Clark Howard probably gives great financial advice, or so I would assume given that he's got a syndicated show on the topic. But great financial advice doesn't translate into malware advice. A consumer phoned into his show and detailed a phishing email he'd just received. Instead of warning the caller about the perils of logging in via links in fake banking email, Clark told the caller he'd been infected by a keylogger. He then advised him to scan his system with Spybot S&D.

Spybot S&D is a good, and free, program for what it does - mainly focused on adware and spyware. But the spyware it detects is mostly along the lines of scareware and other commercial threats. There are a little over 175000 signatures in Spybot and well over two million malware, so the math is pretty easy here.

There's been a lot of talk about cyber warfare and it always seems to invoke the notion of one government attacking another government. A sort of esoteric, virtual battlefield far removed from our mundane ordinary lives. So probably we don't pay a lot of attention.

But true cyber warfare is so much more than that. It boils down to this: it's the economy, stupid. He (or she) who controls the economy controls the world.

Cyber warfare is being played out based on economic dominance. It is not about crippling military power. It is about gaining the advantage in global stock markets. And your company is on the front lines whether you choose to pay attention or not. But if you do choose to ignore it, the stock market losses will be yours.

Attackers are sending email disguised as correspondence from the Centers for Disease Control (CDC). The email claims an H1N1 vaccination registration is required. Those who comply with the request won't be registering with the CDC - instead they will be infecting their computer with a version of the Banker trojan, which steals usernames and passwords from your online banking sessions. Details here.

It's Thanksgiving Day so with some much needed downtime, I decided to login to my fire mage and play a little WoW (World of Warcraft). No sooner had I done so that I was greeted with the following message:

"Blizzor: Hello, Christmas is approaching. Blizzard released Christmas gifts players can receive free of charge. Please login: wwww.Blizz-Christmas.com."

Now, Blizzard does actually give free Christmas gifts to players - but it's done in-game, with all major cities sporting a huge tree and lots of presents to open. But the Blizzor message is a scam, www.Blizz-Christmas.com is a phishing site that masquerades as a Battle.net lookalike. The intent is to steal your game login credentials. The site uses all Blizzard links in its source code - except for the actual login button. This could trick some naive gamers into believing it's legit. But it's not. Logging in via Blizz-Christmas.com won't net you free gifts - but it will give the attackers your account for free.

The domain currently resolves to 210.72.225.118, an IP hosted in China.

Phishing scams can be difficult to stop. But it seems to me that Blizzard should simply ban any toon names with "Blizzard", "Blizz" or any similar derivative to reduce the likelihood of anyone falling for the scam.

Trend Micro is celebrating 'black Friday' a bit earlier. From now through November 30th, the security vendor is offering 50% off on in the Trend Micro online store. For example, if you've been considering a purchase of Trend Micro Internet Security Suite Pro 2010, you can get it now for $34.95 as opposed to the normal retail price of $69.95.

McAfee AVERT Labs has posted a humorous (but cautionary) tale of a scam targeting Brazilian users. The scam involves a promise of cheap $1 airfare, but delivers a password stealing trojan that  could wipe out your bank account. For details, see: Fly for $1 or Your Money Back!

In Can Adobe Beat Back the Hackers, BusinessWeek claims "as Microsoft has toughened up its security, Adobe has become a more tempting prey."

In reality, it has little to do with improvements in Microsoft security - attackers moved to Adobe because attacks moved to the Web. Adobe Flash and Adobe Reader (PDF) are ubiquitous Web-enabling apps and Adobe's lack of security in their product line has made it painfully easy for these attacks to succeed.

According to survey results from Competitive Edge Research, Mac users are as prone to phishing attacks as are PC users. Unfortunately, the report concluded that "most cybercrime losses are caused by phishing attacks" - a finding that might be erroneous at best. Perhaps a more accurate conclusion would be that most quantifiable reports of losses are the result of phishing. In any event, it does serve as a good reminder that  scams are a universal problem - they target the person directly and not the operating system.

Sunbelt Software is warning of a new phishing scam, this one targeting Apple MobileMe users. The bogus email masquerades as a subscription expiration from Apple's MobileMe service.  The phishing scam uses a spoofed From address of Mobile IDisk [noreply01@me.com] [mailto:noreply01@me.com].

A copy of the MobileMe phishing email is available on the Sunbelt blog.

Research from the University of New South Wales indicates one defenses against email scams and phishing attacks may just be reading your email when you're feeling a bit down.

In the past few weeks, there have been a couple of worms targeted hacked iPhones. Nothing major and highly regional, but still a good wake up call. To spread, the worms take advantage of the default password on a jailbroken iPhone. If you decided to jailbreak your iPhone but have not changed the default passwords, you should definitely make sure you do that. Here are a couple of good resources to help you through the process:

The iPhone Hacking Kit, step by step (MacWorld)
Short and Sweet SSH Guide for the iPhone (Gizmodo)