Greetings from SurfSafely.com! If you enjoy reading this newsletter as much as I do writing it, pass it on to all your friends and family but please respect their privacy. Place the addresses of those you send to in the BCC: field rather than To: or CC:. And as always, this newsletter is opt-in only. If you feel you've received it in error, reliable removal instructions are at the bottom. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In this issue: 1. Nigerian scam making it's rounds again 2. Virus update W32/Badtrans@MM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is shaping up to be a busy holiday season. :\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Nigerian scam again ======================= I've addressed this one many times before but it just doesn't seem to go away. Myself and others have again begun receiving these email to help the authors transfer non-existent millions out of Nigeria. Please visit my newsletter archive at http://surfsafely.com/surfsafety/frameset_news.html and click "Email scams - What's old is new again." The FBI and Secret Service would also like to be informed if you receive such solicitations. Print them out and mail them in to your nearest FBI field office. They can be located by visiting http://www.fbi.gov/. Here's what they have to say about it at http://www.fbi.gov/contact/fo/nyfo/fraudalert.htm#nigerian "What is a Nigerian Letter or "419" Fraud? Nigerian letter frauds combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter, mailed from Nigeria, offers the recipient the "opportunity" to share in a percentage of millions of dollars that the author, a self-proclaimed government official, is trying to transfer illegally out of Nigeria. The recipient is encouraged to send information to the author, such as blank letterhead stationary, bank name and account numbers and other identifying information using a facsimile number provided in the letter. Some of these letters have also been received via E-mail through the Internet. The scheme relies on convincing a willing victim, who has demonstrated a "propensity for larceny" by responding to the invitation, to send money to the author of the letter in Nigeria in several installments of increasing amounts for a variety of reasons. Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are spirited out of Nigeria. In actuality, the millions of dollars do not exist and the victim eventually ends up with nothing but loss. Once the victim stops sending money, the perpetrators have been known to use the personal information and checks that they received to impersonate the victim, draining bank accounts and credit card balances until the victim's assets are taken in their entirety. While such an invitation impresses most law-abiding citizens as a laughable hoax, millions of dollars in losses are caused by these schemes annually. Some victims have been lured to Nigeria, where they have been imprisoned against their will in addition to losing large sums of money. The Nigerian government is not sympathetic to victims of these schemes, since the victim actually conspires to remove funds from Nigeria in a manner that is contrary to Nigerian law. The schemes themselves violate section 419 of the Nigerian criminal code, hence the label "419 fraud." Some Tips To Help You Avoid These Frauds: 1. If you receive a letter from Nigeria asking you to send personal or banking information, do not reply in any manner. Send the letter to the U.S. Secret Service or the FBI. 2. If you know someone who is corresponding in one of these schemes, encourage that person to contact the FBI or the U.S. Secret Service as soon as possible." End quote. Enough said. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2. Virus update W32/Badtrans@MM ================================ Here's a quote taken directly from Microsoft's website regarding the security hole W32/Badtrans@MM is exploiting to propagate at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp "Would IE always execute the attachment? No. IE would only execute the attachment if File Downloads were enabled in the Security Zone that the e-mail was opened in. However, File Downloads are enabled in all zones by default." End quote. By their own admission, the door was left wide open for attack. While your there looking at it, scroll up and down in the left frame of that page and just look at how many security patches and updates they have had to release to close all of those doors which left their customers vulnerable to attack. I'll let you draw your own conclusions. Just look at it. What should you do? Well, you can become part of the same anti- Microsoft movement I have become part of, or you can stick with their products almost exclusively as they would like it, keep up to date with their security patches and hope that they work. Microsoft claims to have fixed the auto-execute vulnerability with the downloadable patch at http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp I personally installed this patch quite some time ago when the original W32/Badtrans began making it's rounds even though I do not use Outlook for my email. Be that as it may, I still don't trust it. The reason I did it anyway is because I still must have Outlook installed for other components of IE to work correctly, the very reason Microsoft is fighting for its life in court right now. McAfee ViruScan users, please get the latest .dat file 4172 at http://download.mcafee.com/updates/updates.asp Norton AntiVirus users, I now have the address for your updates as well, http://www.symantec.com/avcenter/defs.download.html. The latest virus definition update here is version 31128c. Please download and install all updates that apply to your systems and let's beat this thing out of existence. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ That's news for now. Wishing you and your families a most joyous holiday season. Until next time... Be informed, Be involved, Be well. Sincerely, Mark Brasche Founder and CEO, SurfSafely.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ::Nigerian scam again, Virus update.