If you are having trouble viewing this email, click here to view this online


   ISSUE 5

14 DECEMBER 2011

Article of the Month   Around the World

Staying safe during X�mas


Finally, it is that time of the year, where many of us get a chance to stay at home doing what we enjoy the most. So do the Internet scammers � those who swindle you by means of deception or fraud. I�m not quite sure how many of us actually shop online in this part of the world, but being safe is not only about safe shopping.

It is also important to understand that we need to be extra vigilant during this time of the year, as the scammers know that we tend to spend more time online, buying stuff, sending greeting cards, making friends on social networks, etc. So the scammers and con artists stand a better chance to be more successful when you lower your guard.

1. Social networks based attacks

Con artists can send you emails (that may look genuine) with friend requests, or invite you for a game of checkers. Once you click on that link, malware could get installed in your machine. That�s only the beginning. Once they have control over your computer, they could practically do anything ranging from stealing your passwords to using your computer to launch attacks on other computers.

2. Greeting cards

Like the social network based attacks, be careful before clicking on links you receive via email or other message services. These links may take you to unknown sites (that host malware). They may even appear to be genuine (e.g. I23greeting.com instead of 123greetings.com)

3. Safe online shopping

If you are on a wireless network, is it secure? Make sure the site you are shopping is legitimate. Some con artists even try to make the fake urls look similar to the original by adding, deleting or changing a character. Do not fully rely on search engines. They can be manipulated too (http://bit.ly/rJ1vwc). You could also look for the padlock icon at the bottom of the browser or web pages starting �S� (�S� stands for Secure).

4. Irrespective of the time of the year, updating your anti-virus software, firewall, operating system and other software is generally a good idea.

5. Do not fall into �act now� or �lowest price for next 2 hours� scams.

If something is too good to be true, it probably is not. What is the probability of someone giving you an ipad for 10 USD if you buy within the next 2 hours?

6. Free gifts do not require your credit card details

Ba cautious if someone wants money to post you a free gift.

7. Email from your bank asking you to divulge confidential or privileged information

A legitimate bank would never ask you to do this via email or phone. Always contact the bank and verify the authenticity of the email or the call you received prior to disclosing any confidential or privileged information.

8. Check your credit card or financial statements to detect suspicious transactions

This is a more of a detection measure in comparison to all the preventive measures mentioned earlier. Scan through financial statement and see whether there are irregularities.

Bottom-line: If someone wants to get to you, it is more likely that they would find a way. Be aware of the latest threats. Make your online stay safe and worry free during this X�mas season.

Parakum Pathirana

CISM Coordinator - ISACA Sri Lanka Chapter

Social Network Analytics Saves Lives In Iraq
  By Charles Babcock | December 09, 2011 09:45 AM
Six arrested arrested in million pound phishing scam
December 08, 2011

Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in November 2011


  Fake + Harassment



Statistics - Sri Lanka CERT|CC



Lost USB keys have 66% chance of malware                                               

Paul Ducklin | Sophos |7th December 2011

'....    Sophos studied 50 USB keys bought at a major transit authority's Lost Property auction.

The study revealed that two-thirds were infected with malware, and quickly uncovered information about many of the former owners of the devices, their family, friends and colleagues. 

Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorised snoopers......'

Adobe Reader Zero-day being exploited in the wild

Stephen Doherty | Symantec Corporation | 7th December 2011


'....Adobe has issued a public advisory regarding a critical vulnerability (CVE-2011-2462) that affects: 

- Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh

- Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh

- Adobe Reader 9.4.6 and earlier

- 9.x versions for UNIX 

This critical vulnerability has recently been seen exploited in the wild in targeted attack emails sent on November 1st and 5th. This attack leverages the zero-day vulnerability in order to infect target computers with Backdoor. Sykipot. .....'

Botnets: Hi-tech crime in the UK

BBC | 5th December 2011


About 6% of Britain's home computers have been hijacked by criminals and formed into networks known as botnets.

This chart shows how much spam each network is pumping out each week......'

  Notice Board
  Training and Awareness Programmes - December 2011  
  Date Event Venue
- 13-12 Training on official e-mail  of Ministry of Education staff Computer laboratory of ICT Branch, Ministry of Education
- 27,28 Training on Free and Open source software Computer laboratory of ICT Branch, Ministry of Education

Brought to you by:                           

In partnership with: