Remember this article?
ComputerWorld reports that Best Buy sold "a limited number" of infected 10.4" picture frames over the holidays. They aren’t doing anything about it, claiming that any current and up-to-date antivirus software will catch it and it is more of a nuisance than anything to worry about. Yeah, and that is just a harmless cold sore…..
According to my source: ComputerWorld, the Big Phish are using the Little Phish to collect your private data.
"Phishing kit pits wannabe scammers against pro fraudsters
Big rats, little rats compete in a Net fraud pro-am; you still loseJanuary 23, 2008 (IDG News Service) — In a twist, security researchers have discovered a group of hackers who are exploiting a new category of victims — aspiring Internet scammers.
A Moroccan group called "Mr. Brain" is offering free phishing kits on a Web site hosted in France, said Paul Mutton, Internet services developer at Netcraft, a security company in Bath, England.
The software packages make it easy to quickly set up a fraudulent Web site mimicking a known brand in order to trick people into divulging credit card details or bank account numbers. Templates for spam e-mail are also included, targeting brands such as Bank of America, eBay, PayPal and HSBC.
Mr. Brain’s Web site lists the kits and what kind of details each one is capable of collecting, such as usernames, passwords or Social Security numbers. Netcraft posted screenshots on its Web site.
But what the aspiring scammer doesn’t know is that the phishing kits are designed to send any sensitive information that’s collected back to e-mail accounts controlled by Mr. Brain, Mutton said.
"Obviously, that’s why they are offering this stuff for free," Mutton said. "I was impressed by it."
Mr. Brain hides the special e-mail function in a blend of PHP scripts, one of which is encrypted, Mutton said. Just in case someone decrypts it, Mr. Brain has written at the top of the file "Don’t need to change anything here. Created by Mr. Brain Morocco Team."
The scheme seems to be targeted at new phishers, Mutton said. Mr. Brain benefits since other wannabe scammers shoulder the cost and risk of finding an ISP (Internet Service Provider) to host the phishing site, Mutton said.
"Essentially, they’re exploiting all these novice phishers — basically getting them to do all the hard work," Mutton said.
It’s difficult to tell without further research how many of the free phishing kits linked with this latest scam are live on the Internet, but Mutton said Netcraft noticed one earlier this month targeting Bank of America.
"Clearly, these are actively being used in phishing attacks," Mutton said."
So, you still get screwed, but the Little Phish get screwed along with you as the Big Phish collect all the data. Nice. If these dirtbags would apply this much ingenuity and effort into real careers they could be as rich as Mark Zuckerberg. $3Billion of net worth and he sleeps on an air mattress in a one-bedroom apt.
The idiot who made this crapware actually was stupid enough to submit a comment on my article below including a link to another blog revealing all the crap inside his program! Go, read the blog, really, I’ll wait, it’s hysterical!
Yes, Internet, it is true, this die-hard, hard core, dedicated pc geek is coming out of the closet. I WANT a Mac Air. [crickets chirping] Left you speechless, didn’t I?
Note to Bill: You signed your slow, painful death warrant when you came out with Vista. And Office 2007, I mean, WTF! Bill? Steve will be mounting your butt to is trophy room wall very soon.
I’m usually one of the quickest adopters of anything new MS, but you really screwed the pooch with this crap. Office 2007 is absolutely miserable. I can’t find a frigging thing, and talk about bloat and excess crap!
I now use this! OpenOffice. 
Works GREAT! IT’S FREE!!!!, Everything is where I expect it to be, files open MUCH faster, and I don’t have to put up with all that embedded code and inflated crap. I’m a power user, Bill, I don’t have time to figure out where you’ve hidden all the features I use on a regular basis. And, for the love of all things holy, how can I once and for all turn off all the "helpful" moron features? If I want a link I’ll make it, I don’t need you to constantly change my damn document. Your products try to be "intuitive" to help the idiot at the keyboard, however, I don’t need that help and if you want to be REALLY intuitive, your products should be able to recognize I don’t want your help and stop changing everything!
And Vista, Bill, Dude, what were you thinking? Seems like you failed miserably in your attempt to emulate the Mac OS experience. The overwhelming majority of everyone I have talked to has dumped Vista to go back to XP or left the Windows experience altogether! LINUX is looking better and better everyday, and now that Dell has wised up and is giving us that option it is safe to buy from them again.
If I want a cute and bouncy OS I’ll go with a Mac, if I want power and performance without all the glitter, LINUX. That leaves you where, Bill? Remember "Clippy", Bill, remember his fate? And, "Bob", how can we forget about Bob? Were you high? Really. So embarrassing!
I rest my case…
Just because you have a mac does not mean that you are "safe" from the nasties in the world. You can now join the majority of the planet and be scared right along with us!
ComputerWorld reports that:
"January 15, 2008 (Computerworld) — Mac users can now claim their first example of "scareware," a widespread scam in the Windows world where bogus security software tries to spook consumers into anteing up, an antivirus vendor reported today.
MacSweeper, which sells for $39.99 through a Web site by the same name, is a rogue application that will "always find something to fix/clean, but the only way to do so is to buy the program," claimed Patrik Runald, a senior security specialist at Helsinki, Finland-based F-Secure Corp., in a posting to the company’s blog.
"Even more telling that it’s a scam is the fact that when you visit the MacSweeper site with a PC and click on ‘Scan,’ it will tell you that you have security vulnerabilities in folders that only exist on [the] Mac, like ’system_root/home," said Runald. "Fake? Oh yeah."
Additional clues about the application’s illegitimacy, added Runald, are easy to spot. The MacSweeper Web site, for example, includes text under an "About us" heading that is a brazen copy-and-paste from the Symantec Corp. site.
MacSweeper.com, which was registered in November 2007, uses a domain name server based in Ukraine, according to a WHOIS search. The individuals who registered the domain, however, masked their identities using an anonymity service.
MacSweeper, said Runald, is a cousin to the Windows scareware dubbed Cleanator, just one of numerous rogue security programs on that platform that try to dupe users out of money and/or credit card account information by posing as useful software. Among the most notorious scareware applications on Windows: SpySheriff, WinFixer and IEDefender.
"What does the first Mac rogue application really mean?" asked Runald. "It means that … Mac users will increasingly come under attack from bad guys. It doesn’t mean that Mac is becoming less secure in and of itself. But it does mean that Mac users will have to watch out for social engineering tricks just like Windows users have had to do for years."
On a follow-up to the announcement on F-Secure’s blog, a "developer" from MacSweeper posted the following comment:
I would like to explain all the situation, about MacSweeper.
We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don’t believe me, you can use any type of firewalls, dissemblers, or other tools) .
The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don’t want to completely destroy Good Name of MacSweeper application.
Personally I adore Mac Platform, and it hearts to here that the program you wrote is said to be some kind of "Rogue application" , i wouldn’t like to destroy good manners of software written for it :((
I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application. You can ask Questions, and i will try to answer them!
Thank You!
support@macsweeper.com"
Remember the wad of cash found under granny’s mattress when she went to the great knitting circle in the sky? Yeah, me neither!
From ComputerWorld
"January 14, 2008 (Network World) — A new Trojan program is targeting unwitting users’ bank data by intercepting account information before it is encrypted and sending it to an attacker’s central database."
Apparently this thing is pretty vicious so read the article and make sure your computer is up to date on all patches and anti-virus definitions! The Trojan is downloaded via Web exploits so you may not even know you got it. If a site you visited (even a reliable one) has been infected, your computer will download the Trojan. If your computer is not up to date with your protection software you will be in deep dodo.
Boy, ComputerWorld is really cranking out the hits today….
According to the report, a site claiming to be "Hack Safe" got hacked! Geeks.com had to tell its customers that their personal/financial info may have been exposed during a break in back in early December.
For shame, Geek.com! It is time for you to turn in your pocket protectors!
Did you get a digital photo frame for the holidays? What about a pair of MP3 sunglasses? Or, perhaps, a new GPS after yours got stolen? Yeah, I sure hope you didn’t plug that baby into your computer…..
SANS Internet Storm Center reports that many of these devices came packed with an extra bang for the buck; malware!
You may want to check the article out before trying to use the gizmo or you may want to notify anyone you gifted with an electronic gadget complete with internal memory to check the article before using it.
Happy Holidays! 
My friends at ComputerWorld say that over 70,000 web servers have been infected with a SQL Injection attack. What this means is that a site using a Windows SQL database may have been infected with an attack script that infects a visitor’s computer.
This attack is not just on the archaic sites buried in the dust of the Internet. We are talking some pretty major sites. SANS Internet Storm Center reports that the viral script hosts can be searched for on Google.
One host is uc8010[dot]com. This Google search resulted in sites such as HGTV, netmagazines, virginia.gov, tnstate.edu, livingbeyondbreastcancer.org, cleveland.oh.us, ca.com and several thousand more even after 4 days.
But, there’s more: ucmal[dot]com is another script host spewing this crap. This search resulted in over 90,000 hits, including myspace and many Chinese language sites.
So, my friends, you may want to make sure you are blocking JavaScript from running freely on your browsers or do a search on any site you want to visit before going. Luckily, Truffuls is not a Windows site and a search of "uc8010.com/0.js truffuls" and "ucmal.com/0.js truffuls" resulted in no matches! 
From ComputerWorld:
"Crime and punishment: The white knight of phish-busting
Robert McMillan
December 31, 2007 (IDG News Service) Until just a few months ago,
Gary Warner did not have the kind of day job you’d expect from an antiphishing crusader. He didn’t work for a security vendor or a bank, or any kind of company you’d expect to care about phishing.
Warner’s career as a cyber-sleuth began on Halloween 2000. That’s when his company’s Web site was defaced by an entity named Pimpshiz as part of a pro-Napster Internet graffiti campaign.
"My boss came to me and said, ‘Find out who did this and put them in jail,’" said Warner, who was at the time an IT staffer with Energen, a Birmingham, Alabama oil and gas company.
It was an eye-opening experience. "I called the police and they were like, ‘What do you want us to do?’" he said.
Months later, when Pimpshiz struck servers at NASA, Warner reached out, calling staff there and saying "Hey, we know who this guy is. Here’s his name and address."
Since then, Warner has quietly become one of the most-respected authorities on phishing in the U.S. — the kind of guy that federal agents and banking IT staff call when they want to know how to catch the bad guys and shut down their credit-card-stealing Web sites.
With Warner’s help, authorities eventually arrested Pimpshiz, whose real name is Robert Lyttle, in connection with the defacements.
Fishing for phishers
Warner said that the Pimpshiz case was formative, underlining how hard it is for law enforcement to catch the bad guys on the Internet.
"The experience showed me that it’s not that they don’t care," Warner said. "Their hands are tied by the legal process."
Soon, Warner found himself spending dozens of hours each week compiling data on spammers and phishing attacks. "I would sit for a couple of hours every morning and find all the new phishing sites that I could," he said.
He’d take screenshots of the sites, e-mail the Webmasters who were hosting them and ask them for Web logs, and eventually he started making connections — he’d connect one phishing group with several different attacks — and learn who he needed to call to get Web sites removed, no matter where in the world they were hosted.
He’d get calls from IT staff at small credit unions asking for help taking down fraudulent sites, every day, all day long. It was cutting in on his work. Late last year, he decided to make a change. "I went to my boss and told him that I’m going to look for a way to do this full time."
Helping the feds crack down on online fraud
In July, with recommendations from FBI and Secret Service agents, Warner took a job as Director of Research in Computer Forensics with the University of Alabama at Birmingham (UAB).
He also began working with law enforcement, not only educating FBI and Secret Service agents on how crimes were committed, but also helping to track down the criminals and helping with take-downs.
"He’s an outstanding resource for the FBI," said Dale Miskell, supervisory special agent with the FBI’s Birmingham Cyber Crime unit, who has worked with Warner since 2005.
Miskell said Warner has helped the FBI with investigations and taught staff about his antiphishing techniques.
"He could be a multimillionare by his skillsets… he’s a very gifted speaker, he can talk to the techies, and then he can turn around and talk to the non-techies and everyone will understand."
Warner is now focusing on fighting cyber-crime full-time and on training a new generation of network forensics investigators. "You wouldn’t believe the looks on their eyes the first time they got an e-mail back from a Webmaster saying, ‘Thanks for letting me know. I just shut that down.’"
When he spoke with IDG News, it was five days after final exams at the University of Alabama at Birmingham and though it would have no effect on their marks, four students were still coming into the labs to help shut down phishers.
"That idea that as a private citizen, you can help, that’s the kind of thing we’re trying to inspire," he said.
The future of phish-busting
At the University, Warner is building up a 256-node supercomputer which could eventually become the largest collection of spam email on the planet, processing as many as 100 million email messages per day and providing researchers and law enforcement with valuable analysis data.
For Warner, the work isn’t so much a job, as it is his moral responsibility as a computer scientist. "One of the things that really bothered me from the very beginning was people who were using my field to attack other people," he said. "The way I see it, this is our Internet. I’m going to stand at the end of my driveway and protect what’s mine."
He says that his anti-phishing work hardly feels like work at all. "This is what I like to do," he said. "It’s cheaper than golf, and you can do it when the weather’s bad."
What you can do to protect yourself
"The best people that help law enforcement have no motive other than to catch the bad guy," said one law enforcement official who declined to be identified because he hadn’t been authorized to speak with the press.
But even if you’re not a cyber sleuth, if you get hit by a computer criminal there are some things you can do to help police catch the criminal. What you should do depends a little bit on the crime. If you’re the victim of identity theft, it’s worth filing a report with state and local police so that you have a record of the crime.
That comes in handy later, in case you need to prove that it was the thief, and not you, that incurred any subsequent charges. Another good place to stop is the Federal Trade Commission (FTC) site, which has a variety of tools to help identity theft victims get organized and set their credit back on track. And if things get really bad, the Social Security Administration can help you, too. This site has instructions on how to report social security fraud and get a new social security number.
You can file a report with the FTC, but if you want your data to be used to catch the bad guys, the Internet Crime Complaint Center (IC3) is a better bet. Run in part by the FBI, the IC3 data is used regularly by law enforcement to link together large schemes. The more factual data you can report about your crime, the more useful it will be to police. Sometimes a single fax number or eBay ID can help crack open an entire case.
The FBI is most interested in crimes that involve malicious software, phishing, and child pornography. Spam and auction fraud get a lower priority and, worse, if you’re the victim of an auction fraud, the odds of you ever getting your money back are very low.
Still, if you’re rigorous about documenting the crime, and you fill out that IC3 complaint, you just may be helping to bring down your criminal — some day."
LOL!