Microsoft Internet Explorer: Should You Continue to Use It?

Security alert on Microsoft Internet Explorer, Deliver My Mail, and an example of the Nigerian 419 Scam:
Internet ScamBusters #84

Internet ScamBusters™

The #1 Publication on Internet Fraud

By Audri and Jim Lanford

Copyright © Audri and Jim Lanford

All rights reserved.

Issue #84 July 14, 2004

Hi Everyone,

Today we have a short — but important — ‘Snippets’ issue for you.

We start with an especially significant security alert that affects you if you

use the Microsoft Internet Explorer browser. We then share a very interesting

campaign that our good friend Ken Evoy is spearheading called ‘Deliver My Mail,’

(aka "I’m Mad As H*** And Not Going To Take It Anymore").

This is followed by two ScamBusters website updates you won’t want to miss.

We conclude with a fascinating, real-life example of the Nigerian 419 scam.

Let’s get going…


Security Alert — Microsoft Internet Explorer: Should You Continue to Use It?


As many subscribers already know, Microsoft Internet Explorer has significant

‘holes’ or vulnerabilities that scammers and virus creators can easily take

advantage of. This is certainly not new.

In fact, judging from the number of viruses and Trojans sent to us by subscribers

each week, we know that many subscribers are currently infected by one or more

of these viruses and Trojans.

What may be new is that the security problems for users of Windows Microsoft

Internet Explorer are becoming even more serious and severe.

In the past couple of weeks, a new Trojan was detected that is particularly

malicious. It installs itself when you visit a website — without your knowledge

— and without your having to do anything. In other words, you don’t need to

click or accept anything — this Trojan installs itself anyway.

It is delivered through a pop-up ad that loads a file called "img1big.gif"

onto your computer.

This Trojan is a ‘password sniffer.’ That means that it looks for certain kinds

of information, such as user names and passwords, and relays them back to the

scammers.

Once it’s installed, this Trojan pays attention when you visit a secure webpage,

and it looks for specific banking sites, including Citibank, Deutsche Bank and

Barclays Bank.

If you visit one of these sites and type in your user name, password, etc. to

log in, despite the secure connection, it still watches your keystrokes and

sends them back to the scammer. (Security experts believe this scammer is in

Russia.)

The scammer then has access to your account information — and you didn’t even

know any of this had happened!

What this means: Trojans like this one can give scammers access to your banking

information so they can steal money from your bank account. Further, these kinds

of viruses and Trojans can be used to gain credit card and other personal information,

again to steal your money — or your identity.

This is serious stuff.

If you want to read a technical article that contains more information about

this Trojan, visit:

==> http://www.scambusters.org/a/news2.html

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team

has gotten so fed up with these Microsoft Internet Explorer vulnerabilities,

that they recently recommended that consumers switch to a different browser.

You can read about the storm they touched off with this recommendation at:

==> http://www.scambusters.org/a/news3.html

We happen to agree with this recommendation to switch browsers. There are just

too many security holes in Microsoft Internet Explorer for Windows. Whereas

it certainly is true that no browser is completely secure, we no longer feel

that using Microsoft Internet Explorer is worth the security risks.

Our current favorite browser for Windows is Firefox. Visit:

==> http://www.scambusters.org/a/firefox.html

Note: Microsoft did

release 7 patches yesterday after this article was completed. You should definitely

run these patches if you use Windows. However, this doesn’t really change the

general points made in this article.


Deliver My Mail — Join Ken Evoy’s "I’m Mad As H*** And Not Going To Take

It Anymore" Campaign


Our friend Dr. Ken Evoy has recently launched what he describes as ‘the most

important thing we’ve ever done.’ Ken is the President of Sitesell Inc., and

has done some important things in his career — so that’s saying a good deal.

Basically, Ken is completely fed up with ISPs (Internet Service Providers),

filtering services, and email services that refuse to let legitimate, opt-in

email reach people who want to receive it. (For example, subscribers like you

who double opt-in to Internet ScamBusters and still don’t get some issues –

which is why we now send the Friday update notice.)

Ken is NOT talking about spam. Ken, like us, is a pioneer against spam.

Ken is talking about ISPs and mail companies that won’t let customers and subscribers

receive email they want and have requested — either by allowing ‘whitelisting’

or providing reasonable explanations when legitimate email is bounced.

Ken has decided to fight back by launching the ‘Deliver My Mail’ program. We

support Ken in his efforts.

Rather than trying to describe this free program to you, it’s simpler to let

Ken explain it himself. Visit Deliver My

Mail now.


Internet ScamBusters Website Updates


Given today’s security alert, we recommend you check out the big update on our

main page on viruses.

And, visit this week’s most popular urban legend page — on envelopes.


Nigerian 419 Scam: An Example


Want to see exactly how the Nigerian 419 scam works? Here’s an excellent six-page

description in "The Register" of how someone lost $1,000.

Pay attention to the fake banking site the scammers set up — you’ll see how

they are sometimes able to make themselves seem more credible.

==> http://www.scambusters.org/a/news4.html

That’s it for today. Time to enjoy some lunch on our back porch… See you next

week.