It is funny you mention what you do. First, I just turned on my computer this afternoon and (Running XP) found 2 more updates waiting. They are both Microsoft alerting me to security updates that are fixes to problems with IE 6 or Media Player(?) that can allow someone to access my computer and read files or execute other programs etc. (Plant Viruses(?)). What is concerning here is that I have received about 10 of these patches for IE 6 since I have had my computer. I got three of them alone in the very week that I got bombarded with the worm mails. It seems to me that IE has more holes than a fine Swiss Cheese.
I also run Norton Firewall and Norton Anti-Virus. My Norton Software updates automatically also and I have it set to scan all drives weekly. As of Friday my computer was Virus Free. In fact, at the time of the Virus (worm) attack a few weeks ago my virus software was updated the day before (September 18th). I ran it 3 times in the first day and a half while I was researching the worm and everything was fine. I checked Symantec that day and found the discription of the virus and confirmation that the "Virus Definition" update from September 18th included this worm.
When I got a small bombardment of returned mail several days before hand I contacted AOL and was told to change my password. I did but the bombardment continued and even got worse. While it has died down significantly, I still received 2 such emails as recent as today. That is why I figure that my address was harvested from board posts, or a friends infected computer, and not from a breach of my system.
As for my eBay account, My password IS NOT STORED ON MY COMPUTER. I have chosen for safety reasons to personally insert passwords rather than have them stored on the computer.
As for AOL one of the good things about it is that I don't open files automatically when I open email. In order to view attachements I have to actively download them by selecting "Download" and selecting a file to download to and "Downoad Now" or something like that. It is unlikely that I can accidentally download a virus or worm without going through a detailed process to do so. Unless there are embedded commands in the email. AOL will notify me when an email contains an embedded link or script and will alert me to be careful or certain of the sender. As an example, when I open mail from various VEGAS casinos that use HTML formatting in their mails I am alerted regarding the possibility of script or links that can be harmful. Unless I know or am familiar with a sender I NEVER OPEN SUCH MAIL.
As for all the Worm mails that I have been getting in the last month or so, I have only opened some of the returned mail that told of undeliverable mail or warned that my sent mail contained viruses. I would add here that NONE of the questioned mails were anything that I actually sent or anyone that I actually know. In fact many of the email addresses seemed to be random combinations of cheracters. I suspect my email address for such mail was harvested from USENET Posts.
I never opened any of those attachments and for curiosity I opened one email that touted an Internet Patch and when seeing the script or embedding warning I simply closed it and dumped it.
Finally while I do have an AOL account I do not access through AOL. I am now using Broadband through my cable company and access AOL through that. As I said before, I also use a firewall, and, I am not one to leave my computer on all the time like some of my friends on Broadband do. I often turn it off multiple times a day thus changing my IP address and making it more difficult for hackers. That, plus, it cleans out a lot of clutter that can slow the computer or cause crashes or hangups or freezes etc.
I do use a Wireless linksys card for my connection but that also is protected through security encryption, access codes or whatever. I would add in this respect, it is interesting that from time to time I get Lynksys windows that tell of multiple networks available even though we only have one network in the house. A couple of times my brother and I have laughed at the fact that some of our neighbors are, appearently, running wireless networks in the clear. It is possible that someone in my neighborhood could view my activity if I didn't have it these security measures enacted. Thus, if you do use a wireless modem connection, make sure your connection is properly secured.
I am really suspicious to be honest of eBay's explaination. I find all of it difficult to believe that someone actually got my password, and figure that it is probably something that I did or someone did that created a misunderstanding of whether someone was attempting to to access my account. Ebay may have been overly cautious. Could it even have to do with my AOL address and non AOL IP. Or the fact that while using my notebook in low light I often mistype my password. Could a high number of wrong password attempts have raised a red flag. Whatever the situation it is resolved and I suppose I am appreciative of them taking action, even when not necessary, to protect me. Like when a credit card company notices a charge on your account that isn't normal for your purchasing habits and calls you to confirm.
My only real gripe with Ebay is that they were horrible with getting back to me and with the customer service end of this. I think they should be a little bit more open regarding what happened and they should have gotten back to me immediately. Then they had the nerve to ask me to fax them my Drivers License or other Governemtent issued ID. Asside from seeing that as another potential for Identity theft, (although they DID emphasize to block out SS# or other sensitive info) I also don't see how that can lead to an accurate confirmation. They said all they NEEDED was my Name and Address clearly viewable. OK, if a were an ID Theif I could use any Illinois DL and with a little Photoshop experience type in a known address from an ebay transaction, and they couldn't tell the difference. Besides, My DL has my home address. I use a PO BOX for my eBay account. Thus that ID would not have authenticated me anyways. I did get good courteous and efficient assistance through Live Help and was asked 1 question about an old eBay transaction. They confirmed who I was, Problem solved. To have an automated response ask for a fax of information and saying that it would take 48 to 72 hours to reply and tell me not to respond back or it will make the process take longer further is UNACCEPTABLE. As for Live Help the problem was that I had to sit at my computer for an hour for assistance
|