DIYbanter - Warning for Earthlink users

DIYbanter (https://www.diybanter.com/)

- Metalworking (https://www.diybanter.com/metalworking/)

- - Warning for Earthlink users (https://www.diybanter.com/metalworking/321124-warning-earthlink-users.html)

Warning for Earthlink users

On Apr 1, 2:06*am, cavelamb wrote:
It seems like Earthlink has a serious email security problem.
...
So, *If you see anything from
ERASE it as fast as possible...

It brings in *TROJAN.WIN32.GENERIC!BT

Malwarebytes, Avast!, and Norton were unable to find it.
But Vipre did. *(My new best friend)
...

Thanks. I received a suspicious one from "Google" via gmail a while
ago but didn't open it, Not much gets through the wire here.

This discussion from the main source of professional computer support
suggests that AVG can find it.
http://forums.techarena.in/networkin...ty/1327007.htm

jsw

Warning for Earthlink users

http://www.cnn.com/2011/TECH/web/04/....html?hpt=Sbin
http://www.securityweek.com/massive-...s-major-brands

Some may dismiss the type of data harvested as a minor threat, but having access
to customer lists opens the opportunity for targeted phishing attacks to
customers who expect communications from these brands. Being able to send a
targeted phishing message to a bank customer and personally address them by name
will certainly result in a much higher “hit rate” than a typical “blind”
spamming campaign would yield. So having access to this information will just
help phishing attacks achieve a higher success rate.

A Marriott Rewards & Ritz Carlton Rewards spokesperson told SecurityWeek that
their customer names, email addresses, and member point balances were exposed:

"We recently discovered that one of our third parties’ computer systems was
tampered with. Tampering with our systems by an unauthorized person or persons
is an illegal act and we reported this incident to a law enforcement agency who
is currently investigating this matter. The unauthorized person(s) had access to
email addresses and member point balances. They did not have access to member
addresses, account logins and passwords, credit card information or other
personal data," the spokesperson wrote in an email.

Correction: The Marriott Rewards spokesperson contacted us on Sunday to
correct their initial statement, saying that member point balances were not
disclosed afterall.

Citi also warned customers over Twitter about the incident, Tweeting the
following: "Please be careful of phishing scams via email. Statement from Citi
for our valued Customers regarding Epsilon & email" with a link to the following
statement: "Because e-mail addresses can be used for "phishing" attacks, we want
to remind our customers that Citi uses an Email Security Zone in all our email
to help them recognize that the email was sent by us. Customers should check the
Email Security Zone to verify that email they have received is from Citi and
reduce the risk of personal information being 'phished.'"

As the initial disclosure by Epsilon occurred late in the day on Friday, I
expect several more brands to be announcing that they’ve been affected by the
breach as well. When asked to comment, Epsilon has refused to provide additional
details on what other brands may have been affected.

Warning for Earthlink users

On Apr 4, 12:48*pm, CaveLamb wrote:
http://www.cnn.com/2011/TECH/web/04/...romises-custom...

Some may dismiss the type of data harvested as a minor threat, but having access
to customer lists opens the opportunity for targeted phishing attacks to
customers who expect communications from these brands. Being able to send a
targeted phishing message to a bank customer and personally address them by name
will certainly result in a much higher hit rate than a typical blind
spamming campaign would yield. So having access to this information will just
help phishing attacks achieve a higher success rate.

A Marriott Rewards & Ritz Carlton Rewards spokesperson told SecurityWeek that
their customer names, email addresses, and member point balances were exposed:

* * *"We recently discovered that one of our third parties computer systems was
tampered with. Tampering with our systems by an unauthorized person or persons
is an illegal act and we reported this incident to a law enforcement agency who
is currently investigating this matter. The unauthorized person(s) had access to
email addresses and member point balances. They did not have access to member
addresses, account logins and passwords, credit card information or other
personal data," the spokesperson wrote in an email.

* * *Correction: The Marriott Rewards spokesperson contacted us on Sunday to
correct their initial statement, saying that member point balances were not
disclosed afterall.

Citi also warned customers over Twitter about the incident, Tweeting the
following: "Please be careful of phishing scams via email. *Statement from Citi
for our valued Customers regarding Epsilon & email" with a link to the following
statement: "Because e-mail addresses can be used for "phishing" attacks, we want
to remind our customers that Citi uses an Email Security Zone in all our email
to help them recognize that the email was sent by us. Customers should check the
Email Security Zone to verify that email they have received is from Citi and
reduce the risk of personal information being 'phished.'"

As the initial disclosure by Epsilon occurred late in the day on Friday, I
expect several more brands to be announcing that they ve been affected by the
breach as well. When asked to comment, Epsilon has refused to provide additional
details on what other brands may have been affected.

Are the companies worried about their customers....or themselves?

Considering the damage leaked info can cause, why are companies not
held legally responsible for the damage that is caused by their lapse
in security?

We prosecute leaking classified data but not personal data?

FWIW....Earthlink has been losing a significant number of emails of
late...if you have them for an ISP you likely have been affected
without knowing it has happened.

TMT