security trends and technology plus interact with key industry and government leaders. In an increasingly connected society, building partnerships and strengthening relationships among the incident response and security community are essential to effective response coordination and collaboration – and the 5th Annual GFIRST National Conference is the place to be this summer!

Why Should You Attend?

There are many reasons to attend the GFIRST Conference; benefits include:

* Networking with top information security professionals and government officials
* Hearing expert speakers discuss the latest in cyber security news and trends as seen by government agencies, law enforcement, private sector and academia
* Participating in information-sharing groups on topics such as collaboration methods and incident response practices
* Continuing professional growth with industry peers and keeping abreast of the newest issues, trends, preemptive measures and case studies

Who Should Attend?

The GFIRST Conference is open to all interested in learning more about cyber security and incident response. GFIRST is a great place for public and private sector leaders serving in non-technical roles to become familiar with the fundamentals of cyber security and incident response. GFIRST is also an excellent resource for practitioners in incident response and information security from the public and private sectors to include:

* GFIRST Members
* Cyber Incident Responders
* Chief Information Security Officers
* Chief Technology Officers
* Information System Security Officer
* Information System Security Managers
* Information Technology Directors
* Information Technology Administrators
* Network Administrators
* Cyber Security Experts
* Law Enforcement Personnel Supporting Cyber Security Issues
* Emergency Managers
* Incident Response Directors
* Academia with Cyber Security Specialties
* Cyber Security Association Members
* Computer Forensic Personnel
* Security Engineers
* Software Developers & Managers
* Process Improvement Managers
* Inspector Generals
* Critical Information Infrastructure Owners & Operators
* ISAC Members

What is GFIRST?

GFIRST is a group of technical and tactical practitioners from incident response and security response teams responsible for securing government information technology systems and providing private sector support. GFIRST members work together to understand and handle computer security incidents and to encourage proactive and preventative security practices across government agencies. GFIRST promotes cooperation among the full range of Federal, State and local agencies, including defense, civilian, intelligence, and law enforcement.

What is US-CERT?

The United States Computer Emergency Readiness Team “US-CERT” is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation’s Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. US-CERT is charged with protecting our nation’s Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for:

* Analyzing and reducing cyber threats and vulnerabilities
* Disseminating cyber threat warning information
* Coordinating incident response activities

US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public.

There is a scam being perpetrated by a company claiming to be “Canadian Pharmacy #1 Internet Online Drugstore”.

BUYER BEWARE!
They use a wide variety of methods to lure you to their site. The latest comes in an email claiming to be from Facebook (See an example.)

People that have been fooled by the website claim Canadian Pharmacy of phishing for identity theft, false advertising, wire fraud and mail fraud. Under no circumstances should you supply them with any personal information.

They use a multitude of domain names and subdomains that lead to identical websites.
The only contact information on the website is a bogus phone number 1(210) 888-9089.