I am noticing a trend that Spyware/Malware attacks are making a comeback and are getting more sophisticated.

In the good old days Spam e-mail used to be just advertising but increasingly that innocuous looking spam e-mail has other ideas.

It can be one or more of the following:-

Malware: Malicious software designed to get on your PC without your knowledge.

Spyware: They steal your passwords via keystrokes that are sent back to the spyware author.

Virus: Designed to cause harm to your computer.

Phishing: Designed to get you to impart privileged information.

Problem Area’s

Internet Surfing: The number of malicious or infected web sites is in the millions. You can no longer just click, click on every link you see.

Tip: Make sure you have your Phishing Filter on and have up to date Anti-Virus Software running.

Inbox: Even with good Anti-Spam defences Spam e-mail gets through about one third will have a link to something bad.

Tip: Don’t even get curious with suspect e-mails and click links just to see. Delete, Delete and Delete.

Stay Safe online Link: http://news.bbc.co.uk/1/hi/technology/5414992.stm

Web Site analytics are painful to decode at the best of times. But one metric that is usually sound is the number of unique visitors that your Web Site gets.

Unless your web site is super sticky commercial companies rely on being able to be found in Internet search engines like Google.

I monitor and report on the web stats for several companies spread over many different business classifications. In July 2008 on average and collectively the number of unique visitors dropped by 7% and this was unusual based on the pattern of web traffic in the preceding months.

July should have been a big month as it had 23 working days compared to June’s 21. My clients are UK based so would not have been affected by the American July 4th Holiday.

So what happened:

There are two possible things happening here:

1) Google changed dramatically the ranking algorithm.

or

2) The doom and gloom in the economy has affected the number of unique visitors looking for products and services from commercial companies.

I actually think its bit of both 15% Google and 85% the economy.

At some level there is a link between consumer confidence and web traffic to commercial companies.

Update 24/07/2008 - Nod32 Now Identifies this - See bottom of post.

—

Several clients were targeted with e-mails that contained .zip files.

The contents of which were crafted to look like legitimate e-mails from UPS with invoices attached (see above).

Inside the .zip file was an executable file disguised as a Microsoft Word document (see above). That is a fake icon. The file is really called ups_invoice.exe

You can even scan the .exe file with Anti-Virus software in my case the latest Business Edition of Nod32 and it will not be detected.

I even submitted the .exe file to eset and they said:-

“The file is corrupt and thus non-functional. As such, it should not be detected as it does not pose any risk” [TRACK#4884AA4D0007]

That is a complete load of rubbish, I took the same file and managed to infect my test bed XP machine running the latest version of Nod32.

So you really are at the mercy of the end user doing the right thing and not opening unsolicited attachments.

It would appear to be able to defeat the End Users Anti-Virus by connecting to the Internet to download the payload and sneaking itself onto your computer. The end user is complicit in this, they have to run the infected file. As you can see from the shots above this has been cleverly engineered to be difficult to spot.

With up to date Anti-Virus software not being able to detect the original .exe file it really is open season.

Tech Tip: If you are worried users might get caught out then ban .zip files if you can.

More details here: http://pandalabs.pandasecurity.com/archive/Fake-UPS-Invoice-Email.aspx

Updated 24/07/2008

I just get the impression the AV companies were caught napping on this one.

But the good news is those pesky attachments are now being identified.

VPN=Virtual Private Network
RDP=Remote Desktop Protocol
TS= Terminal Server

This screencast is an overview of how you can use a remote VPN connection to connect to a Head Office and access a shared Microsoft Access database using Windows Terminal Server.

The was originally recorded and published in September 2005 and I have just converted it to flash video. Some of the software mentioned in the screencast is out of date but the general concepts are still sound.

This screencast runs for 4m25s

Click the Screencast to Play.

This screencast requires the Flash plug in. You can get it here

My 2008 Screencast Links:
http://www.colindiponio.com/category/screencast/

Thanks

Colin

Here is a presentation about GoToMeeting.com an online meeting service from Citrix.

GoToMeeting.com allows you to have virtual collaborative meetings online at a very low cost. You can also have a free 30 day trial to check it out risk free.

This service is Ideal for providing online presentations or working collaboratively on projects with a colleague in another location.

The screencast runs for 5m:48s

Link: www.gotomeeting.com

Click the Screencast to Play.

This screencast requires the Flash plug in. You can get it here

Please feel free to link to this content.

My Other Screencast Links:
http://www.colindiponio.com/category/screencast/