Symantec's Home and Home Office Security Report - November Roundup
‘Tis the season to spend money. As theholiday season approaches, people tend to loosen their purse strings inthe desperate search for the perfect gift for that special someone.Unfortunately, scammers and criminals are well aware of this fact anddo what they can to take advantage of it. Two common ways of doing thisare through “second chance” auction scams and “overpayment” scams.
If someone on your list wants that hot new gaming console that’ssold out in all the stores, you may turn to online auction sites tofind one. Because so many people are after these hot items, the auctionprices can get quite high. This is where the scammer steps in.Frequently, the winner of an auction may drop out or be unable to makegood on their bid for whatever reason. Most online auction sites allowthe seller to contact the next-highest bidder and offer the item tothem rather than re-listing it. As a result, scammers are checkingauctions for these items a day or two after the listing has closed.They then pose as the seller and contact the second-highest bidderoffering a second chance on the item. Naturally, once you send thescammer your money, you never receive the item.
On the flip side of the second chance auction scam is theoverpayment scam. Where the second chance targets potential buyers, theoverpayment scam targets sellers. The scammer will search onlineclassified ads for a high-ticket item and contact the seller to make anoffer. Then the scammer sends a check for an amount higher than theselling price, claiming that the overage is to cover shipping,brokerage, or escrow fees. They ask the seller to deposit the check andwire the extra amount to some account that they control – unbeknownstto the seller. Of course, the check is fake or there aren’t any fundsin the account, so the seller is on the hook for whatever money they’vewired.
In November, there were a couple of vulnerabilities that could havea potentially major impact on home and home office users. The first isa flaw in Apple Mac OS X that if taken advantage of could allowattackers to gain complete control of your computer. This flaw isrelated to disk image files with the “.dmg” file extension. If amalicious disk image file is double-clicked, the malicious code couldrun, giving a hacker complete control of your computer. Apple Mac OS Xusers should be very careful when downloading disk image files, as theymay be malicious. The second issue affects Mozilla Firefox. All usersthat use Firefox to store usernames and passwords for Web sites are atrisk of having their information stolen by hackers. Hackers can craftfake login forms that can steal information automatically filled in byFirefox. All Firefox users should carefully consider not using Firefoxto store passwords or login information, as it may be unsafe.
Early in November there was an issue encountered with the GoogleVideo email list. On November 7, 2006, Google inadvertently allowed anemail worm to be forwarded through the email list to approximately50,000 users. The email worm, w32.Blackmal,could potentially damage computers and destroy files. Users should bevery careful about downloading and executing files attached to emails,even if they do come from trusted sources.
All of the issues mentioned here, along with other threats and Internet security news are discussed in more detail in the Symantec Home & Home Office Security Report for November, 2006. This month’s report can be viewed and/or downloaded from the homepage, as well as previous reports from August, September, and October, 2006.