Without protection, your computer could have harmful programs installed on it within 2 minutes of being connected to the internet.

Programs that could be recording your keystrokes and forwarding them to criminals, or sending out thousands of emails, or even attacking other computers.

Find out how to protect yourself at WebAngel.com.au/protection.htm

A major new security risk has been discovered in almost all popular web browsers - including IE, Firefox, Netscape, Opera, and others.

It allows a malicious website to take control of a popup window that has been opened in a legitimate website. The implications of this for online banking are frightening, because you are TOTALLY unaware that anything is amiss.

The internet security site “Secunia” has a demonstration of how it works at
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

I got quite a fright when I tried the demonstration.
And at present, there’s no fix.

About the only thing that you can do to protect yourself is to have only one browser window open at any one time.

If you are using your computer on the internet, you are asking for big trouble if you do not have a firewall (sort of an electronic condom) installed and operational.

An unprotected Windows computer will be found and infected by some sort of harmful program within minutes of being connected to the internet.
We have personal experience of this when we installed a computer for my wife’s parents, and the software firewall ZoneAlarm started reporting attempted breaches 2 minutes after it was connected to the internet for the first time.

Tests by USA Today and AvantGarde back this up with a series of formal tests with computers running various operating systems which were left connected to the internet for 6 weeks show the following frightening results:

Attempted attacks PER DAY according to Operating system:
Windows XP Service Pack 1: 8,177
OS X: 8,155
Windows Small businss Server: 1,400
Windows XP Service Pack 2: 82
XP with Zone Alarm: 50
Linspire (Linux) : 46

What is especially worrying is that authorities have estimated that 67% of people do not use a firewall on their systems.

Read The Report

The message is clear. Make sure that you have a firewall on your system.

====================================================================
REGISTRAR LOCK - IGNORE THIS AT YOUR PERIL.
====================================================================
This is probably one of the most important messages I’ve ever sent to you.

If you own a US based domain name, it could be taken away from you for just failing to reply to an email from your registrar.

Under new US Domain Registry rules implemented in November 2004, anyone can apply to have your domain name transfered to them.

And this is the scary bit. Unless it is registrar locked, it will be transferred to them if you don’t reject the application within 5 days.

If you have registered a US based domain name with WebAngel, we have put it into REGISTRAR LOCK status. This protects you, because you now have to specifically authorise a transfer before it takes place.

To find out the status of your US based domain name, go to www.betterwhois.com and type in the domain name. If you see “Status: REGISTRAR LOCK”, all is OK.

If you don’t see that, drop everything and get it changed with your registrar.
The criminals out there are just starting to take advantage of this ridiculous new policy.

Don’t wait until your website has been stolen and connnected to a porn site - It will be too late then.
Do yourself and your business a favor - Check this NOW.

Please note: Domain Locking is not necessary for Australian domain names, as the transfer procedures are much stricter.

I had a discussion with some friends about SPAM, and why people send it out - after all, a lot of it gets blocked, and most people ignore it. And most of it is just plain stupid - with lots of meaningless words, or perhaps a literary passage from some obscure book.

In the early days, the main reason for sending SPAM was to get you to buy something.
If only one in a million people responded, it was worthwile. Also, someone can be paid a fraction of a cent for the advertisement graphic that appears on your screen. Those are still the reasons for a lot of SPAM.

However, over the past year or so, it’s become more sinister.

Many of those messages contain links to websites that can install harmful programs on your computer without you even knowing about it. Especially if you use Microsoft Outlook, or Internet Explorer.

These program commonly do things like:
- Record the usernames and passwords to your bank accounts from your keyboard, and send them to criminals
- Send out thousands of SPAM emails from your computer
- Change or delete files from your computer
- Install other programs that take part in internet attacks on other computers and websites.

So - the Spammers and criminals keep sending out SPAM, because enough people click on their links to make it worthwile for them.
After all - they can send out gazillions of emails at almost zero cost.
If they can harvest just ONE bank account login and transfer a few thousand dollars out of the account - it’s been a profitable morning’s work for them.

I f you have, or if you receive one - DELETE IT IMMEDIATELY

It almost certainly contains a link to a harmful program that will install itself onto your computer, and start doing unmentionable things to your system (what things? - scroll back - We’ve discussed them lots of times before)

You know, I remember the innocent old days when people sent other people e-cards with pretty pictures and songs. it was a surprise to get one.

However, that was a long time ago.

Stick to the rule of NEVER opening an attachment unless you are expecting it, and
never click on links in untrusted emails..

(And have an up to date virus filter as well as an effective firewall on your computer)

If you are using Internet Explorer version 6 without the SP2 upgrade, your computer is at risk from a new security problem which was discovered last week.
It’s called an IFRAME Buffer Overflow.

More details from Secunia Advisories are at http://secunia.com/SA12959

Their recommended solution? - Use a non Microsoft browser.
We suggest Firefox.

And as always, Don’t click on links in unsolicited email messages.

We’ve received yet another online “Job Offer” letter, this time pretending to be from Credit Suisse.

It promises jobs in international finance - and offers a 2 week training course.

Of course, it’s a scam. They are looking for suckers to process money that has been stolen from people who provided their bank account details in response to fake letters that appear to come from their financial institutions. The common term for these people are “mules”.

It works like this:
1. Company offers “job opportunity”
2. Naive Person accepts, and signs up, providing their bank account details
3. Company steals money from accounts of Phishing victims, and transfers it to Naive person’s account
4. Naive person transfers money (less commission) to Company’s account
5. Police come and prosecute Naive Person.

If you receive a “job offer” like this - just delete it immediately.
Don’t click on any links in it, or you may get something nasty installed onto your computer.

The BBC have published a good article about various online jobs scams at
http://news.bbc.co.uk/1/hi/business/3208703.stm

To find out more about fake email messages, please visit webangel.com.au/fakes

We received a “Job Offer” from a company called SPARTA-TRADE this morning.

It uses the name of well known Australian job site “Career One” to lull you into a false sense of security.

The email is almost certainly an attempt to recruit you into illegally laundering money through your bank account. (Either that, or it will try to install something horrible onto your computer)

Read more at WebAngel.com.au/fakes/sparta-trade.htm

A couple of particularly nasty SPAM messages are being sent around at the moment.

The “TV Shop ” one is confirmation of a non existent order for an expensive television set, and urges you to click on a link to view the progress of my “order”.

Another dangerous email is the “Postcard” message, with a subject line of “Thinking Of You”.
This one wants you to go to a website to pick up an electronic greeting card that someone has sent you.

Don’t click on the links - they will go to sites that contain dangerous Java code and Internet Explorer exploits which will install a trojan progam. This will capture your keystrokes when you visit banking sites, send them to criminals, and also allow them to take control of your PC to send out SPAM, and other nasty things.

Latest critical security updates from Microsoft (ie after 14th October( will protect you against these programs.

(Or preferably, you could use another browser like Firefox from www.getfirefox.com

For those who don’t know the term, “phishing” is practiced by criminals who trick you into going to a reputable looking website, and try to get you to put in your secret bank account details.
Soon afterwards, all the money gets cleaned out of your account.

Criminals have registered the domain name visa-secure.com in an attempt to mislead people into believing that this is a genuine bank run site. Lots of SPAM emails have been sent out to try and trick people into enter their bank account details into a fake website.
More details here:
http://news.netcraft.com/archives/2004/10/08/cardholders_targetted_by_phishing_attack_using_visasecurecom.html

We suggest that you tattoo this behind your eyelids.
Banks will NEVER contact you by email telling you that you need to validate your account. All such emails are FAKES.

Here’s a link to our article which gives you some practice in identifying fake websites.
WebAngel.com.au/fakes/

Many businesses sell or give away their old computers without realising that the hard drives probably contain confidentail information about their business.

Be aware that formatting a hard disk, or deleting the data does NOT remove this data from the disk. It is easy to recover.

We suggest that you either sell the computer without the hard disk, or use a special program to totally “shred” the files contained on the hard disk so that the contents cannot be restored. Pay a visit to www.download.com or your favorite software source, and search for programs using the search term “file deletion”

Choose a program that will overwrite the files several times, and make them unrecoverable. After all, you wouldn’t want to breach the privacy act by allowing private information to get out of your business.
Would you!