Australia's Leading Computer Emergency Response Team

A SPAM email, one patch, and a lot of other updates
Date: 16 March 2012
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=15609

Greetings,

As I made my morning coffee while waiting for the pile of spam from over night to trickle in on an ever-flaky ADSL connection, I accidently glanced at one that caught my eye. It was for the SDA "Security Jam 2012" - a forum to discuss various security topics. Initially I assumed that it was put into my spam folder by mistake. However after a slightly longer look, I am not so sure.

The following are the items that made me think it might be legitimate:

  • They used my last name (although only my last name) in the email "TO".
  • They mention what is, to the best of my knowledge, a legitimate forum.
  • I have had numerous phone calls from people who (claimed to) work for SDA.

The following are the reasons I left the email in the spam folder:

  • They started the email "Dear Mr. #last_name#,"
  • Every one of the links was going to the same place (both "register" and other general information links)
  • The links did NOT point to a site that was obviously related to Security Jam or SDA
  • It was sent from one organisation, had links pointing to a second, and was advertising a third (SDA "Security Jam").

So if you are ever in the position of needing to do "cold call" email marketing, please do everything in your power to make the email look correct. Send it from your own mail servers/email address, from your company, advertising your company, and make sure you get my name correct. Then, if you are lucky, I will consider reading it.

Now back to the vulnerabilities, and in my book there was only one real vulnerability (amidst the rest of Microsoft patch week) and a lot of other smaller ones. If you have not patched the RDP vulnerability then I will wait for you to patch it now. (Actually I won't, but because it is text - you won't be able to tell).

Now that you are much more safe, Cisco also released three security bulletins and Safari, Chrome and Firefox were all updated. VMware also released two bulletins that were actually last week, but snuck past our Australian Friday and shall therefore be included this week. All of these are worth patching, but the three web browsers would be my first point of call (assuming you really did go and patch the RDP vulnerability rather than having just kept reading).

Have a good weekend,
Richard