AVMUG logo

Antelope Valley Microcomputer Users Group
Meeting Schedule - 6:30 p.m.
Second Tuesday of each month
At the Antelope Valley Senior Center
777 West Jackman Street
Lancaster CA. 93539-2942







Members Only

Map to Meetings


Tips & Tricks


Gen. Info

Worm Info



Worms and other email nuisances

Eudora open to multiple high risk flaws -- Windows version of popular email client at risk

Security consultancy firm Next Generation Security Software (NGSS) has discovered "multiple high risk vulnerabilities" in the Windows version of the popular Eudora email client. According to NGSS representative John Heasman, versions affected include Eudora 6.2.0 and below. Heasman warned that the flaws permits hackers to execute arbitrary code on victims' PCs via previewing or opening a specially crafted email. Hackers can also run malicious programs by opening specially crafted stationary or mailbox files. Testing by NGSS suggested that these issues have been resolved in Eudora 6.2.1 as detailed at http://www.eudora.com/security.html

Version 6.2.1 can be downloaded at http://www.vnunet.com/downloads/1135434

NGSS said that it was going to withhold details of the flaws for three months in a bid to prevent hackers exploiting them. The company promised to publish full details on 2 May. "This three-month window will allow users of Eudora to apply the patch before the details are released to the general public. This reflects our approach to responsible disclosure," said Heasman. Thanks to Dave "Bytes" Gerber, president of the Sarasota PC Users Group.

QuickLearn Email Scam Alert! (U.S. Bank) 

Be on the look out for a bogus US Bank email. It is a scam. Here is a description of the email.
Some internet users have been receiving emails claiming to be from US Bank, informing them that their online banking account had been shut down, and would remain shut until they confirmed their contact details. The link contained inside the emails may at first glance appear to be legitimate, but it really redirected users to a website based in Korea in an attempt to steal users' account details.

A typical example of the scam email follows: 

Dear U.S. Bank account holder, 

We regret to inform you, that we had to block your U.S. Bank account because we have been notified that your account may have been compromised by outside parties.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account. These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account we must verify your identity by clicking on the link below. 

Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below. 

Thank you for your time and consideration in this matter. 

<URL removed> 

Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity. 

What to Do? If you receive this or a similar message, you are advised not to reply to it or forward it to your friends and colleagues. The best advice is simply to delete the email.

  Hackers Use Phoney Bin Laden Suicide Note
Source: United Press International

LONDON (United Press International via COMTEX) -- A British computer security group says hackers are sending e-mails supposedly containing evidence that Osama bin Laden has killed himself.

The e-mails direct users to a website where a file containing photographs of the alleged suicide can be downloaded; in reality, though, downloaders lose control of computers to the hackers, al-Jazeera said Saturday.

"Computer users who fall for the bin Laden hoax may be hit by a Trojan horse," the U.K.-based anti-virus firm Sophos warned Friday, naming the new scheme the Hackarmy Trojan Horse.

"Thousands of messages have been posted onto Internet message boards and usenet newsgroups claiming that journalists from CNN found the al-Qaida leader's hanged body earlier this year," Graham Cluley, senior technology consultant for Sophos, said.

"Hackers and virus writers will try all kinds of tricks to entice people into downloading their malicious code," Cluley said. "It seems this time that the hacker has focused on the public's morbid curiosity and appetite for news on the war against terror."

Copyright 2004 by United Press International.


 ©Copyright 2005, Antelope Valley Microcomputer Users Group

AVMUG Sitemap

Site maintained by
Offworld Press