Proforma Invoices from your (least) favorite sources

SANS Internet Storm Center is noting a rise in targeted phishing expeditions - this time they are sending attached documents (MS Word) that are "Proforma Invoices" for "services" from places like the Better Business Bureau, Internal Revenue Service, Federal Trade Commission and others.

DON'T OPEN THESE!!!!

They contain embedded "objects" which are programs designed to download to your computer various really nasty viruses. These "objects" are not caught by most virus engines, and some of the things they download are not caught either. Your computer may end up with one or more keystroke loggers and/or "bot" engines that will use it for sending other spam and doing malicious work for the crooks that control them.

In another context, to those of you who use WIFI to pick up your e-mail and/or other things - watch out "piggybacking" or "freeloading" on someone's service, either their home service or a WIFI cafe, without permission. Several jurisdictions have not only outlawed this, they have now successfully prosecuted people for doing it. Security Bytes has a quick note on this.

You should also check out Web Applications vs. Hosting on the desktop/server - Security? my new featured article discussing the potential problems with using various kinds of internet application providers, from Yahoo and their like for e-mail, to CRM and other applications that are "web enabled" and provided by others to you for a fee, or even for free.