Couple of surprises this week … David Pogue looks at unsubscribing from spam, and those nasty ‘pump-n-dump’ schemes are back! But that’s not all —
* David Pogue: Rethinking the *Never Unsubscribe* Rule for Spam
* Protect Yourself From the Threat of Mobile Malware
* Comeback of Malicious Pump-and-Dump Campaigns
* New Analysis: Who Do You Trust? (2 Parts)
* Morto worm surprises again
* Serious gaps in security
* BBB warns of email scam
* Antivirus on a Mac
. . . and more
Rethinking the “Never Unsubscribe” Rule for Spam
When it comes to junk mail, the rule, for 15 years, has been: Never respond. Don’t even try to unsubscribe, even if they give you instructions for doing so. You’re just letting the spammer know that your e-mail address is ‘live,’ and that you’re a dummy who actually opens those messages and reads them. You’ll wind up getting put on even more spam lists as a result.
Well, I think it’s time to revisit that advice.
Full story : David Pogue :: pogue.blogs.nytimes.com
New Analysis: Who Do You Trust?
In the late ’50s and early ’60s, Johnny Carson hosted a daytime game show called “Who Do You Trust?” Though not storied CBS News anchor Walter Cronkite, Carson was among the most respected and trusted personalities in media in the latter half of the 20th century. But that was before the Internet.
Trust has been a murky trait on the World Wide Web since its inception. Remember the 1993 Peter Steiner cartoon published in the New Yorker? A dog, sitting by a PC, tells his canine companion: “On the Internet, nobody knows you’re a dog.” Just shows that man’s best friend can’t be trustworthy on online. Full story : blogs.govinfosecurity.com
Who Do You Trust? Part 2
Trust, as a characteristic of information security, keeps being tested. Without trust, people – whether in government or the private sector – won’t be able to function properly in conducting business.
Fraudulent Google SSL Certificate Raises Doubts about Trust … Another dent in that trust surfaced this past week with reports of a so-called man-in-the middle attack against Google users in Iran, where someone tried to get between the Iranian victims and encrypted Google services. The attacker used a fraudulent SSL certificate issued by a small Dutch company DigiNotor. Full story : blogs.govinfosecurity.com
Turbulent Economy Results in Comeback of Malicious Pump-and-Dump Campaigns
Back in 2005, UGN and Infomanager ran a whole series of posts and articles about ‘pump-and-dump’ scams. We worked with the SEC and Wacovia to get several of the schemes exposed. Shortly after that the SEC blocked and closed a number of penny stocks, and after that the pump-n-dumps disappeared from the web … for a while!
Symantec’s Intelligence Report for August 2011, states that spam mailers have yet again started capitalizing on the financial market fluctuations via dispatching massive spam associated with company stocks so they may “pump” the share prices high and then “dump” them or sell for undeserved profits. Full story : SPAMfighter News
Serious gaps in security
Nearly 99 percent of enterprise-level networks have a serious gap in their IT security defenses enabling advanced malware to easily slip through, according to FireEye.
About 80 percent of enterprises in the report were hit with more than 100 new infections per week in the first half of 2011, according to a report from FireEye Malware Intelligence Lab released Aug. 31. If that number wasn’t high enough, 98.5 percent of enterprises have at least 10 infections a week, the report found. Download the full report : FireEye_Advanced_Threat_Report_1H2011.pdf
Full story : eWeek
Protect Yourself From the Threat of Mobile Malware
With smartphones sales growing year-over-year for several years so, too, is the development of malware and other malicious programs designed to attack the vulnerabilities of these phones. “Do you think it’s safe to access sensitive data on your mobile phone? Perhaps you should think again,” begins the introduction to this new infographic about mobile malware from Bullguard. 
With malicious programs designed to target cell phones skyrocketing, it’s becoming increasingly dangerous to use your phone without the necessary precautions. Here’s how to prevent malware from taking over your phone … and your life.
Full story : Nicholas Jackson – The Atlantic
BBB warns of email scam
The BBB is warning businesses and their employees not to open or click on links in an email that appears to be from The Federal Trade Commission. The subject line is listed as ‘URGENT: Pending Consumer Complaint’
This email was distributed to millions of email accounts nationwide Thursday (including many BBB offices). It is a fraudulent email that could infect a company’s computers with spyware or malware. If you received one of these emails, the BBB urges you to delete it without opening it. Full story : Salisbury Post
Morto worm surprises again
As it turns out, the recently discovered Morto worm that has been spreading in the wild has more than one never-before-seen characteristic.
Not only does it spread by using the Remote Desktop Protocol, but it also uses a novel way to contact its C&C in search for instructions: via DNS (Domain Name System) TXT records. Full story : Help Net Security
Antivirus on a Mac
Antivirus on a Mac might be a touchy subject, but if you’d like the reassurance of a virus scanner that’s not intrusive and can be called on-demand, then the free ClamXav is a great choice.
While you may or may not need a virus scanner on a Mac, there’s no harm in having one that you can run as and when, perhaps if you’re sending a file to a Windows using colleague for instance. Just because a potentially infected file goes totally unnoticed on your Mac, doesn’t mean it’s not going to wreak havoc on your poor unsuspecting friend’s Windows box. Full story : tuaw.com
Follow the InfoManager’s previous Safenetting Alerts
Thanks for reading…
You can also keep up with the efforts to curb spam and cybercrime by reading the news at Knujon and HostExploit.com. And, you should switch to SpamCop and take a stand against spam.
