Anti-Phishing: Citibank Security Update

Email title: ‘Citibank Security Update’ 
Scam target: Citibank customers  
Email format: A HTML email  
Sender: <>
Sender spoofed? Yes 
Scam call to action: “Due to technical update we recommend you to
reactivate your account.” 
Scam goal: Getting victim’s Citibank website account/password and ATM PIN 
Call to action format: URL link  
Visible link: 
Called link :
Resolved site:, along with (the legitimate Citibank site)

Washington wakes up to spyware, adware

Two anti-spyware bills are being readied in time for a hearing Thursday in the U.S. House of Representatives.

The measures, one sponsored by a California Republican and the other by a Washington Democrat, take different approaches toward software that lurks on a computer and serves pop-up ads or transmits personal information. But both make the same point: Official Washington is becoming officially fed up with the proliferation of spyware and adware. The new attention paid to malicious software follows last fall’s unprecedented focus on unsolicited commercial e-mail.

Microsoft to create pop-up safety lessons

Microsoft plans to use more dialog boxes and other messages in future software releases to educate people on ‘safe’ computing.

At the InfoSecurity trade show in London, Microsoft said Tuesday that new versions of its Windows and Office products will educate customers about security via dialog boxes, warning messages and offers to automatically configure security settings.

Symantec May Have Found Windows SSL Worm Already

Symantec late Tuesday afternoon captured a sample of malicious code that spreads by exploiting one of the many vulnerabilities in Windows disclosed this month by Microsoft.

The vulnerability stems from a flaw in Windows Protected Communications Technology (PCT) v. 1.0, a packet protocol within Microsoft’s SSL library. SSL is an encryption technology typically used to secure communications with Web sites — such as those for processing credit card orders — and for locking down e-mail. The vulnerability was made public on April 13 as part of the month’s security bulletins from Microsoft.

On Monday, several security analysts noted that although exploit code was in the wild, a worm hadn’t yet appeared.

Symantec’s DeepSight Threat network — a global group of sensors that tracks up-and-coming exploits — snagged a copy of the code Tuesday afternoon, said Alfred Huger, the senior director of engineering with Symantec’s security response team.

McAfee VirusScan ActiveX Controls Let Remote Users Access the Target User’s System

Date:  Apr 27 2004
Impact:  User access via network
Exploit Included:  Yes  
Description:  A vulnerability was reported in McAfee VirusScan. A remote user may be able to access a target user’s system.

Jonathan Payne reported that the software appears to install several non-secure ActiveX controls. A remote user can reportedly create HTML that, when loaded by the target user, will invoke the ActiveX controls and access the target user’s system.

A demonstration exploit that accesses the target user’s Windows registry is provided in the Source Message.
Impact:  A remote user can create HTML that, when loaded by the target user, will be able to access the target user’s system.
Solution:  No solution was available at the time of this entry.
Vendor URL:
Cause:  Access control error
Underlying OS:  Windows (Any)

Security in Longhorn: Focus on Least Privilege

Summary: Longhorn promises to be a great platform for least privileged applications. Get started today by writing managed code, first of all. When building desktop applications, make them LUA-compliant (and use the Windows Application Verifier to help check your work)

Source:  Jerry’s Security Weblog

‘Burnt out’ IT staff losing virus battle

Failure to centralise antivirus software management exhausts IT workers

Companies that have yet to centralise the management of their antivirus software are exhausting their IT staff.
While the majority of firms have taken users out of the loop of updating antivirus software, those that have not are unable to cope due to the sheer volume of viruses, according to application switching vendor Radware.

“Users can’t be trusted to do it themselves,” said Tony Crowley, Radware’s regional director for northern Europe.