Greetings from SurfSafely.com! Please feel free to pass this newsletter on to all your friends and family (Assuming you're sure they'll appreciate it, of course). As always, this newsletter is opt-in only. If you feel you've received it in error, reliable removal instructions are at the bottom. (If you do forward it to a friend, be sure to delete the removal link from the bottom else they may accidentally remove you from our list.)

In this issue:

New viruses, scams and security threats.
Volunteers needed!
Virus watch.

New viruses, scams and security threats.

Hackers, virus authors and scam artists seem to be working overtime this week. In my inbox today I found a letter that appeared to be from Microsoft. I mean it REALLY looked authentic. In it was the claim to have a critical upgrade that you need to apply right away to "protect" yourself from a new virus. Well, guess what? That file IS the virus! When I scanned it McAfee did not catch it on the first pass. Still suspicious I went to the McAfee site and updated my virus definition files. The one I had was only 2 revisions old, less than one week old. The new version did identify the virus. I knew it was there. It had to be. There were too many warning signs. A) No legitimate company will EVER send you an executable file via email. Not ever. Not even Microsoft! B) The letter was delivered to an email address I do not have registered with Microsoft. The moral is never double click an executable file attached in an email without checking it with the very latest version of a good virus scanner utility. And even then, only from a known source that you asked to send it.

I also received today another entirely legitimate looking email, supposedly from ebay. I've reported on these before but this one was so authentic looking I felt it bears repeating. It claimed that I needed to update my personal information with ebay. All I had to do was click on a link which looked like a genuine ebay web address, fill in the form and click submit. Three clues told me this was a scam. A) Even though the printed address in the email looked like a valid ebay address, the url which opened up was a numeric IP address which does not belong to ebay. Many people might look at this and just assume it was owned by ebay and send in the form anyway. BAD IDEA. B) Like the virus it was sent to an address not registered with ebay. C) They were asking for way too much information. Ebay has no reason to ask me for SSN or credit card with ATM PIN. This has fraud written all over it. The FBI had been alerted and is hopefully tracing the origin of this web site which has been up all day today and, even as I write this, is still live.

And, alas, even Linux fans must be on guard. Two critical security flaws were discovered yesterday which I first learn of in the news feed at SurfSafely.com posted on ZDNet. One in OpenSSH that is used to establish secure connections with a server, the second in Sendmail, the most widely used mail service program in the entire world. If you manage a UNIX based web server, it is critical that you get the updates from your OS vendor installed immediately. If you have a personal web site, make sure your web hosting company has applied the upgrades. Otherwise, spammers could hijack the server you're hosted on and send spam as if it originated from you, making you look bad and possibly getting your email blocked by other services.

<sigh> Maybe one of these days I'll have some HAPPY news to report, like the FBI caught the creep that was stealing personal information under the identity of ebay as a direct result of the tip which I provided them. It could happen. Right?

Back to top.



~-~-~-~ PROTECT YOUR FAMILY ONLINE! ~-~-~-~
SafetySurf.com is the oldest and leading source
of software for parents. Read reviews and
recommendations of parental control and Internet
Monitoring software. Download and install
immediately with complete confidence!
~-~-~-~ Http://www.safetysurf.com ~-~-~-~

Volunteers needed.
SurfSafely.com needs you! We are planning to greatly expand on the category structure of the web directory but to do it we need your help. If you would be interested in becoming a category moderator for SurfSafely.com (much the same as is done at the DMOZ project) please drop us a line. Of particular interest we would like to have moderators on our team from many cultures in many countries as we can manage. As an international resource, we want an international team helping to build it.

We will also be establishing one or more branch office locations in Western Europe. Duties would be light, primarily requiring a physical postal location to write to (not just a P.O. box) and a telephone number to call to field questions from non-English speaking users and web developers. Branch office managers need not be category moderators if they wish although it would be appreciated. If you would be interested in opening a branch office location for us, please write.


Computer virus watch.
The virus I found attached in the article above was W32/Swen@MM. Right now they're calling it a medium risk but it's brand new. My guess it is will get elevated to High risk very very soon.

Virus update links.

Microsoft Internet Explorer 5.x patch
Mcafee updates
Norton updates
F-Secure updates

Back to top.

That's news for now.

Be informed,
Be involved,
Be well.

Sincerely,
Mark Brasche
Founder and CEO,
SurfSafely.com

Come visit our growing family of web sites and services
http://surfsafely.com/ Our web directory/portal
http://surfsafely.net/ Our pre-filtered Internet service
http://surfsafety.com/ Our online safety community site
Son Media Online Our newest line of products