New scam, keep patching!

From the "What Will They Think of Next? Department" the latest PC scam is a "cyber extortion" one. A malicious hacker group is "trying to extort money from Microsoft Windows users" by scrambling text files on our PCs so we can't read them, then telling us we need to pay for a computer program that will unscramble them, the Washington Post reports. How are they doing that? By exploiting a nearly year-old security flaw in the Internet Explorer browser to take controls of text files and using "an encryption scheme" to scramble them. Victims are told to pay for the decoder software "by depositing $200 in the attackers' e-Gold account, an online currency that operates outside of the regulatory and legal controls of the US financial system." Prevention is simple: make sure your family PC is all patched up. To test it, just go to Windows Update and have it scan your system for critical updates, then tell it to install any necessary patches (note that you need to use Internet Explorer for this to work - it won't work with Firefox). "Think most people using Windows would have sense enough to apply Microsoft patches at least once a year?" the Post asks. "Think again. Some of the most prolific viruses and worms circulating the Internet these days infiltrate machines using Windows security flaws that are more than a year old." The other two all-important PC-security precautions, especially for DSL and cable Net connectors, are a firewall and up-to-date anti-virus software on your system. [See also "More browser options"and "The Firefox explosion."]