I received this email today about Google Lottery. I know this email scam for years and I wonder why it was able to pass through my Gmail anti-spam security. Here's the exact email message:
+++
Dear Sir/Madam,
Congratulations to you!! You have just been picked as one of our luckywinners of £850,000 British Pounds in our online promotions. For more info/ how to claim your winnings,contact the processing officer (Mr. Grahams Benfield) with the email addresses below by sending your winning numbers,full names, sex and location.

This is alarming and I would like to inform our readers if you manage your domain name for personal or business use. Please call your registrar or email customer service, ask them to lock your domain name and not to transfer without your approval. This is added task from locked domains and changing your account password regularly. "Weitzman has been in the domain game since 1994 and oldtimers in the industry know him as one of the pioneers in the business. Weitzman is a quiet guy who has never been interested in the spotlight, but as the victim of a major domain hijacking he is speaking up now with the hope that the publicity will lead to the return of his domains and prevent problems for others who might unknowingly buy the stolen names and lose their investment. Weitzman is also trying to find out how the theft happened and he believes the break-in could have occurred as high as the registry level at Verisign." (2009, DNJournal.com)

I've read an article that was posted yesterday July 14, 2009 regarding Twitter was Hacked by Hacker Croll.He had access to the Paypal, Amazon, Apple , AT&T, MobileMe and Gmail accounts of Evan Williams, Sara Morishige Williams, Margaret Utgoff and Kevin Thau (twitter employees)."(2009, Tomsoft). According to Tomsoft, the hacking was done through google apps using simple to guess password.

If you have a Facebook account, you need to read this article. This is another phishing incident that was reported today courtesy by Reuters.com.

"Hackers launched an attack on Facebook's 200 million users on Thursday, successfully gathering passwords from some of them in the latest campaign to prey on members of the popular social networking site.

Facebook spokesman Barry Schnitt said on Thursday that the site was in the process of cleaning up damage from the attack.

He said that Facebook was blocking compromised accounts.

Schnitt declined to say how many accounts had been compromised.

The hackers got passwords through what is known as a phishing attack, breaking into accounts of some Facebook members, then sending e-mails to friends and urging them to click on links to fake websites.

Those sites were designed to look like the Facebook home page. The victims were directed to log back in to the site, but actually logged into the one controlled by the hackers, unwittingly giving away their passwords.

The purpose of such attacks is generally identify theft and to spread spam.

The fake domains include www.151.im, www.121.im and www.123.im. Facebook has deleted all references to those domains." (2009, Reuters.com)

I have a client that have asked me to assist them fixing their "hacked" website through vulnerabilities of old version of Joomla CMS. I said you should always apply the latest release of Joomla, they are very active in patching security vulnerabilities.

Just in today (actually a couple of days ago, wednesday).  "It was one of those things she never does. But, Wednesday night, when Amory Wooden, 27, received a Facebook message from a friend directing her to a new Web site, she clicked on it. Not only that, once fbstarter.com popped up in her browser, she typed in her Facebook user name and password.

She had no idea she'd been hoaxed until Thursday morning, when messages from Facebook friends started pouring in about how they all fell for it." (2009, abcnews.go.com)

I've got some questions from our visitors on how to remove the Spyware Protect 2009 Alert program in your workstation. I know it's annoying to see this pop-up, well you come to the right place to get additional information on how to get rid of this program on your workstation.

When you first bought your computer (workstation) or your laptop, did you set your Automatic Updates to install Microsoft Security Updates daily?

Did you install anti-virus software and download updates daily?

If you have not done it lately, it's highly recommended to download the latest Windows Security Updates and run anti-virus live update for your workstation. This is to minimize risk of exposure, patch vulnerabilty and close known exploit. This coming April 1st, April fools day a virus known as The Conficker Worm will start attacking computers connected to the network and Internet. I don't know the attack pattern, in the past the attacker created a botnet to disabled known website through Destributed Denial of Service (DDoS) Attack. The method of attack might be different as they know that most businesses added security measures against this type of attack.
This is the time to run Windows Update, update your antibot software, and update your anti-virus software.

Here's how to check you workstation via Microsoft OneCare online service.
For Windows XP, please use this link:
http://onecare.live.com/site/en-us/default.htm

For Windows Vista, please use this link:
http://onecare.live.com/site/en-us/center/whatsnew.htm

To run the online tool, you need to use Microsoft Internet Explorer 6.0+ browser. I'm not surprise that they don't support Google Chrome or Firefox to run this tool. Click on Full Scan, it will take a while to complete the scan depending on how many files you have in your workstation. Be patient.

After the scan, read the report.

Norton website provide detailed information about The Conficker Worm.

What to do if you are infected? Here's a three (A, B, C) different approach to correct this problem. Click the one appropriate for your workstation.