January, 2009

The Worst Outbreak in Years

Using a flaw in the Windows Server service that was detected and patched months ago, a single worm has managed to infect nearly 9 million PCs in just over two weeks — and the rate of infection is increasing by the day. In just four days, the "Downadup" worm (which is also sometimes referred to as "Conficker,") spread from an estimated 2.4 million computers to 8.9 million. It has been described by many security experts as the worst outbreak of malicious software in years.

In October, Microsoft sent out a rare emergency security update for all of its operating systems, including Vista, XP, and Windows 2000. Unfortunately, this update seems to have been ignored by a large portion of PC users, leaving millions vulnerable to Downadup.

Full Dangers Still Unknown

Right now the intentions of developers responsible for the malicious software remains unclear. For the time being, the hackers have only bothered to send out a fake security security program, which creates pop-ups designed to annoy users into paying for a worthless program. But Downadup could potentially hijack millions of computers and use them as bots capable of carrying out whatever commands the hackers send them.

That the whole problem could have been averted if users had just bothered installing a patch Microsoft issued long ago, underscores the importance of setting your operating system to automatically download and install security updates. Those with infected computers undoubtedly let the patch languish for months in an update queue, alongside much less essential software updates.

How to Update Windows Automatically

Windows XP

To set your PC to update automatically in Windows XP, simply access the Control Panel in the start menu, click "Automatic Updates," and choose "Automatic."

Windows Vista

For Vista, open Windows Update in the start menu, select "Change Settings," and then select "Install updates automatically."

How to Remove the Worm

Your computer might not be showing any signs of infection or you may have seen some odd behavior.

From Microsoft:

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

• Account lockout policies are being tripped.

• Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
• Domain controllers respond slowly to client requests.
• The network is congested.
• Various security-related Web sites cannot be accessed.

If your PC has already been infected by Downadup, first install the emergency update, then run the latest edition of Microsoft's Malicious Software Removal Tool to remove the worm from your computer.

More information about the worm is available from Microsoft. You can also read more on Computerworld.

It's a new year and — what do you know — there's a new tactic in the endless quest for new and improved phishing schemes from scammers.

Here's How It Works

Researchers at Trusteer recently released a security advisory detailing this new phishing technique. Rather than using email to lure unsuspecting victims into clicking over to a fake web site, this technique uses what Trusteer is calling "in-session" attacks. Here's a typical scenario:

• A user opens a browser and logs into their banking web site
• Leaving that browser session open, they open another browser window to check on their Webkinz or some other web pursuit.
• After a time, a pop-up window opens — supposedly from their bank web site — asking for them to re-enter their username and password.
• Since the user has recently logged in to the targeted web site, they are more likely to enter their info.

That's it! Their login credentials are now in the hands of the scammers.

What Makes It Possible?

A few things have to be in place for this to work. First, the scammers need a compromised web server in order to install the malware. Fortunately, there are lots of those around. Second, the malware has to be able to determine which other sites the user has visited. This is possible based on a vulnerability in the JavaScript engine used by Internet Explorer, Firefox, Safari, and Chrome.

From Trusteer:

The source of the vulnerability is a specific JavaScript function. When this function is called it leaves a temporary footprint on the computer and any other website can identify this footprint. Websites that use this function in a certain way are traceable. Many websites, including financial institutions, online retailers, social networking websites, gaming, and gambling websites use this function and can be traced.

How Can You Protect Yourself?

Well, the planets have to align a bit to pull this scam off and it's likely the JavaScript vulnerability will be patched in the near (hopefully) future.

Until then, Trusteer recommends the following preventative measures:

• Have an up-to-date anti-virus installed
• Be suspicious of any pop-ups asking you to login

and most of all...

• Log out of banking or other sensitive sites before heading over to Pogo.com for your bingo fix.

Learn more about this attack by downloading Trusteer's security advisory.

We're stepping a bit outside our normal comfort zone of covering scams, fraud, identity theft, and whatnot to present an offer that we think will be valuable to our readers.

For a limited time Suze Orman is making her latest book "Suze Orman's 2009 Action Plan | Keeping Your Money Safe and Sound" available for free via the Oprah Winfrey web site.

NOTE: Offer expires at 11:59 p.m. CT on Thursday, January 15

Why Should You Read This Book?

I have to admit that I haven't read the whole book yet. I wanted to get this posted so you would have time to download it before the offer expires.

What I have read, however, speaks directly to these ugly economic times. I see my friends in the U.S. and elsewhere struggle with layoffs, home foreclosures, business failures and every other kind of stressful situation. Unfortunately things don't look like they'll be improving anytime soon and we're all wondering how we're going to survive this downturn.

I think Suze says it best in her Introduction:

I bet you are scared. Angry, too. And confused. These are absolutely rational and appropriate responses to the global credit crisis that erupted in 2008 and continues to send tremors through every household in America. And I do mean every household. No matt er how conscientious you have been with managing your money, the events of 2008 have battered us all.

The one in 10 homeowners who are at risk of facing foreclosure on their homes are obviously scared, but so too are the 9 out of 10 homeowners who can afford their mortgage but are watching plummeting home values jeopardize their financial security.

It’s not just the overreaching Wall Street firms who are paying the price for those risky investments. Every U.S. taxpayer is now on the hook for a massive bailout — bailout engineered by the same players in the federal government that had turned their back on regulating the very practices at the root of today’s financial crisis. Angry? You should be.

In any case, the book is free until January 15th, so it won't cost you more than a minute or two of your time and a few bytes flowing over your internet connection.

I think it will be worth your while. Take care out there...

Go the the download page on the Oprah Winfrey website. Once the offer expires you can buy the book for less than $10 on Amazon

In case you want to learn more about the book, I've provided some Amazon reviewer comments and the table of contents:

Amazon Reviews

Suze hit it big with this book for many people. She wrote a precise book on how to handle 2009 proactively with specific "what to do" situations and how to assess financial challenges into correct decisions. Picking this book on Borders out of curiosity, I learn a lot from security precautions you should take from local banks. That alone pays the trip and the well deserved $10 I paid over a Dolce Latte over the quick read.

This is hands down Suze Orman's best book. Upon reading every word and turning every page I felt confident that I am on the right track. Following Suze's advise over the years has provided me with the education required to be prepared for what lies ahead. The Expenses breakdown chart is a very helpful tool to see where you can cut back. I also loved the format in which this book was written, it can be used as a reference tool and you can read based on your area of concern be it credit, 401k, retirement etc. I think everyone should not only read this, but live by it!

See the rest of the reviews on Amazon

Table of Contents

2009: The New Reality

A Brief History of How We Got Here

Action Plan: Credit

• Falling credit lines
• Rising interest rates
• FICO scores under pressure
• Repayment plan
• Debt consolidation
• Borrowing from 401(k)
• Borrowing from home equity line of credit
• Bankruptcy
• Collection agencies

Action Plan: Retirement Investing

• The case for stocks
• Allocation strategies
• 401(k) loan/early withdrawal
• IRA rollover
• Retiree income strategy
• Roth IRA conversion

Action Plan: Saving

• FDIC insurance
• Money market deposits
• Eight-month emergency fund
• Credit squeeze

Action Plan: Spending

• Expense/income worksheet
• Finding ways to save
• Needs vs. wants
• Insurance saving tips
• Car loans
• Dif?cult choices
• A challenge from Suze for 2009

Action Plan: Real Estate

• Mortgage-modi?cation options
• Short sales
• Foreclosure
• Home equity line of credit
• Home values
• First-time-buying tips
• Pre-retirement strategy
• Vacation homes

Action Plan: Paying for College

• 529 allocation strategy
• What you can afford
• Federal loan strategy
• Stafford student loans
• PLUS parent loans
• HELOC loans/401(k) loans
• Private student loans
• Repayment
• Consolidation

Action Plan: Protecting Your Family and Yourself

• Job-loss strategies
• Hope for the best, prepare for the worst
• Health insurance
• Life insurance

The Road Ahead