Editor's note: This month begins a continuing series focusing on security and other important concerns in our cyber world. Stay with us for information that may help keep you safe and secure in months to come. . .

Find out how "Security Aware" you are!
Do you believe you're a little more Security Aware? Can you identify the threats that exist in your environment and the steps you should take to avoid them? Take the following quizzes and find out.

• Phishing http://www.onguardonline.gov/quiz/phishing_quiz.html
• Spyware http://www.onguardonline.gov/quiz/spyware_quiz.html
• Identity Theft http://www.onguardonline.gov/quiz/idtheft_quiz.html
• Social Networking http://www.onguardonline.gov/quiz/socialnetworking_quiz.htmlOct.

Firewall Foibles
Myth: I've heard that hardware firewalls are better than software firewalls.
Fact: Hardware and software firewalls provide different protections for your computer, which make it a good idea to have both. If you have DSL (digital subscriber line), for example, chances are good that your DSL modem also acts as a basic hardware firewall; it makes your system invisible to the Bad Guys out there prowling around on the Internet. "Security by obscurity" is an important primary defense, but many kinds of viruses, worms, and spyware can get past this kind of protection. A software firewall, your best secondary defense, should be ready and waiting to stop the malware before it gets loose in your computer where it can both compromise your personal information and begin attacking other networked computers.

Myth: I know that my DSL modem is also a hardware firewall, and I have the Windows firewall turned on, so I don't need a separate software firewall.
Fact: With a basic hardware firewall in place and the Windows firewall turned on, your system is protected against hacking attempts from the Internet and the ill effects of many varieties of malware. But the Windows firewall is one-directional; it only defends your computer against incoming attacks. Your computer can still get infected via other means such as infected e-mail attachments. If it does, your computer may start acting out and attacking other networked computers, also without your knowledge. A two-directional firewall will help quash outgoing attacks directed at other computers as well incoming ones directed at your computer, and serves to alert you that your computer has become infected so you can take the steps to correct the problem.

Current scams, malicious email and hoaxes:

Bank, Credit Union, Pay-Pal, and eBay Phishing Scams
Bait: As we reach the end of summer 2007, these email phishing scams are fewer in number, but are still going strong. Remember that banks, credit unions, Pay-Pal, and eBay never send out emails asking account holders and members to provide or verify personal information. If you do get one about an institution you belong to, you should call them.

Fake E-card Emails Beget Fake Membership Emails
Bait: Emails claiming that you have received a free, temporary membership in a website providing resume listings or cellphone ringtones.  The criminals responsible for the fake e-Card messages changed tactics and began distributing these bogus membership confirmation emails in August. The login link in the email actually points to a dirty website that attempts to install yet another Trojan. It may also attempt to trick you into manually installing malware components. The bogus web page may contain a message similar to the following: If you do not see the Secure Login Window please install our Secure Login Applet. Don't fall for any of it.

Bum_tnoo7 Hacker Warning Hoax
Bait: Emails claiming that "bum_tnoo7@hotmail.com" is the address of a hacker and simply by accepting the address into your instant messaging contact list, you will allow the hacker access to your computer. The warning has been rapidly circulating around social networking communities such as Facebook and MySpace and is also travelling via instant messages and email. This warning is bogus and should not be taken seriously. The message is, in fact, nothing more than a spin-off of the long running MSN contact list virus hoax.

Infostealer.Monstres,
a Trojan that installed itself on many users' computers, has stolen over 1 million records from the Monster.com job search website's database, including the name, email address, home address and phone numbers of several hundred thousand job-seekers, based mostly in the United States.
Editor's Note: If you didn't read Section One of this issue on Firewall Foibles, go back and read through it. This is an excellent example of why you want a two-directional firewall on your machine.

Storm Worm,
a worm that spreads by infected email attachments, began spreading and creating botnets in January. Many variants that have appeared since then make it a tough security opponent. The latest targets have been colleges and universities. The malware's latest trick is to strike back at the computers pressed into service to scan networks and remove the worm. (See also Security Newsbytes below.)

VirusProtectPro,
a Trojan masquerading as an anti-virus and anti-spyware product installs itself on your computer without your permission and creates a series of pop-ups suggesting that you need to purchase more products like it.
Editor's Note: This imaginative malware has all the elements of well done IT parody – no exotic name, no unexpected attachment, no bogus claim on how to make money, just a "straightforward" offer to protect yourself from Bad Guys, expressed in language that ordinary computer users understand and are accustomed to: "Virus", to get your attention; "Protect" to reassure you; and "Pro" to suggest that it is the Real Thing.

YouTube and You Lose
A hacker group known as "Storm Botnet" began flooding the Internet over the weekend with emails, inviting Web users to watch a salacious video starring them on YouTube, the video-sharing site owned by Google. However, links in the emails actually point to attacker-operated sites that try to download several malicious programs onto vulnerable personal computers. Once infected, victimized PC's become spam machines, "zombies" that Storm Botnet can use to attack other computers. The attackers also plant a rootkit in victim PCs that tries to hide the malicious programs so antivirus software can't remove them. (See also Malware above)

Insecure Security Products
Several anti-malware vendors have issued security updates for their products recently. The highest-profile fix was by Trend Micro, which patched numerous flaws in its ServerProtect, Anti-Spyware, and PC-cillin products. CheckPoint Labs also fixed a serious vulnerability in their ZoneAlarm products—a privilege-escalation error could allow attackers to disable the software or gain unauthorized access to the system. Finally, ClamAV, the open-source security software recently acquired by SourceFire, recently added fixes for denial of service and other bugs.