email scams to watch out for

If it seems like you’re getting hit with more email scams than ever, you’re right. Deb Shinder explains what you and your users should watch out for to avoid being duped.

---

Spam is one thing. It’s annoying to get email messages that are nothing but blatant attempts to sell you something. But other than using up your bandwidth, they don’t really cause you any harm. Email scams are quite another thing. They aren’t trying to sell you something; they’re trying to steal something from you, con you out of or into something, or just scare you.

Email scams have been with us since the Internet went commercial back in the early 1990s. I remember getting those Nigerian scam messages back then. And believe it or not, they’re still around. But scammers have gotten more sophisticated, and some of the more recent email scams are harder to detect — unless you know what you’re looking for.

The holiday season seems to bring even more scammers out of the woodwork, perhaps because the average computer user is more vulnerable this time of the year. We’re busy and in a hurry and may be less likely to notice the signs that a message isn’t legit, and/or we’re in a generous and giving mood and may be more likely to fall prey to a well crafted story that plays on our sympathy.

Let’s look at some of the email scams that are currently going around the Internet and how you (and your users) can recognize them and keep from being victimized by them.

Note: This article is also available as a PDF download.

1: Fake Facebook “friend” messages

The popularity of social networking has surged, and scammers have jumped on that bandwagon to take advantage of the way the social sites work. For example, depending on your account settings, you may get email messages whenever someone posts to your Facebook wall or sends you a private message. Recently, I received a message with the subject line “Caroline sent you a message on Facebook.” As with real Facebook messages, there was a link to click on to reply. But I get a lot of those messages, and this one didn’t look quite right. Figure A shows the fake message.

Figure A

Fake Facebook message is close, but not close enough.

I clicked back to a Facebook notification that I knew was real to compare the two. Figure B shows real message (with the content blacked out to protect the privacy of the sender).

Figure B

The real Facebook message has subtle differences.

The first thing that caught my attention was the Reply To address. I expected the URL domain to be www.facebook.com, but the one in the fake message was facebook.montadalitihad.com. If you know how domain naming works, you know that means “facebook” is just the name of a Web server in the montadalitihad domain. As if that weren’t enough, I also noticed that the To field in the message didn’t show my name; instead it said “Undisclosed recipients,” indicating this message was sent to multiple people. All this was enough to cause me to check out the message headers (in Outlook 2007, you do this by clicking the Options icon. Figure C shows the headers.

Figure C

The Internet headers show that this message did not come from Facebook.

In a real Facebook message, the Received: field in the header would be from mx-out.facebook.com. In this one, it’s mail.illimail.com. Now I knew for sure that it didn’t come from Facebook.

I had opened the message in a virtual machine, so if there was malicious code attached, it wouldn’t affect my real OS. Now I clicked the Reply To link and found that it opened a page that looks very much like the Facebook login page. The red flag here was that I was already logged into Facebook with that Web browser. You should not get the login page if you’re already logged into the service. I did not, of course, enter my credentials. That’s the scam. If you do, the scammer will now have your Facebook user account and password and can hijack your Facebook site.

Of course, variations on this scam may use other popular social networks, such as MySpace or LinkedIn. If you’re in doubt about the legitimacy of any “friend” message, just log in to your social network account via your browser (not by clicking the link in the email) and check your Inbox. If the message is real, there will be a copy of it there.

2: Fake admin messages

You might just ignore a “friend” message (especially from a friend you’ve never heard of). But scammers know that a message from the site administrator is more likely to get your attention. This message pretends to be from “The Facebook Team” and purports to notify you of a policy change that requires you to submit a new account agreement. They try to scare you by warning that your account might be closed down or restricted if you don’t do it. Figure D shows this message.

Figure D

Scammers up the ante by sending fake administrative messages.

This time, the scammer did a better job with the From name, which shows to be from facebookmail.com, just like a real Facebook message. But the first clue that it’s a scam is the To address. That’s not my name, and that’s not the name of anybody in my domain. I have our Exchange server set up to forward messages to me when they’re sent to nonexistent addresses (assuming they don’t meet other spam criteria, which would block them at the server’s spam filters). Spammers and scammers often get hold of an email domain name and send messages to random names at that domain in hopes they’ll hit on a real one.

The second warning signal is the attachment. Facebook agreements don’t come as attachments; if this were real, it would direct me to a web page where I could read the new terms and click Agree. Attachments from strangers should always put you on alert.

I copied the attachment into a virtual machine and ran a virus scan on it. Sure enough, it was infected with a virus called VirTool:Win32/VBInject.gen!CN. Luckily, most antivirus programs that are up to date will be able to detect it. A check of the Internet headers on this message indicated that the Reply To address is somewhere in Germany.

3: Fear-mongering messages

While we think of scam messages as those by which the scammer profits, some don’t benefit the scammer at all — except for whatever gratification a person gets from causing others to be upset or afraid. Unfortunately, this makes some individuals feel powerful.

There are many examples of these types of messages, and they usually seem to play on the current headlines. A few years ago, there was a flood of such messages warning that if you saw another car on the road at night with headlights off and blinked yours to signal to the driver, you were in dire danger of being shot as part of a gang initiation. This article details the history of this email hoax.

Similar fear-mongering scams have warned about a serial killer who lured women out of their homes by playing a recording of a crying baby and a rapist who would approach women in parking lots claiming to have picked up a five dollar bill the woman dropped.

The latest in fear-mongering messages like to play on health fears caused by all the recent media attention to swine flu (H1N1). An email message has been going around the Internet for several months warning that “The CDC says H1N1 is wiping out entire villages in Asia and expect it to hit the U.S. in January, where it will kill 6 out of 10 people.” The message goes on to predict that martial law will be declared and you’ll be shot if you leave your house to buy food, and urges recipients to stock up now and to buy face masks, use Purell, and take Enzacta products to “keep your immune system strong.” If you weren’t already a little suspicious, you probably will be by the time you get to the end, where the sender says the pandemic was predicted years ago by a Russian mathematician and that it was caused by a tsunami. Here’s the full text of the message.

They always say that if something seems too good to be true, it probably is. The same goes for over-the-top bad news — especially if you’re hearing it for the first time in an email message. You can bet that if the CDC had really put out such an announcement, it would be all over the mainstream news outlets.

4: Account cancellation scams

It seems that around the holidays, more of these than usual start popping up. I’ve received a number of messages telling me that my account has been or is about to be cancelled — purportedly from Amazon, PayPal, even from the bank. Close examination of the messages show them all to be bogus. Of course, in many cases, I already knew that, because I don’t even have an account with the organization.

Here’s another clue: The message contains a link that looks legit, such as www.mybank.com, but when you hover your mouse pointer over it to show the actual URL, it’s something different, often with a foreign country code such as .ru (Russian) or .cn (China).

Still another clue is that these scam messages often contain typos or grammatical errors you wouldn’t expect from a legitimate company.

5: Bogus holiday cards

There are numerous Web sites through which you can send virtual holiday cards to your friends, and many people take advantage of this quick and easy — and inexpensive (no postage stamps required!) — way to send season’s greetings at this time of the year.

Scammers have co-opted the idea, though. They know that many computer users won’t think twice about clicking a link to view a card from a friend, so they send out messages notifying you that you’ve received a card, with a link to a Web site that will download malicious software to your computer if you aren’t properly protected.

So how do you tell the real card services from the scams? For one thing, when a friend sends you a card from a real service, it will almost always tell you the name of the sender. Scam messages are more likely to use the generic “A friend sent you a greeting.” The safest way to check is to do a Web search for the card service and read about it to find out if it’s a legitimate one. Or to really be safe, just ignore the card notification and send holiday greetings to your friends the old fashioned way (through the postal service) or by personal email, instead of using a Web service.

6: Phantom packages

Any other time of the year, you might be suspicious if you were notified that you had an unexpected delivery from DHL, FedEx, or UPS. During the holidays, it’s a common occurrence. Scammers know this, so they’re seizing the opportunity and sending email messages telling you that you have a package that couldn’t be delivered because of some problem with the shipping address.

This particular scam contains an attachment that’s supposed to be a form you need to print and fill out so you can pick up the package. However, there is no package and when you open the attachment, it infects your computer with a virus.

Also beware of variations on this theme. Many people know not to download email attachments, but they’ll readily click a link to go to a Web site. So more sophisticated scammers will send you to a site that looks like that of the delivery service, but that delivers only malware — straight to your system.

7: Threats from the government

A sharply divided partisan political system has resulted in a growing distrust of government in many circles. Some scammers are now playing on those sentiments. A recent scam email has been going around that purports to warn you that the Department of Homeland Security and the FBI have been informed that you’re allegedly involved in money laundering and/or terrorist activities. The email goes on to say that you can avoid prosecution by obtaining a certificate from the Economic Financial Crimes Commission Chairman — for only $370. Who wouldn’t jump at that deal?

Many similar scams use the names of government agencies. Of course, they’re all hoaxes. If you were really the target of a DHS or FBI investigation, you wouldn’t be able to buy your way out of it for a few hundred bucks. And those agencies would be contacting you in person, not sending threatening email messages.

8: Census survey says…

Another recent email scam also involves the federal government, but instead of accusing you of a crime, it uses your knowledge of real, routine government activities against you. Everyone knows that the U.S. government conducts a census every 10 years, and 2010 is the year. Citizens are required by law to answer the census-takers’ questions. Most people also know that many government-related tasks can now be done online.

Scammers are taking advantage of this to send phishing emails that claim to be from the Census Bureau, making it “convenient and easy” for you to fulfill your census obligation, either by filling out an attached form and emailing it back or by visiting a Web site to fill in a form. The form asks for all sorts of personal information, including the social security number and date of birth of everyone in your household, which can be used for identity theft.

In addition to asking you these personal questions, the emails may include attachments containing malicious code that can infect your computer. The same goes for the Web links contained in the email message. The Census Bureau does, in fact, send email regarding your participation in a survey — but it does not ask for detailed personal information.

9: In Microsoft (or Apple or Dell or HP) we trust

There are dozens of email scams out there that attempt to exploit users’ trust in the vendors that make their computer software or hardware. These messages say they’re from the vendor and range from fake security warnings with attachments that claim to be vulnerability fixes (but are really malware) to bogus “special offers” to “payment requests” that require you to download and install a “transaction inspector module” (which is really a Trojan) if you want to decline to have the payment charged to your credit card.

10: You’re a winner!

There are many new twists on an old theme: You’re a winner in the lottery, contest, or drawing. All you have to do to claim your prize is fill out a form and email it back. Of course, the entity awarding the prize needs your social security number because the value of the prize must be reported to the IRS.

The bad thing about this scam is that you will indeed have to provide such information to claim a prize in a legitimate contest. As a Microsoft Windows 7 Launch Party host, I was automatically entered in a contest to win a Dell laptop — and I won. When I got the email notification, you can bet I was suspicious. Before doing anything, I checked it out with my contacts at Microsoft. Even after confirming that the notice was real, I declined to send my personal information back via email; I printed out the form and sent it via snail mail (registered and certified) instead.

Even if you really did enter the contest that you’re being told you won, don’t get careless. Check into the legitimacy of an email notification of the good news. And I recommend never sending your social security number or other sensitive information in unencrypted email. A legitimate contest will almost always have alternatives methods by which you can submit your information.

Source: TechRepublic

Use Google Picasa to Face-Tag Your Photos

As you've probably discovered after years of taking digital snapshots, keeping a photo library organized can be a nightmare. Far and away your best ally: tags, which are little descriptors attached to each photo.

Unfortunately, it's a major hassle to manually assign tags, which is where the new automatic-tagging feature in the just-released Google Picasa 3.5 comes in.

When you first run the new version, it starts scanning your library for faces, automatically grouping those that look similar (and with impressive accuracy, based on initial tests).

To get started with face tagging, click the Scanning option under the new People section in the lefthand toolbar. (Depending on the size of your library, it might take Picasa several hours to complete its initial scan--but you can start tagging while it's working.)

You'll immediately see a batch of faces in the main pane. Click Add a name under any one of them, type the person's name, and then hit Enter.

In the dialog box that appears, click New Person, and then click OK. (You can also supply a nickname and/or e-mail address at this point; Picasa can sync these tags with your Picasa Web Albums.)

Repeat the process with other faces. If you want Picasa to ignore a face (you might not want to tag everybody, after all), just click the little x in the corner.

Each "new person" you add creates a tag in the aforementioned People section. Click one of those tags to see all the matches Picasa has detected. You can refine these matches further by selecting one or more photos, then clicking the green checkmark if they're accurate (i.e. the correct face) or the red x if they're not.

The more you fiddle with this feature, the more sense it will start to make. Keep in mind that all this scanning and tagging makes no actual changes to your photos. Ultimately, it's just a quick way to find all your photos of, say, Fluffy the Dog, or your Uncle Ed. Great stuff.

Source: Rick Broida, PC World

Use GMail’s 8GB As Storage In Windows Explorer

Google offer a very healthy 7372 MB of storage to it’s GMail users.

This guide will show you how to add your GMail account to Windows Explorer, thus enabling a drag & drop system for you to use you GMail account as additional storage on your computer. Even if you don’t use GMail as an email provider nobody can turn down an extra 8GB of storage, can you?

Be aware that support for this tool may suspend at any time if Google decides to block its use.

To get started, download the latest version of GMail Drive from www.viksoe.dk/gmail/ and install it.

You’ll notice that it’s dropped an addition to your ‘Computer’ in Explorer.

Right click the GMail Drive in Computer an select Login As…

Enter your vital statistics and hit OK

You may get a window saying “enumerating folder”. Try not to disturb Explorer or this window whilst it’s working.

Once your in, it’s a simple case of dragging and dropping your documents, pictures, music into the GMail Drive.

It’ll instantly sync your GMail Drive with your online GMail account, where you can view the item, download, or view as a Google Document.

Source: Mintywhite

Make a vertical text selection in Word

Every once in a while, you may need to select a portion of text from top to bottom instead of from left to right. This obscure mouse shortcut will handle the job.

---

Here’s a trick that seldom appears on the shortcut lists. Most of the time, we select text horizontally — a word, a series of words, a paragraph — from left to right or vice versa. But occasionally, the selection has to be vertical. For instance, suppose you wanted to delete the leading characters in Figure A.

Figure A

To make a vertical selection, hold down [Alt] as you drag down through the text you want to highlight. Figure B shows the column of unwanted characters selected using this technique. Hit [Delete] and bam, they’re gone.

Figure B

Although we selected text at the beginning of the lines in this example, you can make vertical selections anywhere on the page.

Note: Some users have reported that the Research pane appears when they try this selection technique. Here’s the secret: Release the [Alt] key before you let up on the mouse button. Word should retain the selection. If you hold down [Alt] but release the mouse button, Word may think “[Alt]-click” and open the Research pane in response.

Source: Techrepublic

10 Useful Office Tips to Increase Productivity

#1: Format painter (Office)

The Format Painter tool replicates the formatting from one part of a document to another. So instead of manually redoing all the formatting yourself, you can use the Format Painter. First, select the text whose formatting you want to replicate. Then, click the Format Painter toolbar button. Finally, select the text you want to imbue with the format. For bonus points, you can double-click the Format Painter button to replicate the formatting to multiple areas of the document!

#2: Paragraph in/out/up/down (Office)

You can easily move a paragraph in four directions by pressing Alt+Shift+[Arrow]. To increase or decrease the indentation level of a paragraph or bullet point, press Alt+Shift+Right and Alt+Shift+Left respectively. To move a paragraph up or down, press Alt+Shift+Up or Alt+Shift+Down. This works especially well in PowerPoint, where it's common to reorder bullet points or change indentation levels.

#3: Increase or decrease font size (Office)

To quickly increase the font size of selected text, press Ctrl+Shift+>. To decrease the size, press Ctrl+Shift+<. I find it easy to remember these keyboard shortcuts because the one with the greater-than symbol increases the font size while the less-than symbol decreases it.

#4: Quick Access Toolbar (Office)

Office 2007 has a Quick Access Toolbar that can be customized to include buttons for your favorite commands. The Quick Access Toolbar is in the top left corner of many Office applications. You customize it by clicking on the drop-arrow on its right.

#5: Fill handle (Excel)

Excel can auto-fill cells in eerily smart ways. Instead of manually typing a sequence in cells, you can simply type the first few values of the sequence and drag the fill handle to auto-fill the rest of the cells. The fill handle is the little black square at the lower right corner of a selected cell's border. Drag it to automatically fill adjacent cells.

If you drag the fill handle with only one cell selected, it will repeat that cell's value into adjacent cells. However, if you drag the fill handle with multiple cells selected, Excel is smart enough to figure out the series. For instance, in the following example, Excel will fill subsequent cells with the increasing series of odd numbers. This even works for other types of series, like dates and percentages.

#6: Moving and copying cells by dragging selection borders (Excel)

Quite possibly the most useful yet completely undiscoverable feature in Excel is the ability to move and copy cells by dragging selection borders.

For instance, to move row four between rows one and two, select row four and drag the selection border while holding down the Shift key in order to insert it in its new position. If you drag the border without holding down the Shift key, the selected cells will instead replace the cells you drop them on. Conversely, if you hold down Ctrl while dragging a selection border, the selected cells are copied to their new location.

#7: Status bar statistics (Excel)

The status bar in Excel shows handy statistics when multiple cells are selected. In Excel 2007, the status bar shows the selected cells' average, count, and sum. This is an easy way to quickly analyze data without authoring formulas.

#8: Clear formatting (Word and PowerPoint)

To remove formatting from selected text, press Ctrl+Spacebar.

#9: Advanced field search (Outlook)

In Outlook, you can quickly search through a mail folder by using the Instant Search box. In addition to searching for keywords, you can do a fielded search by prefixing your search text with a variety of field names.

For instance, the above example searches for all mail from people named "jimmy" sent in May with attachments that have "jpg" in the filename. I most often use this feature for two things: to easily find email from a specific person, and to find specific attachments.

#10: Presenter view (PowerPoint)

PowerPoint has for many years had a great feature called Presenter View, which allows you as the presenter to see a different view of the presentation from your audience. In Presenter View, your monitor shows not only the slides, but also your notes as well as the current elapsed time in the presentation. This makes giving a presentation far easier. To enable Presenter view, go to the Slide Show ribbon and check Use Presenter View. In that same section, you can also change the monitor which the presentation is shown on. One note: the Use Presenter View checkbox can only be checked if you already have a second monitor connected and enabled.

Source: Philip Su, Microsoft

10 handy Firefox about:config hacks

If you really want to fine-tune your Firefox functionality, you have to roll up your sleeves and tinker with the about:config page. Jack Wallen shares some simple hacks to make Firefox work the way you want.

---

Unless you’re a Firefox power user, you may not be familiar with the about:config page. The Firefox about:config page is not so much a page as it is a somewhat hidden configuration section. It’s hidden because it’s fairly powerful and not nearly as simple to use as the standard Preferences window. In the about:config page, you have to know what you are doing or you can mess things up a bit. In fact, when you attempt to go to that page for the first time, you have to accept an agreement (which is really just a warning) before you can continue.

How this page works is simple. You reach the page by entering about:config in the address bar. There are entries (one per line) that handle various types of configurations. Each entry has a searchable keyword. The entries can be of Boolean, integer, or string value. Entries contain Name, Status, Type, and Value. Typically, you will be modifying only the Value, by double-clicking on it and making the change. With all of that in mind, let’s take a look at 10 of the best ways you can “hack” the about:config page.

---

Tip

If Firefox is fubar’d because you accidentally misconfigured about:config, you can fix it in one of two ways:

• Make a backup of your prefs.js file before you start editing. Then, if something goes wrong, you can restore it by copying it over the corrupt file.
• If you can’t restore via a backup prefs.js file, you can exit Firefox and issue the command firefox -safe-mode to bring up the Firefox Safe Mode screen. Then, just select Reset All User Preferences To Firefox Defaults. Note: This will restore all user preferences to their default values.

---

1: Speed up Firefox

This hack requires a few steps. Search for pipelining in the filter and you should see:

network.http.pipelining: Change this to true.

network.http.proxy.pipelining: Change this to true.

network.http.pipelining.maxrequests: Change this to 8.

Now search for max-connections and you should see:

network.http.max-connections: Change this to 96.

network.http.max-connections-per-server: Change this to 32.

2: Disable antivirus scanning

This is only for the Windows version. If you’re downloading large files, this scanning can seriously slow things down. And since you will most likely scan the downloaded file anyway, you’ll probably want to disable this. Of course, if you are uber paranoid (not a bad trait for computing), you might want to leave this entry alone.

To disable antivirus scanning, search for scanWhenDone and you should see:

browser.download.manager.scanWhenDone: Change this to false.

3: Open Javascript popups as tabs

If a popup window lacks the features of a browser window, Firefox will handle it like a popup. If you would prefer to open all windows, including popups, as new tabs, you need to tell Firefox in about:config. Search for newwindow and you will see three entries. Of those three entries, you will want to modify:

browser.link.open_newwindow.restriction: Change this to 0.

4: Spell checking in all fields

By default, Firefox checks spelling only in multiple-line text boxes. You can set it to check spelling in all text boxes. Search for spellcheckdefault and you should see:

layout.spellcheckDefault: Change this to 2.

5: Open search bar results in new tab

When you use the search bar, the results display in the current tab. This can be a nuisance because you will navigate out of the page you are currently in. To make sure Firefox always opens search results in a new tab, search for openintab and you should see:

browser.search.openintab: Change this to true.

6: Auto export bookmarks

In Firefox 3, bookmarks are automatically saved and exported for you. The only problem is that by default, they’re saved as places.sqlite instead of the more convenient bookmarks.html. To change this setting so that they can be easily re-imported, search for autoExportHTML and you should see:

browser.bookmarks.autoExportHTML: Change this to true.

7: Disable extension install delay

One of the few gripes I have with Firefox is the silly countdown you must endure every time you want to install an extension. Fortunately, this can be disabled. Search for enable_delay and you should see:

security.dialog_enable_delay: Change this to 0.

8: View source code in an external editor

When you need to view the source of a page, it opens up in browser popup. Most developers would probably like to have that opened in their favorite editor instead of having to cut and paset. To do this, there are two entries to modify. Search for view_source.editor and you will see:

view_source.editor.external: Change this to true.

view_source.editor.path: Change this to the explicit path to your editor of choice.

9: Get more add-on search results

When you do a search in the Add-on window, you’ll see just five results. You might find it more efficient to increase this number. Search for getAddons and you should see:

extension.getAddons.maxResults: Change this to 10 (or higher, if you want to see even more).

10: Redefine the Backspace button

Did you know you can configure Firefox to use the backspace button to either go back a page or go up a page? This keeps power users from having to go back and forth from the keyboard to the mouse. Search for backspace and you will see:

browser.backspace_action: Change this to 0 for previous page and 1 for page up.

Source: Jack Wallen, Techrepublic.com

Fake e-mails to patch Outlook lead to malware

All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.

If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.

These fake Outlook patch alerts have affected PC users worldwide. As the Sophos blog explains, if you follow the instructions in the bogus message, it results in your running nasty hacker code.

Actual security bulletin notices from Microsoft are quite dull. They never include direct links to the downloadable patch. Instead, they require you to go to a bulletin landing page. Most importantly, they're always signed with a PGP signature. (See Figure 1.)


Figure 1. Microsoft's security-bulletin e-mails are always identified as PGP SIGNED.

When in doubt, always download patches directly from the Microsoft Update site. Even considering the recent problems with update notifications that don't always appear in Windows as expected — see this week's Top Story for details — you should always download updates for Windows and other Microsoft software only from Microsoft servers.

Source: Windows Secrets

Transpose Excel data from rows to columns, or vice versa

When you need to flip-flop data in an Excel worksheet, don’t waste time doing it manually. Excel offers a handy Transpose option that will quickly take care of the task.

---

Here’s a tip that eliminates the need to rekey data. Suppose you’ve entered your data with three column headings running across Row 1 and four row headings running down Column A, like the ones shown in Figure A.

Figure A

After working with the data for a while, you decide you’d rather have the current set of row labels (months) running across the columns. Whatever you do, don’t even think about rekeying the data.

You’ll find the best solution on the Paste Special menu. Start by selecting and copying your entire data range. Click on a new location in your sheet, then go to Edit | Paste Special and select the Transpose check box, as shown in Figure B. Click OK, and Excel will transpose the column and row labels and data, as shown in Figure C.

Figure B

Figure C

Note

You aren’t limited to using the Paste Special | Transpose option to rearrange multiple rows and columns of data. It works just as well when you need to turn a single row of labels into a column, or vice versa.

Source: Tech Republic

Two new Mac attacks surface

This is the message visitors to the porn site get which tricks them into installing an ActiveX object to watch a video but instead downloads a Trojan.

(Credit: Sophos)

Security experts have discovered two new attacks targeting Mac users, a new version of a worm and a Trojan hidden inside a porn site.

Sophos on Wednesday discovered a new version of the Mac OS X Tored worm, according to a Sophos blog post.

On Tuesday, Paretologic warned about a porn site that was downloading malware that targets both the PC and the Mac. Mac users get redirected to the pagemac.php page, which downloads a QuickTime.dmg file, the blog post says.

Sophos explained in blog post on Thursday that visitors to the malicious porn site are told they have to download an ActiveX component to view the videos. Instead, a Trojan, dubbed OSX/Jahlavc, gets downloaded.

"As we've demonstrated before, and as we'll no doubt explain again, the Mac malware threat is real," writes Sophos security researcher Graham Cluley. "Hackers are deliberately planting malicious code on Web sites, and using social engineering tricks to fool you into installing it onto your computer."

An Apple spokesperson did not immediately respond to a request for comment.

Source: Cnet, by Elinor Mills

Big-name sites spread latest malware infections

Going by such names as Gumblar, JSRedir-R, Martuz, and Beladin, a new generation of malware has managed to surreptitiously place malicious JavaScript code on tens of thousands of popular Web sites.

The hacker scripts try to infect site visitors and then attempt to use their compromised PCs to spread the infection to yet other sites.

Over the past month, the security services ScanSafe and Sophos have reported infections on such major Web sites as ColdwellBanker.com, Variety.com, and Tennis.com. Niels Provos reported in the Google security blog on June 3 that sites infected with Gumblar numbered about 60,000. Visitors became susceptible to infection simply by opening the sites in Internet Explorer.

After the script infects a PC, it attempts to spread its code to any Web site accessible via that machine's FTP client, if one is present. Webmasters often use FTP to make changes to the sites they manage. If FTP software is configured to save a webmaster's sign-in information, the malware can edit itself into a Web site's pages.

Once a PC is running this class of malware, the hacker code tries to trick the user into opening infected PDF and Flash files. If the PC has an unpatched version of Adobe Reader, Acrobat, or Flash, opening an infected file can install a keylogger or other malware. In the case of Gumblar, Google search results in an Internet Explorer window are rewritten — in a way that end users may not notice — so the links point to hacker sites laden with infected PDF and Flash.

Security firms have made efforts to block domains that serve as malware destinations in this latest round of attacks. But the bad guys quickly move to substitute other domains in what has been compared to a game of Whack-a-Mole.

Meanwhile, it's not so easy to shut down a well-known, legitimate site that's infected (although many such sites have quickly been cleaned up). You can't protect yourself simply by visiting only "trusted" sites, because there's no easy way for an end user to determine whether a legitimate site is infected.

Fortunately, you can stack the odds in your favor by following the guidelines in the Windows Secrets Security Baseline:

• Step 1: Use a hardware firewall.
  
• Step 2: Install a set of security software.
• Step 3: Scan your system regularly with a software-update service (more on these below).
  
• Step 4: Use Mozilla's Firefox or Google's Chrome browser, both of which are more secure than Internet Explorer.

Source: Windows Secrets Newsletter

Powerpoint Patch for Windows

Microsoft issued a patch for critical vulnerabilities in PowerPoint this week after a bit of a wait. Mac users will continue to wait, however. PowerPoint's vulnerability was widely known and there apparently were others kept under wraps until Microsoft could issue a patch. Attackers looking to take advantage of the flaw did so by tricking users into opening a PowerPoint file, either by email or other means. Opening the file allowed malicious code to be injected.

Once injected the Trojan attempts to communicate with the Windows update site as a check for an internet connection. Once an internet connection is established, the Trojan sends computer identification and location information (computer name, IP address, OS), performs a directory search, lists the contents of the system, and downloads an update or additional malware.

In short, the virus tells a hacker exactly what's on a victim's computer, and the hacker decides whether or not to take action based on that information.

Microsoft has released a patch applicable to all versions of PowerPoint back to 2000. It should be available via Windows update or by clicking "Check for Updates" in the help menu of PowerPoint.

Mac users running 2004 or 2008 versions will have to wait as the patch for those versions are still in development. Until then security experts recommend caution when opening PowerPoint files from unknown or suspicious sources. Microsoft rates the vulnerability as critical.

Source: SecurityProNews

Fake Infection Warnings Can Be Real Trouble

Michael Vana knew something was up when he saw the pop-up from "Antivirus 2009" in the middle of his screen. The former Northwest Airlines avionics technician guessed that the dire warning of a system infection was fake, but when he clicked on the X to close the window, it expanded to fill his screen. To get rid of it, he had to shut down his PC.

Sound familiar? Dirty tricks like these, designed to get you to install and buy fake antivirus products, are more common than ever. (For advice on how to proceed if you've installed a phony antivirus on your PC, see "Antivirus 2009: How to Remove Fake AV Software.") But while you might recognize such warnings as bogus, you might not know that the fake warning could be a red alert about an underlying bot malware infection. Knowing the difference is key.

"It's not something you even blink at anymore," says Christopher Boyd, senior director of malware research for communications security company FaceTime Communications, of requests for help in dealing with these warning pop-ups.

The increased incidence of these pop-ups is due to more crooks going after easy money from shady affiliate programs, which pay a huge cut of the profits--up to 90 percent--for every person who mistakenly forks over money for a fake program, regardless of what in­­duced them to pay. Often, the inducement comes from a malicious Web site that uses JavaScript tricks to toss up a bunch of pop-ups, or even resize the viewer's browser window, to create something that looks like a real antivirus scan.

You might reach such a site by using a bad search link, like the one Boyd clicked for a free online Batman game. He got redirected to a site that took over his browser to display a fake AV scan, which then found (fictitious) critical infections that could be fixed by purchasing the rogue antivirus program.

If a site merely hijacks your browser, you don't have to worry too much: The pop-ups or fake scanner windows don't cause lasting damage, Boyd says. You might be prevented from closing the window, as Michael Vana was, but you can usually bring up the Windows Task Manager with Ctrl-Alt-Delete and close your browser that way. Sometimes just hitting Alt-F4 will shut it down.

"To do this, [the fake site] uses real code, and doesn't generally exploit a hole," Boyd says. As long as you don't pan­ic and install the pushed program, no real harm occurs.

Bot-Based Fake Antivirus

Unfortunately, the other way you might en­­counter a fake antivirus program is far worse.

Joe Stewart, a director of malware research with SecureWorks, a security services company for businesses, tracks bot malware for a living. Criminals use bot-infected computers, sometimes gathered into huge networks (called botnets) of a hundred thousand or more systems, to send spam across the globe. But they also use bots to download rogue antivirus programs and other malware onto a victim's PC.

"It's a proven way of monetizing a botnet," says Stewart. "Just about anybody with an already-deployed botnet is potentially looking at this as a way to make extra money."

According to Stewart, crooks make that money either by getting someone to download a supposed trial version of the rogue AV--co-opting a legitimate software sales technique--or by installing that software behind-the-scenes with a bot.

Once installed, the rogue typically uses highly aggravating techniques, such as changing the Windows desktop background to warn of a supposed infection and displaying constant other warnings, to push you to buy the full version of the software.

You might know not to download rogue AV in response to a spurious browser pop-up. But when instructed to download it by a malicious controller, a hidden bot will never give you the chance to apply your good sense.

If you follow basic security precautions, such as keeping your bona-fide antivirus software up-to-date and being careful with e-mail attachments and downloads, you can significantly reduce the odds of getting infected with a bot or other malware. But if you do see pop-ups or other fake warnings from rogue AV on your computer, it's a good idea to try to determine whether it's from a site or from actual software installed by a bot (or by someone else who uses the PC).

Possibilities Endless

There are many variations on the fake software scam, and crooks' tactics vary, so there is no universal indicator that one is present. But watch out for warnings that persist after you reboot your PC, especially if you see them before you open your browser. Seeing an unfamiliar warning icon in your system tray is another bad sign, particularly if you can't right-click it and make it go away. And if your desktop background has changed, you're definitely infected with the rogue antivirus, says Boyd.

As to the source of this garbage, here's a clue. One variety that Stewart examined, then called "Antivirus XP 2008," would first check the PC's system configuration to see whether it was located in a country with many ethnic Russians. It would also examine the user's Internet Explorer for visits to the Russian version of Google. If it encountered any such evidence, the installer would immediately quit without afflicting the potential victim. According to Stewart, that's "enough to pretty much guarantee that Russian-speaking users will not ever see an Antivirus XP 2008 install." But Internet users outside of the former Eastern Bloc had better watch out.

Source: Erik Larkin, PC World

Gmail offers 'undo' email option

The folks at Gmail Labs obviously dedicate a healthy amount of brainpower to the prevention of regrettable emails sent through their service.

Custodial hearts at Google who've brought us Mail Goggles to stave off late-night drunken e-correspondence have now introduced an Undo Send option to their web-based email lineup.

Gmail's User Experience Designer Michael Leggett illustrates the team's M.O.:

"Sometimes I regret sending a message the morning after. Other times I send a message and then immediately notice a mistake. I forget to attach a file or email the birthday girl that I can't make her surprise party. I rush to close my browser or unplug the Internet - but Gmail almost always wins that race."

Enabling the Undo Send option gives the user a scant five seconds to let wiser heads prevail. The catch is that Undo Send doesn't kill an email that's already been sent, but instead just holds the message while the five-sec clock ticks down.

To this reporter, that doesn't sound like enough time to dismiss an ill-sent email - but Leggett claims that even just five seconds does the trick for him and already has saved him several times.

Undo Send was developed by Yuzo Fujishima, a Google engineer in the company's Tokyo office.

Gmail users can switch on Undo Send in Gmail Labs under settings. The rest is pretty easy - if you're quick:

1) Click 'enable' on GMail Labs tab in settings.

2) Author regrettable email message.

3) Realize you've made a big mistake within five seconds.

4) OH %&@# OH %&@# OH %&@# ...phew!

5) Atone for your wicked, wicked ways.

Follow this link to enable Gmail's five-second grace period. ®

Source: Austin Modine, The Register

Fake News Bulletin Email Spreads Malware

Spammers and hackers have been sending out e-mail messages that look like they are coming from CNN or MSNBC as news alerts. It's easy to fall for this trick, especially if you actually have subscribed to receive news alerts via e-mail. The e-mails have included subject lines such as "CNN Alerts", "CNN.com Daily Top 10", and "Breaking News" with phony or legitimate news headlines.

According to PC World, one example includes a link that brings users to a fake CNN site, "where they are told they need to download an update to Flash Player, Adobe System Inc. 's popular Internet media player, to view a video clip from CNN."

"If users agreed to download the bogus Flash update, they were trapped in an endless loop, where clicking "Cancel" in the initial dialog produced a second pop-up. Clicking "Cancel" there returned the user to the first pop-up. The only options at that point were for users to shut down the browser or give in and install the malware."

"The bogus update -- named "adobe_flash.exe," ...is actually a Trojan horse identified by security vendors as "EncPk-DA" and "Exchanger.mn" among other names. The Trojan, in turn, "phones home" to a malicious server to grab and install more malware."

As a result of the rash of these fake e-mails, Adobe has issued the following warning: "Do not download Flash Player from a site other than Adobe.com," said David Lenoe, the company's product security program manager, in an entry on a company blog. "If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."

Source: PC World: Fake CNN Alert Still Spreading Malware , and Fake News Bulletin Spreads Malware

How to Block Cellphone Spam

Are you receiving unsolicited text messages on your cellphone?

According to Wikipedia, this practice is described as ‘mobile spamming, SMS spam or SpaSMS, but is most frequently referred to as m-spam.’

Unlike regular e-mail spam, you have to pay for it - At least if you don't have an unlimited texting plan. Meanwhile, the spammers can send text messages from a computer’s e-mail program for free. Moreover, there are no anti-SMS spam programs you can install on your cellphone.

But according to AT&T, with a little-known cellular feature you can block cellular spam.

“Our customers can get onto our Web site,” he wrote, “and set their handset so that it receives no messages from the Internet, the origin of the vast majority of wireless spam.”

“Text messages sent from the Internet are addressed as follows: [Your 10-digit wireless number]@txt.att.net.

“What spammers try to do, of course, is attempt to guess your number, largely by trial and error. This brings me to the second capability we offer our customers. Let’s say you want to block spam, but still want to receive messages originating from the Net that you would actually find useful (airline schedules, hotel reservations, etc.). For this purpose, we let you replace your wireless number with an alias. It could be some quirky name, or whatever you like. [You share this address only with people you know.] This could disrupt the guessing game spammers play to try to discern your number and sent you their junk.

“Though not perfect, our efforts have helped keep spam in the category of minor, though annoying, phenomenon. Thanks for listening.”
The beauty of this feature, of course, is that it blocks ONLY text messages from the Internet. Your friends, using cellphones, can still text you.
As it turns out, Verizon Wireless offers these features, too. Sprint and T-Mobile don’t go quite as far, but they do offer some text-spam filtering options. Here’s how you find the controls for each company:

* AT&T: Log in at mymessages.wireless.att.com. Under Preferences, you’ll see the text-blocking and alias options. Here’s also where you can block messages from specific e-mail addresses or Web sites.

* Verizon Wireless: Log in at vtext.com. Under Text Messaging, click Preferences. Click Text Blocking. You’re offered choices to block text messages from e-mail or from the Web. Here again, you can block specific addresses or Web sites. (Here’s where you set up your aliases, too.)

* Sprint: No auto-blocking is available at all, but you can block specific phone numbers and addresses. To get started, log in at www.sprint.com. On the top navigation bar, click My Online Tools. Under Communication Tools, click Text Messaging. On the Compose a Text Message page, under Text Messaging Options, click Settings & Preferences. In the text box, you can enter a phone number, email address or domain (such as Comcast.net) that you want to block.

* T-Mobile: T-Mobile doesn’t yet offer a “block text messages from the Internet” option. You can block all messages sent by e-mail, though, or permit only messages sent to your phone’s e-mail address or alias, or create filters that block text messages containing certain phrases. It’s all waiting when you log into www.t-mobile.com and click Communication Tools.

Source: NY Times, David Pogue

Some Handy Tools & Tips for Microsoft Word

Microsoft Word is full of tools that can help you work faster and smarter—but only if you know about them. Here's some that you might not be familiar with:

Shrink document by one page. A document whose last page is mostly blank is a waste of printer paper, especially if you have to make a lot of copies. Your letters and mailings will also look more professional if they fill the pages nicely. If Print Preview reveals a skimpy last page, click the Shrink to Fit (Word 2003) or Shrink One Page button (Word 2007). Word will tweak the fonts in the document to make it a page smaller. Don't like the results? Just press Ctrl-Z to Undo.

Calculate in tables. Sure, you can embed an Excel worksheet in a Word document, but if you just need a few simple calculations, you can use Word's own math skills. Select a cell at the bottom of a column and click Formula on the Table Tools Layout ribbon (Word 2007), or select Formula from the Table menu (Word 2003). Word will suggest =SUM(ABOVE), but you can select among over a dozen functions. Besides choosing ABOVE, BELOW, LEFT, or RIGHT to work with all cells in the specified direction, you can reference individual cells and ranges as you do in Excel—for example, =AVERAGE(A1:C3).

Merge to e-mail. Mail-merging to letters and envelopes is too-too 1990s, but you may still need to send a common message to a group of correspondents. That's no problem, since the familiar mail-merge feature in Word can also send e-mail messages. In Word 2007, complete your letter, click Finish & Merge in the ribbon and choose Send E-mail Messages from the menu. In Word 2003 select "E-mail messages" at the very first step of the Mail Merge wizard. Either way you'll be prompted for a subject (the same for every message) and for a data field that holds e-mail addresses of the recipients.

Compare two documents. Your newest client just returned a revised version of a contract document file but didn't mark his revisions. Is he trying to hoodwink you with sneaky changes? Rather than ruin your eyes poring over the old and new documents, have Word find the differences. In Word 2003 open the old document, choose Compare and Merge Documents from the Tools menu, and select the new document. In Word 2007 choose Compare Compare from the Review ribbon and select both the old and the new document.

Document inspector. Your Word 2007 documents may contain a lot more information than you realize--tracked changes, comments, hidden text, private properties, and more. Distributing a document with this kind of data present can be embarrassing. To make sure you're not revealing too much in a Word 2007 document, click the Office button at the top left, point to Prepare, and click Inspect Document in the resulting menu. Word 2003 has no precise equivalent, but you can get some benefit using the Security tab of the Options dialog. Check the boxes "Remove personal information from file properties on save" and "Warn before printing, saving, or sending a file that contains tracked changes or comments."

Built-in translator. The Research panel in both Word 2007 and Word 2003 includes an option to translate the selected text or the entire document between various languages. It's more useful when you're trying to puzzle out what a foreign-language document means than when you want to communicate your own thoughts with those who don't speak English. To see why, translate a few sentences from English to another language and then back to English.

Create fancy equations. Sure, you can write "the electric field equals one over the electrical conductivity times the electric current density," but is a lot more compact. To insert an equation into Word 2007 choose Equation Insert New Equation from the Insert ribbon and use the tools on the Equation Design toolbar that appears. In Word 2003, it's a bit more awkward. Select Insert Object from the menu, choose Microsoft Equation 3.0, and click OK, then use the Equation toolbar that appears.

Use math autocorrect. (Word 2007 only) All of those fancy math symbols can be available even outside the Equation Design toolbar. Click the Office button at the top left, click the Word Options button, select Proofing, click AutoCorrect Options, and check the box "Use Math AutoCorrect rules outside of math regions." Now you can type \aleph to insert an aleph (ℵ), \int for an integral sign (∫) or even type \quadratic to insert the entire quadratic equation (x=(-b±√(b^2-4ac))/2a).

Source: PC Magazine, Neil J. Rubenking

Problem with 2008 Holidays in Outlook 2003

If you're using Microsoft Outlook 2003 you might have noticed that you can only add holidays through 2007. Here is a solution from the New York Times Personal Tech Column:

The ability to mark holidays for your particular country or region on your personal calendar is a handy feature of Microsoft’s Outlook program. But you don’t have to be stuck in time if you’re sticking with Outlook 2003. Microsoft has issued a software patch for Outlook 2003 that lets you add holidays through 2012. You can download and install the update at snipurl.com/22r1s.
If you encounter problems installing the update, Microsoft has a technical support document at support.microsoft.com/kb/924423. Outlook’s official blog explains how to add your own custom holidays to your calendar at snipurl.com/22r2n.

On the Mac side, Entourage users can add holidays to their calendars by going to the File menu to Import and choosing the “Import Holidays” option in the box. Mac users looking to add holiday calendars for Apple’s iCal program can download and subscribe to a variety of different dates at apple.com/downloads/macosx/calendars.

Covering sporting events, SAT testing dates, Blu-ray disc releases and even Belgian school holidays, the iCalShare site also offers 2,500 calendars for download at icalshare.com. The files are compatible with Microsoft Works and other programs using the iCalendar standard.

The online calendars offered by Yahoo and Google also let you add holidays to your digital datebook. For Yahoo, click on “Calendar Options” on the right side of the screen, and then on “Time Guides” to get to the “Add/Edit Holidays” link. For Google, click on the tiny “Manage Calendars” link on the bottom left side of the screen. Click the Calendars tab and then on the “Add Calendar” button to get to the link for “Holiday Calendars.”

Source: NYT (By J.D. BIERSDORFER)

Cell Phone Headsets for only $4

Studies show that the use of hands-free devices greatly improves a driver’s concentration, subsequently decreasing the risk of injuries and deaths.

FreeHeadset.org is an organization dedicated to promoting cell phone safety by distributing high quality cell phone headsets for only $3.94 (includes shipping and handling).

source = "beststuff.com"

New Word Document Format

Microsoft changed the document format used by the Word program in its Office 2007 for Windows and Office 2008 for Mac software suites. The old .doc file extension used by previous versions of the program has been replaced with .docx, which refers to the Office Open XML format. (This file format was developed by Microsoft and is not to be confused with the OpenOffice.org Productivity Suite, a set of open-source programs with their own formats.)
While people using the newer versions of Word can save their documents to a format that is compatible with older editions of the program, not everyone remembers to do so. You are not forced to upgrade to Word 2007 just to read these files, though, and there are a few ways to crack open a .docx file.
Microsoft offers its own compatibility pack that lets older versions of the Word program open and save files in Office Open XML format. An article in the company’s online knowledge base explains the process and provides a link to the compatibility pack for Word 2003, Word 2002 and Word 2000 at support.microsoft.com/kb/924074. (Some elements in a Word 2007 document may not convert properly, and an article at snipurl.com/1yos2 describes many of the things to look out for.)
For those using Word 2004 or Office v.X for Macintosh, Microsoft offers a free Open XML File Format Converter program that can be downloaded at www.microsoft.com/mac/downloads.mspx.
If you don’t want to use Microsoft’s solutions, the Web site at http://www.docx2doc.com/ offers both inexpensive Web-based file conversions and a standalone converter program. The Docx2Rtf program for Windows can also convert .docx files into rich text format (.rtf); the software is free and available to download at www.nativewinds.montana.com/software/docx2rtf.html.

Source: New York Times

Convert To Digital

HOME MOVIES
The simplest way to digitize those shoeboxes full of Super 8 movies is to use the technique perfected by movie pirates: project the image on a white wall, set up a digital camcorder on a tripod, and then shoot the film.
This is one case where you won’t get the best results if you make it a do-it-yourself project. The different frame rates of movie film and a camcorder could cause annoying flickering of the final image. Send your movies to a commercial transfer service like Audio Video Memories (audiovideomemories.com), Digital Transfer Systems (digitaltransfersystems.net), and Just8mm.com that uses a telecine machine, a much more sophisticated version of the same home technique.
Movies arrive back on DVDs, ready to be imported into the PC for editing with a program like Apple’s iMovie ($79, part of iLife ’08) for Macs, or for PCs, Adobe Premiere Elements 3.0 ($100).

VHS TAPES
To transfer VHS footage, which is analog, into a computer, the PC needs to receive the data digitally. One way to check if your PC is so equipped to do that is to look at the computer’s ports. If it has the familiar RCA inputs — the yellow, white, and red connectors — then it most likely is analog ready.
If not, analog images must first be converted to the digital format. To do so, combination VHS/DVD player/recorders are one of the simplest ways to get your home movies off your aging video tapes and onto more permanent DVDs. Available from Panasonic, Sony and others, prices start at under $200.
Alternatively, connect a stand-alone VHS player to a DVD recorder to make a digital copy.
VHS tapes can also be recorded onto a computer’s hard drive by plugging the VCR’s output cable into a digital camcorder that offers a “pass through” mode (most do). The signal is digitized within the camcorder, and then passed on to the PC’s hard drive.
Sony’s $229 VRD-MC5 is specifically made to record DVD copies of VHS tapes, or recordings from any camcorder or digital video recorder, without using a PC. VCRs and camcorders are plugged into the device, which resembles a portable DVD deck.
If you do not own a camcorder or DVD recorder, but you have loads of valuable tapes, consider an intermediary conversion product, such as the DAC-200 ($184; synchrotech.com); Dazzle Hollywood DV Bridge ($300; omegamultimedia.com), and VHS to DVD 3.0 ($80; honestech.com). Each product includes hardware and software that converts analog signals to digital,.

LPS, EIGHT-TRACKS, AND CASSETTES
Getting your old Country Joe and the Fish albums into your PC is one of the easiest conversions to do, according to Tom Merritt, executive editor of CNetTV.com.
Assuming you still have a phonograph turntable (or eight-track or cassette deck) and it is not the console type from the 1950s or earlier, plug the audio output from the turntable’s amplifier/receiver into the minimike port found on virtually all home computers.
While commercial audio editing software is available, Mr. Merritt recommends installing Audacity (audacity.sourceforge.net), a free program available for Macs, PCs and Linux/Unix machines that will manage the files, convert them into a specific format (for example, WAV or MP3), and remove clicks and crackles.
For those who value their time more than the fun of connecting cables and reading manuals, there are plenty of commercial companies happy to do the converting for you. Cassettes2CDs.com will convert audio and video tapes, LPs and 45s to digital format, storing the data on a CD, DVD or MP3 format for iPod use. The company does not handle 78 r.p.m. records, reel-to-reel or eight-track tapes.