Trojans are spammed everyday, but the intensity can vary greatly. Here are the Top 3 for Monday, May 29, 2006

• The first message below is in German and talks about a new worm. The message contains an attachment named ms56.zip (containing ms56.exe, detection was added in today’s DAT release under Downloader-AAP)
• The second message is also in German and talks about eBay account activity. The message contains an attachment named ebay-rechnung.pdf.zip, containing ebay-rechnung.pdf.exe. Detection was added in today’s DAT release under Generic PWS.o *note: this threat was proactively detected heuristically as New Malware.j when scanning email
• The third message describes a fake patch for a “new WinLogon Service vulnerability”. The message contains a hyperlink that points to a new password stealing trojan (PWS-WinPatch will be included in the DAT release of 05/30).

============== Message 1 ==============
From: MS Windows Update [msrobot_donotreply@windowsupdate.com]
Subject: b130 - Achtung! Wichtige Nachrichten von Microsoft Windows Update!

Achtung! Wichtige Nachrichten von Microsoft Windows Update!

Sehr geehrte Benutzer Microsoft Windows XP!

Gestern haben unbekannte Hacker den neuen Wurm-Virus eingesetzt. Nachdem er ins system reingreift, wird er von sich selbst nach Ihrer mailadressenliste ausgesendet, und alle Ihren Kontakte werden angesteckt. Nach der Ansteckung das System instabil zu arbeiten, und der Komputer genau nach einer Minute nach dem Hochfahren.

Um die Benutzer des Systems Microsoft Windows XP zu, haben unsere Sicherheitsspezialisten eine Erneuerung das System entwickelt.

Sie sollen die an den E-Mail angeh Datei damit das System erneut wird und vollst von neuem Wurm gesch wird.

Mit freundlichen,
Windows Update
=========== End Message 1 ==============

============== Message 2 ==============
From: eBay International AG [support@ebay.de]
Subject: b131 - eBay Rechnung
Guten Tag,
hier ist eine Zusammenfassung der Kontoaktivitaeten seit Ihrer letzten
Rechnung

In der beigelegten PDF Datei finden Sie die genaue Auflistung ihrer
Rechnung
—————————

Rechnung vom 26 Mai 2006
Abrechnungszeitraum: 1.Mai 2006 - 36. Mai 2006 PST/PDT
Fortlaufende ID:
67-EU30552496-2
AG

eBay International AG
Helvetiastrasse 15/17
3005 Bern
Schweiz

Schweizer MwSt-Nummer: 508 508
EU - Umsatzsteuer-Identifikationsnummer:
EU528002232
Firmennummer:
CH-035.3.103.330-3

eBay-Kontonummer:
E137329757297-EUR
Rechnungsnummer:
047868-1396435809470

Letzte Rechnung: |0,00
Zahlungen und Gutschriften: |0,00

Faelliger Gesamtbetrag:
|540,10
Zahlungsmethode
Sie sind das Lastschriftverfahren angemeldet. Der Rechnungsbetrag
wird innerhalb der bis sieben Tage von Ihrem
Bankkonto abgebucht. (Der Abbuchungsbetrag kann von Ihrem
Rechnungsbetrag abweichen, wenn Sie im Zeitraum zwischen der
Rechnungserstellung und dem Abbuchungsdatum Zahlungen geleistet oder
Gutschriften erhalten haben.)

Hinweis
Saeumnisgebuehren: Wenn Ihr eBay-Konto ueberfaellig ist faellt eine
Saeumnisgebuehr an. Um Naeheres zu diesem Thema zu erfahren, gehen
Sie bitte zu Rechnungen und Zahlungen.
(http://pages.ebay.de/help/account/payfees.html)

Mehr zum Thema eBay-Geb=C3=BChren
(http://pages.ebay.de/help/sell/fees.html)

Mitteilungen

Hinweis: eBay fragt niemals per E-Mail nach vertraulichen oder
persoenlichen Daten (z.B. Kennwort, Kreditkarte, Kontonummer).
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Hilfreiche Links

Zur Beantwortung Ihrer Fragen zu Ihrem eBay-Konto benutzen Sie bitte
den folgenden Link:
http://pages.ebay.de/help/account/selling-account-overview.html

Um Ihre Mitgliedsdaten zu aktualisieren, benutzen Sie bitte den
folgenden Link:
http://cgi4.ebay.de/aw-cgi/eBayISAPI.dll?ChangeRegistrationShow

Um eBay zu kontaktieren, verwenden Sie bitte den folgenden Link:
http://pages.ebay.de/help/contact_inline/index.html

Mit freundlichen Gruessen
eBay International AG

Zusaetzliche Mitteilungen
Die oben aufge Bten Leistungen beziehen sich ausschlie Flich auf Ihre
Anmeldung unter www.ebay.de.
=========== End Message 2 ==============

============== Message 3 ==============
From: Microsoft [patch@microsoft.com]
Subject: Microsoft WinLogon Service - Vulnerability Issue

Microsoft Coorporation

A new vulnerability has been discovered in the Microsoft WinLogon Service , that would allow an attacker to gain access to an unpached computer.

Since your email is part of our private mail lists and your have succesfully registered your Microsoft Windows , you can download the patch to fix this vulnerability before others do.

Please click the link below to download the patch and protect your computer against WinLogon attacks :

http://www.microsoft.com/patches-win-logon-critical/winlogon_patchV1.12.exe

You are free to share this with all your friends and relatives that are using Microsoft Windows Operating System

Thank you

Microsoft Coorp.
=========== End Message 3 ==============

Two NY teens were arraigned last Wednesday for trying to extort $150,000 from Myspace.com.  They threatened to release exploit code that would allow for the pilfering of identity information of Myspace.com users.  (See story.)

Late last year, I was asked in an interview where I thought the arena of online attacks would go.  My response was to look at children-friendly sites and games like Neopets, MapleStory, and Runescape.  Well, my prediction was not exactly correct.  None of these sites have been hit by any automated or programmatic attacks, though each suffers from its own versions of social engineering attacks (more commonly referred to by kids as "scams").  However, shortly thereafter, worms were released on both Myspace and Xanga.

It's always a good time to discuss computer security issues with your children.  Here's some thoughts to start:

1)     Generally, don't talk to strangers.  Unfortunately, children are not going to abide by this, as part of the fun of online games is to meet and play with other people.

2)     Don't tell anyone your real full name.  A first name should be good enough.

3)     Don't tell anyone your age.

4)     Don't tell anyone where you live.  For purposes of playing with new-found friends on-line, just tell them the state, or the time zone and when it would be possible to play together again.

5)     To register online for games, don't give out your birthday!  As a general rule, always use January 1^st.  If the site has a requirement to verify the user's age, then the year of birth could be used.  But all online birthdays should be January 1^st.  (All horses have a birthday of January 1.)

6)     Many sites now ask only for your zip code.  But even there, if you've ever lived at a different address than you do now, use that old zip code.  In fact, if the site is not going to be actually sending you anything via US Mail, use that old address for all registrations.

7)     Establish an online email account for the purpose of using it as the registration email address for any online registration.

8)     Establish an answer to the online "security" questions, like "Name of favorite pet" or "Mother's maiden name".  Especially for something like "Mother's maiden name" which is actually used for identity purposes later in life, make up an answer.  If your children have a school mascot, what's its name?  And just use that same answer for all the *online game* registrations.

9)     And if there's going to be money involved, always require that a parent be involved.

Computer security starts with being aware.  And children need to be made aware.  Or tell them it's just another form of "hide and seek."

In May 2006, we added around 5000 new detections in VirusScan. The next table shows you the figures for the year 2006 :

Day after day you can follow up the number of new and enhanced detections by visiting the link : http://vil.nai.com/vil/DATReadme.aspx

In June 2004, we added the first Symbian virus. 2 years after SymbOS/Cabir, we now detects 286 threats and 4 jokes in this environment family :