The Astrotronix Galaxy Blog

Facebook Scam: Get FREE 520 Facebook Credits

2010-08-06T06:16:00.000-07:00

"Judy in disguise, well what you aiming for,
A circus of horrors, yeah, well that's what you are."
~ John Fred And His Playboy Band

As you read through Facebook, you find that people are posting this wonderful find:

FREE 520 FACEBOOK CREDITS FOR LIMITED TIME ONLY HURRY UP!!
(the website has been removed for security)

You think this is a great idea... Now you can get ahead on the Zynga Games (Farmville, MobWars, etc..) but this is not a so great idea.

This idea gives the 'creator' of this scam, access to your personal data, and also access to write on your wall.

First you click the link, and hurry to find what you need to do. Wow this must be legit, its got the Facebook logo, and it looks like I am on Facebook. STOP!, enlarge the following photo and take a look at the URL (the place where you type in your web pages to go to them) its not 'facbook.com' anymore, its now a 'claimnow.t35.com' no relation to Facebook.

(click to enlarge)

Yep Dorthy, your not in Kansas anymore, you were whisked away from Facebook leaving (in most cases) your account information within your browser cache, and your account wide open.

Lets go further, the first thing you need to do on this page is [ LIKE ] it. This is a big mistake, and starts the ball rolling for the train wreck. When you 'Like' something it appears on your wall for your friends to see. Your friends in return see that you 'like' this, and think its safe, and then follow you into also getting free Facebook credits.

But wait... there's more... the next step is you need to 'Share' this bogus find, so you need to allow this page (the bogus page) to POST on your wall.

So for the fun of trying to see where this scam takes us... I decided to complete the offers, and click the 'Step 3'

(click to enlarge)

I was given the warning I would have to wait 5 minutes after completing the offers before I would receive the credits... So I waited... 10 mins.... 20 mins... 30 mins... and still received the same message.

(click to enlarge)

I examined the website code, and found that the "Click Here" is just code (java-script) that creates a pop-up box with the same "error message" every time you click it, nothing else, no credits deposited, no nothing.

Now for those who fell for this scam, and want to unlike the page, you need to go to your Profile Page -> "Edit My Profile" -> "Likes & Interests" and then make sure to click "Show Other Pages", and you will see this Rouge Facebook Page:

(click to enlarge)

Click "Remove Page" and then [Close]. and the page is gone.

Also go back to your profile, and delete all the postings dealing with this subject from your Wall, to prevent others for falling for this Scam AND risking exposing their personal data.

You also will want to change your Facebook password to play it safe.

Anything that you need to [Like] before you view it (read, watch a movie, etc) is always up to no good... just skip it and move on.

Firefox 3.6.4: plugin-container.exe

2010-06-24T07:23:00.000-07:00

"Do ya, do ya want my face?..Do ya, do ya want my mind?..Do ya, do ya want my love?" ~Electric Light Orchestra

With the release of Firefox 3.6.4, they have included a seperate "container" to run plugins (Flash, etc) to allow Firefox to stay up and running, even though the plugin has crashed.

Right off the bat, since this new .exe will be taking charge of the plugin department of Firefox, it will require access to your network, so you will be prompted by your firewall that the program "plugin-container.exe" requires access to the net. At this time, it is a valid Mozilla process.

If and when your plug-in crash occurs, you will see this charming Lego man stating the plugin has crashed, and offers you to send a crash report:

Facebook: Video Phishing

2010-06-21T10:19:00.000-07:00

"Eminence front - It's a put-on..."
~The Who

Another Facebook threat that is now present, is Phising your Facebook account by tricking you that you need to login to Facebook (when you are already logged in) to view a video.

Example of Facebook Post:

(click to enlarge)

Other "titles" were dealing with a man hitting a woman (which the Phisher even replied to his own post), others (as like one above) are aimed towards World Cup Soccer using some unique video trying to entice your curiosity in hopes you will click it, and give up your info.

This method is known as 'TAB Spoofing' the link on Facebook to view the video will whisk you away to a second web site, which will execute code (JavaScript) to open a new TAB and then "push" you to a bogus Facebook site with the video.

You will then be asked to enter your Facebook user id and password before the video plays (the video is normally from YouTube, and is real unlike some of the video scams we have come across).

Then once the Phisher has your Facebook login and password, they will then create a post on your wall in attempts to lead your Facebook friends down the same path to Phish their Facebook account info...

This Phishing process will continue and spread like wild fire... but here is what you can do.

(1) - If you are prompted to enter your Facebook ID/Password when you click on a link, don't, this immediately should send up a red flag.

(2) - Make sure to have a good Anti-virus installed AND updated to the latest definitions, most Anti-viruses now have whats called a "Link Scanner" and will attempt to block if you click the link. I suggest "Avast Home Edition"... but you may also use AVG Free Home Edition. They BOTH have a Link scanner.

(3) - Most Facebook video posts are playable on your friends Wall (there is no need to go to another site to play them). If you do have to go off the Facebook path, pay attention to the lower
left corner to see where you will be going:

( click to enlarge )

(4) - If you find a suspicious link on your Friends wall, inform them via there NON Facebook email (remember the Phisher has access to their Facebook account now, if they are discovered they may just change the password of the victim), and have them change their password ASAP.

(5) - Use a NON Microsoft Windows browser ... such as Firefox, Opera, or Chrome. Internet Explorer is entwined into the Microsoft OS, which makes it easier for malicious code to be executed and run on your system without your knowledge.

SPAM Scam: Twitter

2010-06-09T06:31:00.000-07:00

This little Spam scam for Twitter has been making its rounds lately. You will receive an email like the one below, stating you have messages, and if you have images enabled, you may see a some rejected Hooters material under it.

As you guessed, its just a way to validate if your email is active or not (so you can yet receive more spam), and then you are pushed to one of those "Canadian Pharmacy" online stores.

So do not click the link, its not officially from Twitter, and mark it as junk.

Privacy Changes: Yahoo

2010-06-08T06:40:00.000-07:00

"When I'm calling you...Oo-Oo-Oo, Oo-Oo-Oo..Will you answer too?...Oo-Oo-Oo-Oo"
~Slim Whitman

Following in the footsteps of Facebook, Yahoo now has decided to let all their user data to just all hang out unless the user has opted out.

So you will want to decide if you want your information shared or not, and then log into your Yahoo account.

When you first log in, you are greeted with the first of two screens to ask you if you want to share or not:

(click to enlarge)

Then the second of the two screens. You do not have to fill this out, you may leave this blank and click [Next].

(click to enlarge)

Then you want to go to your profile settings page: http://pulse.yahoo.com/y/settings

And then click on "Manage privacy settings", and then you wind up with a window:

(click to enlarge)

It is up to you what you want and don't want to share using this window.

That concludes the "101" privacy settings for Yahoo, unless they are like Facebook and decide to change them on a monthly basis.

Phisher - American Express

2010-06-08T06:26:00.000-07:00

"Twice as Hard, As it was the first time, I said goodbye..."
~The Black Crowes

Remember if you receive ANY email stating there was a security change, NEVER click on and follow the link. Instead load up your Internet Browser (Firefox, Opera, Internet Explorer, etc), and then manually log into the web site.

If there was a "change" you will be notified, and if always in doubt, call Customer Support of the site that is having the "change", and verify.

In this example below, Phishers fired out all sorts of emails using various names to our domain trying to "reel" one in to give up the information they wanted.

As you can see Thunderbird marked it as 'junk' (as well with the other 30 emails that the phisher fired off to us with various names such as "john", "pete", etc).

Phishers will also go as far as attaching a program stating you need to run it to "update" your computer to meet their security requirements. The attachments arrive as .exe or .zip attachments.

As a result, they will infect your computer with a Trojan or KeyLogger in attempts to monitor your keystrokes to get your passwords, etc or actually create a "backdoor" to log into your computer.

NEVER execute any attachments in email, especially for ANY security updates (that is from banks, email pages, Microsoft, etc). No company sends out "update" programs in email.

2010-05-07T06:56:00.000-07:00

"Judy in disguise, well what you aiming for,
A circus of horrors, yeah, well that's what you are."
~John Fred & His Playboy Band

For you iTune shoppers, this is a nice email to receive, you
have a $50 gift card waiting for you... all you need to do is
execute the attachment for your code.

Actually, it is a code alright, a virus code...to infect your
system (confirmed by my Avast as Thunderbird was
receiving it.. stopped it dead in its tracks).

The above email was sent from IP "78.147.218.213" they
tried to masqurade their return address as
"mail.romancestories.com". But in reality it was traced back
to RIPE Network Coordination Centre in Amsterdam (NL).

While we're on the subject of iTunes, you should look into purchasing
music from AmazonMP3.com, here are the benefits:

01. Right off the bat, no DRM (Digital Rights Management), so you don't have to register your MP3 player with Apple, and tell it what your playing on it. Nor do you have to an MP3 that supports DRM (you can use ANY MP3 Player two years old, five years old).

02. Better encoded music, AmazonMP3 encodes all their tunes at 256 KBps... while Apple and its DRM is limited to 128 KBps... sure they have higher KBps, but its only for music that's not popular, you know the CDs that wind up in the "low low low discount bins at Record Stores).

03. The prices are the same if not lower on some of the individual music tracks and albums.

04. You can use any program or "drag & drop" your Amazon music onto your Device, so you don't need iTunes, Windows Media player, etc, to put your tunes on, or take them off your device.

Phishing: PNC Bank

2010-03-31T12:26:00.000-07:00

"Broken words never meant to be spoken, Everything is broken."
~Bob Dylan

And this is a prime example of a "n00b" Phisher, in attempts to separate you and your financial info. This one disguised themselves as a PNC Bank official email:

(Click to enlarge)

And upon clicking the link, you get a SQL error. I guess they didn't know enough SQL to get their Phishing scheme off the ground. Oh well at least this attempted scheme is logged.

(Click to enlarge)

As stated before, if you get emails such as this, ALWAYS contact your Financial Institution and consult them of the content in the email (new demos, account issues, etc). NEVER click the link and provide any info.

Rogue Antivirus: Antivirus 2010

2010-03-08T09:32:00.000-08:00

"You're as cold as ice...."
-Foreigner

Its 2010, and the same scum who have brought you Antivirus 2007, 2008, 2009 variants are pleased to bring you a whole list of rouge variants for 2010 to a PC near you.

Right off the bat, Avast! and AVG will not detect this (yet).

So to begin, here are a few samples what to look out for in case you are infected:

The "Rogue Shield", this is a new icon that appears in your systray:

Anti-virus 2010:

Internet Security 2010:

Vista Antivirus Pro 2010:

Windows 7 Internet Security 2010:

Symptoms:

A process called 'av.exe' will attempt will want to access the network. IF your firewall detects this and prompts you for access, deny it.

Everything you attempt to launch, will be informed its infected, and bogus scanners will pop up and pretend to scan your PC and results will go through the roof. Its the Rouge software using "scareware" tactics into getting you to purchase the full version (btw the registered version is bogus, it will not remove anything, it is a scam, do not purchase or provide ANY info or credit card info!)

Okay, Your Infected, take a deep breath and here's how to fix:
updated: 20100308

01. Disconnect your PC from the network (unplug the network cable from the back)

02. Reboot into safe mode (Press [F8] before the Windows logo displays and after post).

03. On another "Clean PC" download the following files:

Malware Bytes:
http://www.filehippo.com/download_malwarebytes_anti_malware

Malware Bytes Def File:
http://mbam.malwarebytes.org/database/mbam-rules.exe

EXEFIX - XP (you will use this later if needed):
http://www.winhelponline.com/exefix_xp.com

04. Copy both files from above to a USB drive.

05. Plug the USB drive into the infected system,

06. Install Malware Bytes program first, do not allow it to reboot your computer.

07. Install the malwarebytes def update (double click "mbam-rules.exe" and click [Next] through the install until it finishes).

08. Run Mwalware Bytes, if program does not load, you may need to rename the .exe to something different (aka 1234.exe), then attempt to execute the newly renamed file.

09. Once in Malware bytes, click on [Scan] and and allow to scan your system.

10. Wait for Malware Bytes to finish, and click [Remove Selected]

11. Wait for Malware Bytes to attempt to remove the infection(s).

12. Malware Bytes will then state it needs to reboot the PC, allow it to do so at this time.

13. When you reboot go back into 'Safe Mode' (press [F8] before Windows logo).

If you are running XP, you may find you can not double click on MB's icon to start it up and peform another scan. XP may warn that it can not open '.exe' files and gives you a list of programs to choose from. Click [Cancel].

Now go back to your USB drive, and double click on 'exefix_xp.com' and click [Ok]. This will fix the registry issue that our "2010" variaent broke when it installed.

You will now be able to launch MB and perform another scan to assure things are clean.

Once clean go on to step 16.

16. Reboot, and allow to come up in "Normal" mode.

17. Review the system for any "2010" pop-ups, and assure the bogus "2010" shield is not in your system tray (see atop of doc for "Rogue Shield").

18. Launch Malware Bytes and do another scan and allow it to clean up and reboot your PC if needed.

19. After running Mawlare Bytes and getting an "all clear" its time to install and or update Spybot Search & Destroy to get "a second opinion".

Filehippo: Spybot Search & Destroy
http://www.filehippo.com/download_spybot_search_destroy/

Spybot Search & Destroy: Def Updates:
http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe

If you have SS&D installed, then just manually run the updates above, and run a scan.

If you do not have SS&D installed, run through this official tutorial from SS&D's site:

http://www.safer-networking.org/en/tutorial/index.html

In additional to this, you may want to download and run "Ccelaner" to clean up all your temp spaces from anything that may still be around from your infection.

CCLeaner
http://www.piriform.com/ccleaner/download/slim

Infection: Web Mail Security Settings Updated

2010-01-07T07:07:00.000-08:00

You get an email like the following stating there have been security changes to your email account. These come in all the time for various web bases email systems (hotmail, yahoo, outlook express web mail, etc. also if you are wondering the screen shot is from Thunderbird 3):

(click to enlarge)

So I copied the link, and went to the page to do some research, and this one is an Outlook Web Access (bogus) page. Prompting me to download the "settings-file.exe" (which Avast! immediately caught even before I coult click the download button and stated it was a Trojan).

(click to enlarge)

Rules of road...

If you get an email like this stating there were security settings applied to your email account, do not click on the link in the email. Instead manually log into the web site with the address you know, if there are any you will then be prompted.

At least 80% of these "Email Security Update Mails" are bogus, coming from the scum that have nothing better to do then to cause misery for others in attempts to steal account information.

Meanwhile, just mark this as junk, and keep moving forward.

Infection: Western Union Money Transfer

2010-01-06T09:03:00.000-08:00

"Western Union man
Bad news in his hand
Knocking at my door
Selling me the score.."
~The Five Americans

A new year, and the scum of the net are back with new ways (and old ways) to get into your PC, give up your personal info, etc.

This one came in several emails to our servers randomly taking shots at generated email addresses trying to get us to click on it and download there Trojan into one of our systems.

====================================================
From: westernunionresponse@mail.westernunion.com
Subject: Your Money Transfer Control Number
To: (you)

Dear customer,

Thank you for using the Western Union Money Transfer®.

Your money transfer has been authorized and is now available for pick up by the receiver.

Transfers to certain destinations may be subject to further delay or
additional restrictions.

TRANSACTION DETAILS:

Your Money Transfer Control Number [MTCN] is: 974757614

Please use this number for any inquiries.

Date of Order: Wed, 6 Jan 2010 11:58:48 -0500
Amount Sent: $4931.50

You can cancel this transfer by using the hyperlink below:

link removed

Thank you for using Western Union!
====================================================

After being warned by Thunderbird, Firefox AND Avast! that this was a scam, we wound up at this bogus page (all the images, text, etc stolen from the official Western Union site):

First red flag, the url, its not just "http://www.westernunion.com" it contains additional text (yht5trte.com.pl), the "yht5trte.com" is the domain name its kept on, while the ".pl" is the Internet country code from Poland.

When you click the "Cancel" button it verifies that your email is "active" (so you will get more of these wonderful scams), and then you are requested to download the "form" program to cancel the transaction.

This wonderful file (form.exe) will infect your PC with a Trojan to allow the hacker into your system.

For your reading pleasure, the Internet Country Codes, this is a major giveaway for most of these scams... bogus website.domain.countrycode:

http://www.learnthenet.com/english/html/85tldn.htm

Facebook: Your Info On A Search Engine!?

2009-12-15T07:10:00.000-08:00

"We better stop, hey, what's that sound
Everybody look what's going down"
~Buffalo Springfield

Another Facebook change sneaked under the covers, this one will automatically index all your info and make it available to search engines (Google, Yahoo, etc). This will allow anyone to view your info regardless if they are joined to Facebook or not.

I guess they decided to keep this change quiet, since the last one got them in some hot water with at least 90% of their users.

Any how, to correct another SNAFU from Facebook:

01. Go to Settings

02. Select "Privacy Settings"

03. Click on "Search"

04. Uncheck "Allow Indexing" (pictured below)

(click to enlarge)

You may want to also change "Facebook Search Results" to "Friends" or "Friends of Friends".

Facebook has changed this option to "Everyone" so this means if this is not changed, your Facebook Searches will be viewable by everyone on Facebook.

05. Click [Home] when completed (settings are automatically saved).

Facebook: Privacy Update 12/09/2009

2009-12-10T07:40:00.000-08:00

"You spin me right round, baby
Right round like a record, baby
Right round, round, round"
~Dead Or Alive

Facebook has made another wonderful SNAFU decision and changed your privacy settings causing concerns and making your private data public unless you make sure your privacy settings remain in place.

This blog is for those who were confused and or skipped this step when prompted by Facebook this morning to update their Privacy settings. Another "trick" that Facebook applies as an update, if you selected "Everyone" then your private items that were for "Friends Only" can now be seen by every user on Facebook.

If you did get this screen, make sure to select "Old Settings" for everything to keep your privacy settings how they were.

(click to enlarge)

01. Select your privacy settings from the Facebook toolbar:

02. Click "Profile Information"

(click to enlarge)

03. Click [Change Settings]

(click to enlarge)

You will then be prompted to enter your Faceook password. This is due to Facebook has now password protected your privacy settings. Enter your Facebook password and then click [Confirm].

(click to enlarge)

04. Make changes according to what you want:

"Friends Only" = Only YOUR friends... nobody else.
"Friends Of Friends" = Your Friends Friends, even if you did not Befriend them
"Everyone" = Everyone, Every user on Facebook

(click to enlarge)

05. Click [Back To Privacy] and then click on "Contact Information":

(click to enlarge)

06. Make changes according to what you want:

"Friends Only" = Only YOUR friends... nobody else.
"Friends Of Friends" = Your Friends Friends, even if you did not Befriend them
"Everyone" = Everyone, Every user on Facebook

(click to enlarge)

07. Click [Home] in the Facebook toolbar (your privacy settings will automatically save)

Have A Nice Day :)

Rougeware: Personal Security

2009-12-09T07:02:00.000-08:00

"Well I won't back down, no I won't back down, you can stand me up against the gates of Hell, but I won't back down."
~ Tom Petty & The Heartbreakers

This is a nasty variant of the aka "Security" Rougeware. Its called "Personal Security" and looks to be from the same scammers that create "Antivirus 2009, 2008, 2007, etc".

First off lets explain "Rougeware", this is software that is offered to you via web sites or advertising banners that state you have a problem with your computer, and they can fix it.

Once the software is downloaded and installed, it uses "smoke & mirrors" to trick you into thinking it found all the problems, and will remove them ONLY if you register the product.

In reality, registering the product does not help at all, after you pay your $40 (sometimes up to $80) to register it, the scammers just leave you $40 less, and a program that continues to infect your computer and even blocking certain programs from running.

Lets take a look at the signs of this variant...

The first window displayed on your desktop is the bogus security center. Its job is to trick you to think its Windows Security center, and that you have no virus protection.

DON'T CLICK ANY BUTTONS... Not even the [X] to close the Window!

(click to enlarge)

After the above is displayed, your then presented with yet another window that is pretending to scan your computer, and it miraculously finds lots of viruses, trojans, etc.

DON'T CLICK ANY BUTTONS... Not even the [X] to close the Window!

(click to enlarge)

During your use of the infected system you will see this window several times, attempting to trick you that you have 42 threats on your system, and it offers to remove them for you.

DON'T CLICK ANY BUTTONS... Not even the [X] to close the Window!

(click to enlarge)

Yet another window attempting to trick you to click its buttons to make you think you need to update your virus database...

DON'T CLICK ANY BUTTONS... Not even the [X] to close the Window!

(click to enlarge)

Okay, its busting time....

First disconnect your system from your network, internet, turn off your wifi. You do not want this system accessing any network while your cleaning up this infection. This variant will detect your cleaning it and will try to pull down more stuff to install on your system. Also if you click any of its buttons in its various windows, it will pull down more crap to remove.

01. On another clean computer, dowload the following:

Malware Bytes 1.42 (file hippo is safe to download from)
http://www.filehippo.com/download_malwarebytes_anti_malware/tech/

02. Copy the downloaded file to a USB drive.

03. Plug the USB drive containing the file into the infected system.

04. Install MalwareBytes (but uncheack "run now" and "update now).

05. Go to the folder containing the installed "Malware Bytes" and copy and rename the main .exe file-> "mbam.exe"... name it to something other then "Copy of mbam.exe". This infection will look for BOTH of these names, and kill the application as soon as its launched.

06. Double click on the copied/renamed .exe you just renamed.

07. Click on the [Scan] button to begin the scanning process, and wait.

(click to enlarge)

08. Once the scan process is completed, you will see that Malwarebytes has found some issues, click [OK] to continue.

(click to enlarge)

09. You will then see a list of all the infections (spyware, viruses, trojans) that Malware has found, then click on [Remove Selected] and wait. Malware will then state it needs to restart your computer... do not allow it.

(click to enlarge)

10. Now shutdown your PC completely, this variant will stay in RAM, this is why you do not want to perform a "warm" boot (aka just restarting your system).

11. Once your rebooted from a cold boot, repeat steps 06 through 10 again until you are clean.

12. After you have rebooted to a clean system, update Malwarebytes, and perform yet another scan of your system to make sure its clean.

13. I also recommend updating and running Spybot Search & Destory against the system, its always good to run them after each other sorta like a "second pair of eyes" to make sure things are properly cleaned up.

14. Procedure completed.

Here are results if you just perform a "warm" boot instead of a "cold" boot of your system, these screens were captured for the "Nortel Antivirs" which is Rougeware as well.

The "Blue Screen Of Spyware!?"

Before you thing majore issues are upon your system, stop and read what this is saying, its stating that your Rougeware is not yet registered. Scammers will pull out all the stops when trying to get your attention and hand over yout money for their scare tactics:

(click to enlarge)

Boot Screen of Infection:

Since the variant "lives" in the memory until you perform a "cold" boot, it can popup all over the place to get your attetion, scare and annoy you until no end. This is why its important to always do cold boots during the cleaning phase of your system:

(click to enlarge)

Phisher: American Express "New" Form

2009-12-06T06:43:00.000-08:00

"Whoohoo!..Whoohoo!"
~Blur ("song 2")

With Christmas (and NOT the "Holidays") right around the corner, Phishers will be on the attack trying everything they have to get you to willingly give up your financial information (credit cards, banks, etc).

This one has arrived at our domain today with six emails, addressed to various names in hoping to get a bite:

(click to enlarge)

Upon investigating the link (and being warned by Firefox this was registred as a site forgery), I was presented with this lovely page:

(click to enlarge)

Firs thing you will notice is Firefox warning you again about this site, and also the address is not that of American Express's web site (click to enlarge the photo).

As always, if you get a notification (exmail, txt message, etc) there is an issue with your account, ALWAYS call or manually log into your financial institution and verify the issue.

NEVER follow these links, call the phone numbers (in both email or txt message) and disclose any information.

In the meantime, mark these emails as 'junk' and delete them.

Vishing: Phishing With A Phone Number

2009-12-01T07:34:00.000-08:00

Vishing is a terminology of "Voice" and "Phishing".

The 'Visher' uses a set of comprimised phone numbers from a finanical instution, and then uses a computer to dial them using CallerID spoofing (yes Caller ID can be tricked to come from any number out there). Then if a person answers, they are warned there was an issue with their account (fruad activies, late payment, etc), and then are instructed to enter their account number, credit card number.

Once this occurs, then the Vishers' computer proceeds to ask them for more information regarding their account (pin, cid, expiration date of card, etc).

After this occurs, the person is just disconnected, and the Visher has the info they need to do what they want with.

Another form of Vishing is when you receive an email (like Phishing), you are notified as well there is an issue regarding your account, but to fix it you will need to dial the number in the email (hence no link provided) like in the example below:

Again the Visher is on the other end with their computer awaiting to take all of your information and walk away from the whole thing.

Steps To Help You Not To Become a Victim:

Vishing Phone Calls:

Just hang up if you suspect this is a fraud call (especially if they ask you for your account numbers as soon as you answer). Then call your bank's telephone number and find out if there is a problem or not. DO NOT give ANY information to the suspected Visher's call.

Vishing Email:

As always you call your financial institutions number they provide you and inquire if there is an issue with your account. DO NOT reply to the email, just delete it. If you reply this will indicate to the Visher "this is an active email account", which means more Vishing and more Junk Mail.

Smishing: Phishing Over Cell Phones

2009-12-01T07:15:00.001-08:00

Phishers have gone to a new low, and have started to Phish using SMS messaging (text messaging) on cell phones.

You get a message on your cell phone there are issues with your bank account, etc. and for you to call the "provided" 800 or 888 number to fix issues. Its a scare tactic and most people would immediately call to fix the issue with their bank account, credit card, etc. without giving a second thought of "is this for real?" or "is it a scam?".

When the person calls the provided number, the Phisher is on the other end to ask you and take down all your information. As they ask for everything (name, address, account info, ssn#).

Some Smishers will go to lengths to include a virus for phones that have Operating Systems (aka, Windows Mobile, etc) to infect your phone to do their bidding. This is the drawbacks of when cell phones become more and more like our computers they also bring in the same weaknesses.

Things to help you to prevent you from falling prey to this:

Delete the message if your uncertain about its origins.
Do not call the provided number on the text message. Call your bank, credit card co, etc and verify if there is a problem or not.
Do not open/execute the attachment on the text message

Trojan: H1N1 Government Profile

2009-12-01T06:55:00.000-08:00

"Well, I was feelin' so bad, asked my family doctor 'bout what I had, I said, Doctor, Doctor, Mister M.D., can you tell me, what's ailing me?"
~Grateful Dead

As stated earlier, Phishers, Hackers, watch the headlines, and prey on the "popular" events taken place, and use that to scare people into infecting their own systems or giving up their own information at will.

This one comes in while America is on the edge of its seat with the hype in the media about the "H1N1 (Swine Flu)" scare.

First you get the email stating the Government wants anyone over the age of 18 to create a (lol) "H1N1 Profile" that they can track you with regardless if you get the shot or not:

(click to enlarge)

Then following the link from the email, I was taken to the bogus CDC page and presented to download my executable file (.exe) that will create my "H1N1 Profile":

(click to enlarge)

As a result, this file (vacc_profile.exe) is a small Trojan (128k), when executed, turns your PC over to the Hacker on the other end who created this whole bogus thing.

If you have any concerns or want to verify, head over to the offical site (http://www.cdc.gov) for the Centers for Disease Control And Prevention.

And as always... just mark this as junk and delete it.

Phishing: IRS Tax Refund

2009-11-30T12:55:00.001-08:00

As Christmas apporaches, so does the Phishers with there schemes to get your information. Preying on the less fortunate in hopes to part them with their identity information. Yeah
Phishers can be quite the scum of the Earth.

This one comes with a Tax Refund just in time for Christmas:

(click to enlarge)

The IRS will never email you that you have a refund.
Never follow links or disclose information for any shady links in emails.
Never execute any file attachments, even if they are questionable or stating there are issues with your bank account, etc. (Call your bank if you have a question or need to verify)

Just delete these types of emails stating or promising tax refunds, and as stated above if you have a problem or questions contact the IRS directly.

Phisher/Virus: Verizon Account Issues

2009-11-17T17:38:00.001-08:00

"Opaerator, oh will you help me place this call..."
~Jim Croce

Simple, the Phisher wishes to install the malicious Trojan included with this email to log or access your PC. This comes in as a "Scare" tatic to make you think you have an issue with your Verizon account (look for other variants of this email for AT&T, Sprint, etc).

Example of email:

(click to enlarge)

Just mark it as junk, and delete it.

Phisher/Trojan: Facebook Account Agreement

2009-11-06T08:24:00.000-08:00

"I think it's time we stop, children, what's that sound Everybody look what's going down.." ~Buffalo Springfield

They're at it again...just delete these FB account updates, agreement letters, etc.

IF you suspect an issue with your Facebook account, directly log into Facebook (by typing the address or using your bookmark) and if there is an issue you will see it.

This is a new level of the Facebook Account (agreement, maintenance, update, etc) scam that has been hitting our domain within the last two weeks. They have been randomly generating email addresses at our domain in hopes to get a "bite".

And here is the "latest" FB Phishing Email (w/infected file):

=========================================================
Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit
a new, updated account agreement, regardless of their original
account start date.

Accounts that do not submit the updated account agreement by the
deadline will have restricted.

Please unzip the attached file and run "agreement.exe" by
double-clicking it.

Thanks,
The Facebook Team

Confirmation Code #: 4064963621083
=========================================================

And here is the Trojan that came in with the email above:

(click to enlarge)

The Trojan is NOT active, unless you double click on it.... so just delete the email or allow your Antivirus delete the email for you.

TIP: Firefox Addon: - AdBlock Plus

2009-11-05T09:58:00.000-08:00

"Sign Sign everywhere a sign, blocking out the scenery breaking my mind." ~The Five Man Electrical Band

AdBlock Plus a 'must' have add-on for Firefox. It gives you back control what you view in your browser. It simply allows you to block the downloading of Advertisements on web sites.

Some sites go a bit overboard with the Ads, fitting as many as they can in the page, sometimes the Ads are very deceiving by promising you Cash, Credit Scores, Cars, etc...all with of course a catch of some sort.

And think of the bandwith, and time that is taken for them to download and display on your your browser. A few ads here and there on one web page can add up, and some tend to "follow" you throughout your journey of the web site. Each page you vist on the site is chocked full of Ads.

First download the "AdBlock Plus" add-on for Firefox. If you do not have Firefox yet, I highly recommend doing so and take back surfing the Net your way and a secure way.

Once you have Ad Block installed you can either head to each site, and then click the Stop Sign at the top of Firefox that reads "ABP" this is AdBlock Plus. In the "Search" field, look for the following items

Hulu:

http://b.scorecardresearch.com/
http://googleads.g.doubleclick.net/
http://ads.hulu.com/

And then add them into ABP, you will wind up with a 10 second ad that states Ads could not be loaded:

(click to enlarge)

This may work for a while until Hulu changes there Ad Servers. Then you should be able to update your ABP by

YouTube:

http://ad-g.doubleclick.net/
http://ad.doubleclick.net/
http://pagead2.googlesyndication.com/pagead/

This will block the annoying movie "Ads" that appear on the front page of YouTube, and ads that appear throughout the YouTube pages. And most of all the Ads appear at the bottom of some of the YouTube videos.

Before:

(click to enlarge)

After:

(click to enlarge)

Social Networks (Facebook, MySpace, Digg)

These take ads a bit differently...but they can be blocked with yet another Addon named "Greasemonkey" and a few choice Greasemonkey Scripts (we'll cover that in another entry).

I'll post more ABP filters as I find them, until then if your not using Firefox... you may want to start considering it.

Phisher: Facebook Tool

2009-10-28T08:53:00.001-07:00

"I put a spell on you..... because your mine!"
~'Screaming' Jay Hawkins

As Facebook goes through some cosmetic changes it gives Phishers some good ammunition to fire off some Phishing emails in attempts to obtain your Facebook account.

Several of these came in this afternoon firing off random names trying to get a "bite":

(click to enlarge)

As stated before if you suspect fraud, manually log into your account (aka load up your browser and type the website, etc...DO NOT use the email to log in!) and if there is an issue you will be prompted. Phishers often prey on Facebook, MySpace, Hotmail, G-Mail, etc.

This one was last tracked back to Brazil: 201.22.71.128.dynamic.adsl.gvt.net.br

Just delete it, and keep an eye out for any emails that request you for your personal information and provide a link to log you in. Because 90% of these emails are Phishers.

So I decided to copy the first part of the URL in the email (without the email reference), and step into the Darkside of this Phisher scam.

...but first warned by Firefox that this site was reported as forgery (this is why you should be using Firefox for your web surfing. If your not using Firefox, you may want to consider it.):

After clicking "ignore this message", I was then greeted by the bogus Facebook page, notice the address in the address bar, and I was able to log in as using any user name with any password (most folks would think their logging into FB, and this is when your Username / Password are then "Phished" from you):

I was then taken to a screen where I was presented with a file to download and run on my PC to "update" my account. We all know the end of this story..your Facebook account is compromised and your left with an infected PC.

Don't click on any links in emails which they want you to update your account.
If in doubt, manually log into the web page (load up browser, type the web address)
Stop using Internet Explorer... Use Firefox. Internet Explorer did not give me any warning where I was going or about to do.

Scam: Test And Keep The...Laptop, Camera, etc

2009-10-26T09:18:00.000-07:00

"I'm waiting for my man..Twenty-six dollars in my hand"
~David Bowie

Right off the bat... you're not going to get the laptop, ipod, camera, xbox, etc.

This is an 'eye candy' ad in your email to reel you in to be taken for a ride to the town of Debt.

(click to enlarge the eye candy)

Here is the legal mumbo-jumbo. You will notice right off the bat
that they are not afiliated with any company in the picture (FedEx, Dell, etc),
so this is another clear inidcation... this offer is a scam.

(click to enlarge the mumbo jumbo)

And by the way do not click the unsubscribe, or use the link provided to go to there site, its another way for them to verify your email is "valid" and send you yet more junk like this.

Now here is kinda in a nutshell how these things work...

A small company or individuals are PAID to obtain sign ups for credit cards, memberships, etc. (from other marketing companies). The credit card offers are normally a fee based credit card (aka you pay the credit card company to use their card, on a monthly or yearly basis... highway robbery at its finest...). The Movie memberships are monthly based (Netflix, etc).

So they throw out there hook and line (aka email) and put some bait on it (nice pretty picture of a laptop, camera, etc), and wait for people to start biting at it.

Once they get a bite, they reel them in, and start requesting a lot of personal information.

They first request your email address, and then they will request your street or po box address "where to ship your test/free product to". They may even as you for your phone number...(this is for the telemarketers they will send on to you). This is legal, remember your willingly giving your personal information to them.

Once they have that, then they will request you fill out various offers to be eligible to test the laptop, camera, etc your going to keep. So you will find lots of credit card applications (with low APR rates, guaranteed to shoot sky high), Memberships to CD clubs, Movie Rental companies, etc. The list goes on and on...

Mean while these scamming companies have your personal address, so they can now start swamping your mailbox full of junk, the army of telemarketers will begin calling you, your email inbox will be full of junk before the day is through.

And if you had signed up, they now get paid because you signed up using them as a "reference", and they walk away, and you are left with..."yeah the laptop is in the mail..."

As found through various posts of people who have been reeled in by these types of scams, they have waited for months, and never seen a product. Instead they have been paying money for
memberships, and paying for fee based credit cards on a monthly basis.

Your best bet...

Just mark these ads as 'junk' and delete them.
Start saving your money and go buy your own item, without any middle man involved. The amount of money you will loose by these gimmicks you could by yourself a nice laptop, camera, music player, etc.

Other screen grabs during my investigation...

(click to enlarge)

The personal info gathering page..

(click to enlarge)

Two offers for you to be granted to be a test on a laptop this scam company has no relations to the company who will give it to you, and the shipper (FexEx) that will deliver it to you for free... wow... good thing I used a global email address... ;)

Scam: Confirm / Your Order Has Now Shipped

2009-10-26T08:55:00.000-07:00

Scammers are trying desperately to get "verified" email addresses so they can continue to spam them and or sell them to other spammers to make a profit.

So they send fake "order confirmations" to get you to click on malicious links in your email to have you confirm your address is a "live" address. In hopes to "scare" folks into thinking they ordered something they didn't.

And when the unsuspecting user clicks on the link to look at the order information, their email gets "verified" as working, and they are normally taken to a spam sits (Vigara, Canadian pills, etc).

[Example]=================================================

To: youremail@mail.com
Subject: Order Shipped -- Order #07925

We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to ...link removed..., click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.

Or unsubscribe at ...link removed....

Privacy Statement | Terms & Conditions | Contact

AMAZON Ltd.
Tower Bridge Business Complex. Unit 7, B439. 051 Clements Road. London. SE87 6DG

© 2009 AMAZON, Ltd. All Rights Reserved
==========================================================

It is not officially from Amazon for starters. They use the "same" email body and just give it different headers. Such as an email with the subject of "Sales Order from walmart.com" which is not even closely afflilated with Amazon.com

Also you are not "subscribed" to anything, its another gimick to get you to click it to verify your email address is active.

And last the "can't see the pictures?" is a new ploy to get you to click and verify your email address is valid. There are no pictures, when you click it your transported to what ever spam they are trying to sell (Viagra, Canadian Pills, etc).

If you are even in doubt about orders from WalMart, Amazon, etc. Do not click any links in these emails, instead log into Amazon manually and check your orders.

As for these email scams, mark it as junk and trash it.

Virus: Microsoft pack

2009-10-19T17:46:00.000-07:00

And the Scammers continue to try to get you to install their Viruses/Trojans on your PC.

Example of Email ]==========================================

Subject: Conflicker.B Infection Alert
Date: Mon, 19 Oct 2009 08:26:52 -0300
From: Microsoft Windows Agent
To:

Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft
customers unusually rapidly. Microsoft has been advised by your
Internet provider that your network is infected.

To counteract further spread we advise removing the infection
using an antispyware program. We are supplying all effected
Windows Users with a free system scan in order to clean any
files infected by the virus.

Please install attached file to start the scan. The process
takes under a minute and will prevent your files from being
compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

File Attachment: install.zip

==================================================

Always consider the following:

Microsoft WILL NEVER email you any patches or executable software.
Your ISP will never email Microsoft concerning your network or infected PC

The attachment will install a virus/trojan on your PC...DO NOT INSTALL!

Just mark it as junk and delete.

Phishing: New wave of scams...

2009-10-15T07:28:00.000-07:00

A new wave of email account phishing scams are about. For owners of their own domans, they appear to be official from your domain hosting provider.

For email accounts, they will attempt to gain access to your hotmail, yahoo, etc. email accounts.

Example of one for owners of domains looks something like this:

=======================================================
Dear user of the mydomain.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (user@mydomain.com) settings were changed In order to apply the new set of settings click on the following link:

http://mydomain.com/owa/service_directory/settings.php?email=user@mydomain.com&from=user@mydomain.com&fromname=user

Best regards, mydomain.com Technical Support.

=======================================================

Lets take a look at a few of these "read flags" that you should be aware of.

The Masqueraded Link:

But if you hover over the link itself, it is masqueraded, and in Thunderbird you immediately see the real link at the bottom of the pane, and it reads:

http://mydomain.com.nerrasssy.co.uk/owa/service_directory/settings.php?email=user@mydomain.com&from=mydomain.com&fromname=user

This is a server over in the United Kingdom hosting this bogus Phisher page waiting for you to log in and give up your personal information.

Invalid User Names on your Domain:

Also another key factor, they do not have a valid user name from your domain. Instead they may have "usernamell@mydomain.com" or "littlejohn@mydomain.com". Which you can immediately see that is bogus.

And a golden rule... never click on the link in an email that states there is a issue with

Bank Account
Credit Card Accounts
ATM Accounts
Mail Service Delivering A Package (UPS, USPS, FedEx, etc)
Email Account
Personal Web Domain Issues, or Service Updates

And begin entering your personal information.

If in doubt, manually log in (aka type in the web page for your email, such as Hotmail, Yahoo Mail, Google, etc) and log in to see if you have an issue.

With Banks, Credit Cards, etc, you may login by typing in the known address of your financial institution or calling their support center and verifying issues.

With the Postal Service emails, these normally contain an executable file (.zip format) and state to execute it to print a ticket why they could not deliver the package to your house. These attachments are Trojans or Viruses to infect your system.... do not execute.

First off if there was an issue delivering your package, most postal services will leave a tag of some sort stating they could not deliver it and will make another attempt the following day, they will never email you.

With Domains, always contact the service provider directly and verify with their help desk if there is an issue (email or call them).

Rouge: SWP2009 Demo.com

2009-10-08T12:59:00.000-07:00

I just encountered this one this afternoon... lots of Pornsites launched through Internet Explorer, and lots of warnings of Viruses, Trojans, etc. And of course the "We'll remove all this nasty stuff for you if you purchase the full version..."

This is yet another variant of rouge Antivius that infects your computer and tries to pass itself off as a saviour to remove your problems (it put on your PC in the first place).

If you find yourself infected with this nasty Malware do the following:

* Disconnect your PC from the Internet (it will keep pulling down crap while your connected)

* On another "CLEAN" PC, download MalwareBytes and its def file. And rename both of them to some oddball name. This malware will attempt to detect the installer by their standard names and state they are infected (the Scareware part of this ordeal).

* Burn Malware and its def file to a CD, and attempt to install on the infected PC.

* Go into the install directory, and rename the 'mbm.exe' to yet another oddball name (again this looks for Malwarebytes and Spybots "standard" .exe names).

* Launch the "oddball" named Malware executable, and fire off a scan.

This is the standard procs and files associated with the "SWP2009 Demo.com" variant:

(click to enlarge)

Malware Bytes: Program
http://www.malwarebytes.org

Malware Bytes: Def File
http://mbam.malwarebytes.org/database/mbam-rules.exe

Scam: Low Priced Software

2009-10-07T14:08:00.000-07:00

"You Can't Always Get What You Want..."
~The Rolling Stones

Interesting emails from scammers coming out since Windows 7 is about to be released.

They promise a "low" price for Windows 7, along with other "new" software (that is due to be released soon)..but some how they "magically" have the retail version.

Yeah, you guessed it, a big scam. The only thing you are going to get from these scammers, is a bogus software file (most likely a virus or trojan), and your credit card info stolen from you.

Example of email received:

==========================================================

From: "Nigel Cuevas"
To:
Subject: Need Good Software? Ask Us For Help.
Date: Thu, 8 Oct 2009 05:13:14

Install the new Windows 7 Ultimate NOW!

This operational system has become familiar
to all the computer users recently.

Windows 7 Ultimate gives you everything that
you need for a fast and effective work of your
computer or a laptop. Feel free to create your
personal home network with Windows 7 Ultimate
operational systems and share your pictures,
videos, music etc. in seconds. Widows 7
Ultimate system gives a wide range of new
features that are no available in any other
operational systems. Once you installed it to
your computer you will even get a chance to
watch TV channels for free.

Buying Windows 7 Ultimate NOW, you will make
sure that your personal data will be secured
as this operational system owns the highest
security level then ever.

You can get all this for only $99.95 at Windows 7
Ultimate site while the retail price for this
unique operational system is $399.99. This way
you save up to $300 and there is no need for
you to leave your home and visit computer shops
to buy it. As you can buy it through the internet
right now.

Visit us right now to get your Windows 7 Ultimate
today or look through the other software that is
presented at our site. Only in our online software
shop you will easily get:

* Windows XP Professional with Service Pack 3 for $59.95
* Adobe Photoshop CS4 Extended for MAC for $119.95
* Office Enterprise 2007 for $79.95

And many other software products as well. Visit
Windows 7 Ultimate site now and get your software!

==========================================================

Right off the bat, Windows 7 hasn't been released yet, not out until 10/22/2009. However there is a 'beta' (pre-release test version) out, that Microsoft has discontinued support on and revoked all "windows keys" from. This version was offered to beta testers for free until the retail version was ready to ship.

Also, they claim all their software (such as Windows 7) is down loadable. Upon checking this out, I found the software in .zip files. With any installable Operating System (such as Windows), you will need a bootable CD to install it. Or at least a very large .iso file (you can burn .iso files to CDs and DVDs), but there is no mention of .iso files or what to do with the software once you download it.

I traced back the originating IP address (61.252.113.254) and not only is it from Republic of Korea, but also on a vast majority of known spammers lists.

Just mark it as junk and delete it.

Cleanup Tip: Compacting Email Mailboxes

2009-09-30T08:22:00.000-07:00

You have been getting email for years now, and you rarely delete any emails (well except for the junk mail). And suddenly your system and email client seem to be slowing down, and its now taking a few minutes to get your mail. And once in a while your email client seems to "lock up" when you try to move or delete a message.

Its time to compact your mailboxes....

Compacting mailboxes is one step to take to clean up your mailboxes, and assure they are not wasting 'empty' space on your system.

Also compacting your mailboxes will improve your email client's performance (henc instead of reading a 4 GB file, it now working with a 1 GB file).

Here is how:

MOZILLA THUNDERBIRD

01. Click on your mailbox (aka Local Folders)
02. Click 'File'-> 'Compact Folders'

Depending on the original size of your mailbox
this may take some time.

03. Wait for 'Compaction

OUTLOOK 2003:

01. Click 'File' -> 'Data File Management'
02. Click on first mailbox, and click [Settings]
03. Click [Compact Now]

Depending on the original size of your mailbox
this may take some time.

04. Wait for the 'Compacting...' message to disapear
05. Click [ok] and then [close]
06. Procedure completed.

Here is a Outlook mailbox that was never compacted. It took about 2.5 hours to complete the compacting:

Outlook.pst "Before" Compacting (4 GB file yikes! no wonder Outlook was running slow)

Outlook.pst "After" compacting (the 4 GB is now down to 1.3 GB)

OUTLOOK EXPRESS:

01. Click 'File'-> 'Folder'
02. Click on 'Compact All Folders'

Depending on the original size of your mailbox
this may take some time.

03. Wait for completion of task.
04. Procedure completed.

SPAM: 'Blocked' or 'Locked' Images in Email

2009-09-24T06:27:00.000-07:00

Lately there have been several emails coming from Spammers that state images are "blocked" or "loccked" and to view them click the link. Here is an example:

This is just another way for Spammers to verify your email is active, so they can continue to send you more spam, and maybe even sell your "active" email to other spammers for cash.

Simply, do not click ANY links in this emai (unsubscribe, service disclaimer, contact us, etc), they all are set to the same program to let the spammer know your email is "active".

Just mark it junk and delete it.

ISSUE: MalwareBytes Installed But Will Not Run

2009-09-03T13:00:00.000-07:00

"Extreme ways they help me, They help me out late at night."
~Moby ('Extreme Ways')

You have an infected PC, and you installed Malwarebytes and are unable to run it.

Some Spyware/Virus writers caught on, and have coded the process names into their code which look and kill the processes before they get a chance to start that would end up defeating their spyware or virus.

You can easily combat this, by simply copying the 'program_name.exe' and rename the copy to something really off the wall that the writers would not be able to look for in their code.

Something like '12346mb.exe' is a start. Some will look for the program name of "Copy of program.exe", so just avoid using this name for the renamed program.

Rougeware: Advanced Virus Remover

2009-09-02T10:26:00.000-07:00

Rouge Software Preventive Tips:

* DO NOT trust any pops ups that claim your systems is infected, or prompting you to download and install a AntiVirus/Spyware tool. If you think you are infected, seek help, or go to an official site (AVG, Avast!, McAfee, Symantec, NOD32) site and download either a free home version or demo.

* Invest into a good firewall, install it, AND review what its telling you. #1 mistake people make with firewalls, they just click [yes] to get out to the net or get their game or application working, this defeats the purpose of the firewall. I highly recommend "Sygate Personal Firewall", its user friendly, it tells you everything that is happening, and its free, so there are no excuses not to go download it and install it!

Now for the removal of "Advanced Virus Remover":

First off... ALWAYS backup your data... its infections like these that sometimes you may never get your system back and have to blow everything away.

OK, you may notice the pornographic icons on your desktop to adult sites (don't click them). Then you will begin receiving messages from he rouge software that your infected, and you MUST purchase the full version to remove the viruses (don't click these either).

Internet Explorer will also start failing.

Here is system that's infected with the Advanced Virus Remover:

(click for larger image of example)

** Don't reboot, this software disables your 'Safemode' **

Immediately fire off a system scan with AVG for now and allow it to detect.

** If you get a popup requesting to register, or click [Ok]... DON'T! **

(click for larger image of example)

This will tell this infection to go out and download MORE infections to your PC. Instead just move the pop-ups out of the way so you can get to AVG. Because even if you click the [X] on the pop-up, it will still go out and and grab more stuff (aka 'no' is not an option to this software).

AVG will be unable to remove two threats, and will require a system reboot, allow it to do so.

When the system returns, re-scan with AVG to see if all infected items have been removed.

Then scan with MalwareBytes followed by Spybot Search & Destroy.

Scanning times will vary depending on how much data you have on your system.

By this time, your system should be clean, if not then you may have other infections you will need to research to remove and start looking for recovery disks and pray that your data is backed up.

Virus: 'Reader_s.exe'

2009-08-31T13:53:00.000-07:00

Dr Ray Stantz: Venkman? I saw it, I saw it, I saw it.
Dr. Peter Venkman: It's right here, Ray. It's... looking at me.
Dr Ray Stantz: He's an ugly little spud, isn't he?
Dr. Peter Venkman: I think he can hear you, Ray.
~Ghostbusters (1984)

Before anything... yes this is a very bad virus, you are looking at full system rebuild at this time. of this Document. No Antivirus company has been able to successfully REMOVE the virus, only detect it and say "yep... you have it" at the time of this document.

I have battled this virus for four days, and took notes what I did. I have read many of posts how people have combated the virus, and they all boiled down to .. full system re-build.

The author of this virus should be hunted down by a lynch mob and beaten severely with the big metal IBM keyboards of years gone by.

This virus will infect every .html / .htm file on your system. This includes all "help" files (Windows, Firefox, Quicken, etc). Your virus vault may reach capacity with the infected files as such with AVG (filled it up with 1,700 infected .html files)

So far no major Anti-virus products can remove it, and the stand alone 'Virut' detectors/removers only detect it and kill the process. It returns on the next reboot (most Virut detectors require a reboot after it detects the virus to remove it). It comes right back as soon as you reboot your PC.

To get rid of this nasty virus, you will need to completely remove your partitions and recreate them again. So hopefully you have good backups of your data off your system.

Now we start....

Virus Family Tree: win32/Virut

Processes associated with this threat:

reader_s.exe
yourusername.exe
winlogon.exe (an altered version by the hacker)

Synopses:

You will first notice that your virus checker will begin stating that all .html files are now infected, and a process 'winlogon.exe.' is attempting to connect to something out on the Internet (this is why everyone should be running a firewall!).

At this time, just formatting your partition will not work, the virus lives within the boot sectors of the partition, and remains there even AFTER you have formatted and attempted to re-install Windows.

It does not come back right away, but comes back within 30 mins after a network connection is connected to your PC. This is when you will see 'winlogon.exe' makes an attempt to connect to a 91.xxx.xxx IP address. Its attempting to break out, and download more harmful items to infect your system.

What to do...

First.... disconnect your system from the network!

Second... DO NOT use USB drives on the infected system with Windows booted, they may become infected and transfer the infection to other systems. A few $0.10 CDRs vs. Another Infected System...you decide.

So far I have encountered this and dealt with this only on a Windows XP box, so the following method is for Windows XP at this time:

On ANOTHER PC (aka Not Infected!):

* Download and burn the ISO of 'G-Parted' from:
http://gparted.sourceforge.net

* Download a copy of Avast!:
http://www.avast.com/

* Download a copy of Sygate Firewall:
http://www.tucows.com/preview/213160

Burn 'Avast!' and 'Sygate' onto a CDR....(or CD-RW)

You want to use CD/DVD ROM's during this recovery, and not USB drives, they may become infected and you may risk infecting your other systems.

Grab your copy of G-Parted, and Windows Install CD, and get ready for a rebuild.

This Virus also stays in memory, so no warm boots before deleting/creating your partitions and booting the Windows install CD.

What!?!! You don't / haven't backed your data up. :/

01. Download (on an uninfected PC): Knoppix Live DVD and burn to a DVD:

http://www.knopper.net/knoppix/index-en.html

02. Turn your infected PC off and let it sit for 2 mins, and then boot from the Knoppix DVD.

03. Once Knoppix has loaded, and you see your drives on the Knoppix desktop, plug in your USB drive.

This is not certifying your data is 100% recoverable, BUT its your only chance for recovery at this point.

04. Backup your data from C:\Documents and Settings\your name on to the USB drive, you
will want to inlcude from this path:

Favorites

My Documents (which will house My Pictures and My Music)

Using Mozilla Firefox and Thunderbird?:

Mozilla (the entire dir, this houses Firefox)

Thunderbird (the entire directory, if you use this email client)

Outlook Users:

C:\Documents and Settings\JLey\Local Settings\Application Data\Microsoft\Outlook

05. Once your data is backed up, shutdown the system and remove your USB drive and put it up in a safe place for now.

...now on with the show

Removal Instructions for Windows XP:

01. Shut system off, wait about 2 minutes.

02. Plug things in, turn on PC, load G-Parted from the LiveCD.

03. G-Parted: remove all partitions, create a 20 GB one for Windows for now.

04. Exit G-Parted, power PC down, wait 2 mins.

05. Power up, begin Windows Install.

Windows will copy the files to your system, and reboot your system. This is okay at this time for a "warm" boot. It will also perform another "Warm" boot during the final stages before going to the desktop.

The critical mistake I did first time around, was to warm boot from the Infected Windows OS, and format and reinstall Windows, the virus remained in the bootblock and ram waiting for its chance to strike.

06. After a successful install of Windows, install 'Avast!' anti-virus (yeah I know I'm an AVG fan, but Avast! will allow you to scan the boot blocks of the drives, so far AVG free will not). You may have to connect the PC to the Net for a few seconds to Avast! can grab the latest definitions to apply to itself (this is okay for now).

07. Install, and only allow Avast to connect to the Net and download its updates, then pull the plug on the network.

08. Then install Avast!, right click on the 'a' icon in system tray, and select "Start Avast! Antivirus".

At this time, Avast! will begin scanning your memory for issues, once completed, right click in tghe Avast! window, and select "Schedule Boot-Time Scan..." and reboot your system. And allow Avast! to do its job and scan everything you have installed thus far (this is why you just installed a "Vanilla" copy of Windows... short time to scan).

09. After PC boots, install Sygate firewall, reboot PC (yet again) and review processes that Sygate reports wants to access the Internet. (Windows XP Firewall is a joke, like having a screen door on a submarine...Win9x has no firewall to begin with). Sygate is FREE (no gimicks) and provides a simple yet secure interface allowing you what to let in/let out to the Internet.

Do not allow "winlogon.exe" to access the Internet if prompted by Sygate, this means your still infected. Review above steps to see what was missed.

Other then that monitor PC for at least 12 hours allowing it to be connected to the Internet to see if anything else prompts Sygate to connect.

10. After 12 hours have passed, and no infections, begin rebuilding your partitions and restore your data.

The reason why I use 12 hours, I did not see the virus right away, while it lurked in the bootblock until I connected to the net and about 5 hours later it popped right back when 'winlogon.exe' prompted Sygate to access the Internet.

Also as word of advice, use the "Full Detail" mode when an application is trying to access the Inet via Sygate. So you can see what it is trying to access. In most cases, some folks just click [yes] to get rid of the message, etc to get their program or game loading.

......and this is how systems WITH a good Firewall leads to become infected.

Phisher: Yahoo Account

2009-08-23T17:58:00.001-07:00

"And I said ..No, No, No.... I Don't.... No More"
-Ringo Star & His All Star Band

Golden rule, never reply to any emails requesting your name and or password. Nine out of Ten times they are Phishers like the following trying to hijack your email account and use it for SPAM.

This one came in requesting the Yahoo account info, pretending to be the Help Desk at Yahoo, and needed our info to set up an alert. Oh and they use scare tactics to attempt to scare you into giving it up, such as you will no longer receive any more mail once it reaches 25 MB.

These Phishers are behind the times, Yahoo email is much bigger then 25 MB.

-[example of email]---------------------------------------------------

Subject: Helpdesk Program
Date: Mon, 24 Aug 2009 00:58:02 +0200 (CEST)
From: System Administrator
Reply-To: foldermaill@yahoo.com.hk
To: undisclosed-recipients:;

The Helpdesk Program that periodically checks the size of your e-mail space is sending you this information. The program runs weekly to ensure your inbox does not grow too large, thus preventing you from receiving or sending new e-mail. As this message is being sent, you have 18 megabytes (MB) or more stored in your inbox. To help us reset your space in our database, please enter your current user name (_________________) password (_______________)

You will receive a periodic alert if your inbox size is between 18 and 20 MB. If your inbox size is 20 MB, a program on your Webmail will move your oldest e-mails to a folder in your home directory to ensure you can continue receiving incoming e-mail. You will be notified this has taken place.

If your inbox grows to 25 MB, you will be unable to receive new e-mail and it will be returned to sender. All this is programmed to ensure your e-mail continues to function well.

Thank you for your cooperation.
Help Desk

-------------------------------------------------------------------------

So as in the past, just mark it as "junk" and delete it and move on to the next email.

Virus: UPS Unable to Deliver Package

2009-08-06T09:35:00.000-07:00

"Please Mister Postman, look and see, If there's a letter in your bag for me"
~ The Marvelettes

You receive an email from UPS stating they were unable to deliver a package to your home. But don't worry, this is just a scam to get you to williningly install malicious software to infect your computer from a Hacker.

[Example Email]---------------------------------------------------------

From: "Lorena Carroll"
To: you
Subject: UPS Tracking Number 890AIUM

Hello!
Unfortunately we were not able to deliver postal package sent on the 28th of July in time because the addressee's address is inexact.

Please print out the invoice copy attached and collect the package at our department.

Your United Parcel Service of America

-------------------------------------------------------------------------

And then there is the attached file. In this case a 'UPSNR_e92fa218.zip' was the attachment I am supposed to run to generate an invoice.

Well this file is how malicious software gets on your computer. Don't execute it.

1) UPS or USPS will never email you if they can not deliver a package. They will just post a sticky note or leave a pink note stating they will make another attempt. After three times, you can go pick up the package.

2) There is no need to .zip or send an executable (.exe) program to generate an invoice, 90% of the time its a standard email that comes through. This allows you the consumer to view it without having to jump through hoops to get another piece of software instal to view it.

So, just mark these as 'junk' and delete it.

"Don't Fall For FiOS"

2009-07-13T09:20:00.000-07:00

"ooh-hoo, jackie blue, making wishes that never come true"
~Ozark Mountain Daredevils

Comcast makes another attempt to sway people from going or joining Verizon FiOS, with some new TV ads depicting their own version of the "FiOS" install man. And how Verizon blunders installing FiOS.

(click to enlarge)

They did this a year or so ago with their blue glowing "FiOS Man" trying to make friends and being told they are staying with Comcast. Ironically this "Truth About FiOS" is published and hosted on Comcast equipment. If they were "really" telling the truth, they would have pointed out a different server, and or had another comapny step in to evaluiate the "Comcast vs. FiOS" ordeal.

The questions they posted above, are weak, and they also apply for Comcast. For example the question about installing FiOS involves days, and digging up your lawn.

For those who have had or have Comcast, you had to also schedule a day aside to allow Comcast to install, and for those who have underground wiring, you found that Comcast had to dig up your lawn as well, or as in the case with a buddy of mine, it took seven (thats right 7) Comcast Techs to visit all stated the modem drops he was receiving (10+ a day for minutes even hours) was 'Ok'.

Then the eighth Comcast Tech to arrive found the Coax cable had deteriorated somewhere underground, and guess what... yes, Comcast had to dig the lawn up to replace because the entire neighborhood utility wiring was underground.

Need better answers or concrete evidence, and don't want to rely on Verizon or Comcast and need to see more peoples Comcast problems?

Visit Broadband Reports:
http://www.dslreports.com

And if you want to look into moving over to FiOS:

http://www.verizon.com/fios

Scam: Tronix Country

2009-07-09T11:08:00.000-07:00

"Keep a knockin' but you can't come in
Come back tomorrow night and try it again"
~Little Richard

First off......no not related to us.

So just like the Blue Hippo computers, this ad is run on television and on the radio. Promising you a "real fast computer" for $29.99 a week. Sounds good eh?

Well the $29.99 a week is for twelve (12) months (52 weeks * $29.99 = $1554.80), and of course they will add on the shipping and handling costs to this figure.

Then there is the $99.00 to establish an account with Tronix Country.

Oh and if you find you can't pay the $29.99 a week, there is a $175.00 cancellation processes.

You can go out and purchase a fast machine for $600.00.

** small voice of concern ** "But they will help rebuild my credit..."

So do yourself a favor, and save that $29.99 a week, along with the $99.00 and the $175.00, and put it all in the bank. When you have saved up around $600.00 then go purchase the computer.

Better, take that money and begin to pay off your debt, no access to a PC for banking? Then choose a local bank you can walk to, once you have enough of your credit paid off, then use the card to purchase the computer and then pay off that amount immediately.

** small voice of concern ** "But what about the FREE printer, hdtv, mp3 player...!!!!?"

Places like Best Cry are begging you to take the free printers because they are cheap and want to get rid of them. The ink cartridges are more then the printers now a days anyway.

Mp3 player, you can get one 4GB for around $40.00.

And if you need an HDTV... well your basically paying for it with that $1200 your paying extra for that PC from Tronix Country.

Hackers: Death of A Celebrity Scam

2009-06-30T07:35:00.000-07:00

"Your mind tricked you to feel the pain
Of someone close to you leaving the game of life
So here it is, another chance"
~Queensryche

Since the passing of Michael Jackson, Billy Hayes, Farrah Faucet, etc, hackers are now using this as a ploy to get you to install their Trojans, Spyware, and even viruses on your system by stating if you execute the file from their website (or attached to email sometimes) that will reveal their killer.

(click to enlarge)

Don't follow the link or double click on any attachments in the email, and for that matter don't waste your time following the link.

Its all rubbish, mark it as junk and move onto the next email.

Until the next email scam....

Virus/Spyware: Criticle Patch For

2009-06-17T13:41:00.000-07:00

"Please Mister Postman, look and see, If there's a letter in your bag for me"
~The Marvelettes

(click above for larger image)

You receive an email with attachment that states there is a criticle software patch for some popular named piece of software (Outlook, Outlook Express, etc), and miraculously the patch is attached to the email.

Wrong..this is a way for Hackers to infect your PC with viruses, spyware or trojans that can steal your information or keylog your id and passwords from web sites. Do not double click or save these attachments.

Other variants of this type of email offer an installation of Internet Explorer (that happens to be attached to the email).

This version contains a link in the email, which is a masqueraded link. It shows a valid link in the email, but takes you someplace other then 'updates.microsoft.com' and if you are using Internet Explorer, it will install the update (thanks to the vunribility with ActiveX and Internet Explorer).

If your using Firefox, first off the Firefox will warn you that the site was reported for forgery, and stops there. If you choose to proceed, you go to the site, and since there is no ActiveX in Firefox, the sites plans are foiled and nothing is secretly installed onto your system.

(click to view larger image)

If you review the address bar (where you put the web page address in), you will see that the site does contain the word 'microsoft' in it, but it does not just contain 'update.microsoft.com', but rather 'update.microsoft.com.ilfl1l1.com' which is the number one thing to look for.

Rules of the road:

Microsoft nor any other software company will not attach patches or executables to their email and send it to you. As a rule of thumb patches, etc are obtained by visting the vendors website and you manually download them.

Just mark it as junk, and delete it.

Scam: Job Offers

2009-06-09T10:17:00.000-07:00

"Get a job Sha na na na, sha na na na na"
~Silhouettes

Offers to "work from home" come in the email several times a day. And some are very tempting, but in the long run, they are scams to take your money.

They offer you a small percentage for collecting checks from their customers (who turn out to be affiliated with the scam) who send you checks (which are bogus) for hundreds of dollars.

You take the check into the bank to cash it and since you are promised a percentage of that money and then turn around and wire the scamers the rest of the funds. Normally it takes a few days for a check to cash, so you don't see the outcome right away.

But at day seven, your bank calls you stating the check was a fraud, and as you realized that you have been taken, the check you wired is valid, and the scamers walk away with your cash.

At the same time, they also Phish your information (see the bottom of the example email), so now they know the "basics" about you. Anyone for fake IDs, credit card applications, etc?

Example of Email Scam;

================================================================
Dear Sir/Madam,

We have a job opening for the position of Online Accounts Clerk.

Would youlike to work from your home and get paid weekly? We
are offering this position to all interested applicants. Please
carefully read through. BusbyFabric, is a specialist in importation
and exportation of Art work and Fabrics to best-known companies in
far back Asia, the Regions Of America and Rest of The world for a
long time. You will find our high quality Fabrics in the BEST
products on the market today. We serve the entire United States
and a growing export market.

Your primary task for now, as a representative of the company is
to coordinate payments from customers and help us with the payment
process. You are not involved in any sales. Once orders are received
and sorted we deliver the product to a customer. After this has been
done the customer has to pay for the products but in most cases we
make our clients prepay for orders or items they order for. About
90% of our customers prefer to pay through Certified Checks/ Money
Orders drawn from the United State based on the amount involved.
We have decided to open this new contract -to-hire job position
for solvingthis problem.

Your First Primary task (Collection of Payments):

1. Receive payment from our Customers or Clients.
2. Cash Payment at your Bank for record purposes.
3. Deduct 10% which will be your percentage/pay on Payment
processed
4. Forward balance after deduction of percentage/pay to any of the
offices you will be directed to send payment to.

You'll have a lot of free time doing another job, because this job
is parttime, you'll get good income. But this job is very challenging
and you should understand it.
We are considering your application because you satisfy our requirements
and we are sure you will be an earnest assistant till we start
running our branch office in your state.

Kindly get back to me as soon as possible if you are interested
in this job offer with your:

*BUSBY FABRIC RECEIVING PAYMENT ACCOUNT FORM *
FIRST NAME
LAST NAME
ADDRESS (NO P.O.BOX)
CITY.
STATE
ZIP CODE
COUNTRY
PHONE NUMBER (HOME AND CELL)
GENDER
MARITAL STATUS.
AGE
NATIONALITY
OCCUPATION:

*Do you have an exclusive relationship with another United Kingdom
based company? YES /NO.*

our response to this email is needed,so that we can reconfirm your
mailing address details we have in our database. We will be updating
you as soon as the payment is being sent to you and you will be
directed as to where to have the remaining 90% of the money sent to,
after the deduction of your 10% pay on any payments received and
processed by you. A swift acknowledgment of the receipt of this email
will be appreciated.

Your provided information will be sent for the first internal screening
and comparable of applicant's information. Please if you are interested in
this position don't hesitate to get back to me.

For More Information about Ross FABRICS Feel free to visit our web link at
http://www.busbyfabric.com/

BEST REGARDS
Jonathan David,
Manager (International Operations)
BUSBY & BUSBY LTD
THE OLD STABLES,
WINTERBORNE WHITECHURCH,
BLANDFORD FORUM,
DORSET, DT11 9AW, ENGLAND
Tel;+447035946582
================================================================

Phising: Email Accounts

2009-05-23T04:24:00.000-07:00



Another attempt to prey on those who use web based (you get your email via
your browser i.e. firefox, internet explorer, etc). The Phisher uses not sites
but the common scare tactic that your account will be deleted, and you will not
receive anymore email.

Total bull, here is a 'scare' email that a Phisher attempted to use:

=========================================================================

Dear Webmail User;

This mail is to inform all our { webmail users }  that we will be
upgrading our site to help block spam. We are also having congestion due
to the anonymous registration of accounts so we are shutting down some
accounts and your account is among those to be deleted.

We are sending you this email to verify and let us know if you still want
to use this account. Due to the congestion in mail server, Webmail would
be shutting down all unused Accounts. To confirm your active account, you
are require to send us your E-mail account details listed below These
information would be needed to verify your account and to avoid being
closed;

 * E-mail:
 * User ID:
 * Re-type Password:
 * Password:
 * Date of Birth:

Waiting to receive the details of your two emails.
Warning!!! Account owner that refuse to send this information after one
weeks of receiving this warning will lose his/her webmail account
permanently.

Regards,
Webmaster Technical Support Team.

=========================================================================

If there is EVER an issue with any email account, you will never be
requested to provide your password or even your date of birth.

Just mark it as junk and delete it from your inbox.

Spam: ARRP News Letter

2009-05-14T07:46:00.001-07:00

"Send me a postcard, drop me a line stating point of view, Indicate precisely
what you mean to say, Yours sincerely, wasting away"
~The Beatles

This has been a real popular one lately, coming with subject such as "Dr. (insert name here) Personal Percentage Off", etc.

They are not from AARP, and do not click any links in it let alone 'unsubscribe' or your email address will be flagged as 'valid' and you will end up getting more Spam.

Just mark them as Junk

Scam: Stimulus Balance Payoff - Get Out Of Debt

2009-05-14T06:47:00.000-07:00

The Letter of the day is 'S', for 'Scammer, and 'Spammer' and 'Stimulus'.

Its amazing how Spammers and Scammers jump on popular words in the media. Words
like this are not only eye catchers, but can easily fool some people into signing into more trouble then the email was worth.

Take a look at this lovely email (yeah they had commas in there for some odd reason)

=======================================================

To:
Subject: , Delivery Notice: You Qualify For a Stimulus Balance Payoff

,You qualify for a Stimulus Balance Payoff before May 15, 2009.

The economic stimulus helps create jobs, and gives Americans the opportunity to payoff their outstanding balances for a fraction of the total, thus stimulating the economy.

You qualify for a Stimulus Balance Payoff from the following creditors:

* Credit Cards
* Medical/Hospital
* Department Store Credit Cards
* Personal Loans (unsecured)
* Overdue Rent
* Autos (Repos)
* Local Merchants
* Past Due Utility Bills

Based on the current national average and incline in unsecured balances, we estimate you have around 20,000 Plus in outstanding balances (this is an estimate, please update this amount upon submission or unsubscribe below if no outstanding balances exist).

Please visit your personal account page:
http://mydueremove.info/debtelimination

Our Specialists work everyday to get consumers zero balances and one is standing by right now to Clear 100% of your open balances. They are the best in the business and they know how to Payoff ALL of Your Open Payments without Long-Term effect on your file or filing bankruptcy.

We estimate the long-term effects from $20,000 plus open account balances can reach a cumulative amount of 74,464 and take 53 years to payoff. (-Based on avg. national credit card interest rate of 19% and minimum payments of 2.1%)

Just Moments of Your Time Could Avoid 74,464!

Client Profile:

Account ID: 9109680

Unsecured Balance Total: PLEASE SUBMIT HERE
http://mydueremove.info/debtelimination
100% Zero Balance in only 12 to 48 /mo!

Credit Pull is Not Required | No Strings Attached, We Are Here To Help You

, We have a solution to clear your balances.

Please visit your personal account page:
http://mydueremove.info/debtelimination

Confirm your Information and click 'Submit'. We'll have our specialist give you a call just to describe the program and how it can benefit you; No Strings Attached we are here to help you.

Jeff, we are looking forward to working with you to wipe your open balances away.

DebtAid USA | Exclusive Member Offers
Secure & Hacker Safe

If you no longer wish to receive these emails, please follow link:

=======================================================

According to above I have eight originizations that owe me money...but as you read further, it begins to toot a different tune, as in credit card sign up.

And if you click the link, you are presented at their sight 'Debt Elimination (don't be fooled wit the media icons "as seen on") You can add icons of this nature to anything they are just .jpg adn can easily be copied from their media site with a right click and 'save as'

So just mark these as Junk and delete it, they are just a way to get you into further debt.

Spam: Fairfax Digitial

2009-05-12T07:32:00.001-07:00

"Add it up.... Add it up..."
~Violent Femmes

You get one of these emails with some various subject with your email address in the email:

Its just another way for Spamers to confirm your email is active. This just leads to a Canadian Drug site.

So do not click any links in this email, just mark it as junk and delete. There seems to be a wave of these going around now, we've had about 20 of them show up within the last day using a random name @ our email address.

Scam: Brand Reward Zone

2009-04-14T09:19:00.000-07:00

"Help I'm steppin' into the twilight zone, The place is a madhouse

Feels like being cloned" ~ Golden Earring

I was asked about this one, and found nothing on the Net about it. So I figure its time to get this one exposed for the scam it really is.

When you first go to the site, they want the basic (name, address, phone number, etc) before you go any further.

Once you're in, your required to take a 20 question survey (which is all Junk that you don't want, such as free cash, whiter teeth, etc).

Then you are prompted before you get any further with their rewards, you must complete two offers. And these offers are from the previous twenty question survey you clicked 'No' on.

Some state "Free Trial", well you click on them, and they give you a free trial (such as Whiter Teeth), but you must pay the shipping of the free trial to you. And that can range from $1.00 to $4.95.

And there is no logic to this site, so even if you do not complete an offer, and click the button to move on, it allows you to, and your prompted to complete two more offers before going on. And the process continues to repeat itself.

Don't bother with their 'testimonials' they are either created by the company itself, or hired actors. You will not receive free items from scams like these, only junk and rack up your credit card bills due to their "shipping charges".

Scam: CNN Newsletter Subscription Email

2009-04-10T08:46:00.001-07:00

"One pill makes you larger, And one pill makes you small..."
~Jefferson Airplane

You receive a email but it's confusing. The top half is spam for some pills, and the bottom half is claiming its from CNN, and you signed up for a news letter and wishes for you to confirm.

First off, don't click ANY LINKS in this email, its a way to "verify" your email is active. And you think you have Spam now... oh brother you will be in for more if you clicked it. In fact it I have about ten of the same emails from ten different Spammers in my inbox... you do the math ;)

( click to view larger image)

Anyway, its a bogus email designed to fool you into validate your email. CNN will never send anything remotely like this let alone advertise any Canadian Pills at the top of their email.

You will see other copy cat emails like this, but from all other walks of major news networks (CNBS, NBC, etc..).

Just mark them all as junk (if your using Thundebird pres 'j') and delete it.

Tip: Unsubcribing To Emails or Newsletters

2009-04-06T07:00:00.000-07:00

"And if you get hooked, baby, it's nobody else's fault, so don't do it!"
-Grand Master Flash

You may get an email that you don't remember subscribing to and decide to unsubscribe to it.

First.. DON'T CLICK ANY LINKS IN THE EMAIL, and then read further down for the explanation.

=====================================================================

View email online

Dear Subscriber,

Click to open Aijcq Zug

This newsletter is being sent to you because you agreed to receive information from Yride. If you no longer wish to receive our newsletters, please unsubscribe now to ensure you are taken off our mailing list rather than marking this email as "spam" or "junk".

Copyright c 2009 Itewocu. All rights reserved.

Unsubscribe now | Manage Acoount | Privacy policy | Contacts
=====================================================================

All the links in this email lead to the Spammers site, and at the same time verify your email is valid.

These types of emails do two things, spam you, and attempt to verify your email address is valid.

This means, when the Spammer finds valid email addresses, they still bombard you with more spam, and even may sell your email address to other Spammers to also bombard you with Spam.

As stated in my previous posts, there is a small market for selling email addresses out here on he Internet.

SO if you should encounter this, never click any links, and DO NOT click 'unsubscribe'

If you need to unsubscribe to some newsletter, etc (aka: home improvements from Lowes), then log into the official website, and unsubscribe.

Mark It Junk, and Delete It....

Scam: Obama Bailout Home Owners

2009-04-06T06:39:00.000-07:00

"So you think you can tell... heaven from hell, warm air from a cool breeze" - Pink Floyd

Some quick photo editing, and some main words being used in the media, and sprinkle some bogus lies about it being featured on news channels (the media can not check 'every' item that states its "been featured on..."), and look what you get:

This immediately states "Obama will save our house from foreclosures with his bailout plan..".

First of all Obama does not know this offer exists, nor will personally save everyone (he is out to spend, spend, spend). Did you know this guy spent more money then President Bush AND George Washington put together in his first 60 days!?!?

Anyway, this email is a ploy to get you to refinance your mortgage your home will NOT BE SAVED by following through with this scam. You will just be digging yourself deeper in debt.

This company is a reference company, which means you give them all your personal info, and then they match you to mortgage company that will work with you. Thats how they make their money, off of your suffering.

Oh yeah if you read the fine print on the site they explain how they can use "As Seen On"( and I quote from the web site):

====================================================================
*"As Seen On" information refers to paid advertisements that have run on the websites of the properties listed above. The trademarks included on this page are property of their respective owners, who have offered no endorsement of this product.
====================================================================

Just stay away from scams of this nature. Mark it as Junk and delete it.

Phisher: 2009 IRS Tax Season

2009-03-28T06:56:00.001-07:00

"Cos' I'm the Tax Man..."
-The Beatles

As the 2009 Tax season approaches, so does the Phishers attempting to obtain your personal info. This one looked like an official email from the IRS. It had its "official" logo in the email and even told me how much I was going to get back.

In reality, it was sent by a Phisher in Thailand. The IRS will NEVER email you concerning your Tax refunds, etc. (especially before you file them!) They will never ask for personal information such as credit card numbers, soc #'s, ATM pins, etc.

So just mark these as Junk ('J' in Thuderbird) and delete them. If in doubt, contact the IRS at their web site at 'www.irs.gov'

(click for a larger view)

As you can see I highlighted the 'Click Here', and Thunerbird told me the URL (web address) the link was going to go to. Its not 'www.irs.gov', so I decided to click it, and Firefox immediatly told me this was registered as a Phisher's site:

(click for larger view)

As always I decided to ignore the warning and conitue to see what it had to offer, and the site was taken down.

L8TR..

Virus: Face Book - Video

2009-03-14T11:09:00.000-07:00

"Face the face - got to face the face"
~Face to Face by Pete Townshend

Now comes another Facebook virus, the hackers have done their best to make their email and web page look like it came from Facebook. And attempt to fool you into downloading and running their virus (Adobe_Player11.exe).

First the email that you receive:

[Bogus Email From Facebook]=======================================

Messages from Your Friends on Facebook, March 11, 2009

You have 1 Personal Message:
Video title: " is dancing on Striptease Dance Party,
March 13, 2009! We're absolutely shocked!".

Proceed to view full video message:

http://facebook.shared.ceptServlet.personalid-dybnp2jd6.asp.53445player.com/home.htm?/statement/application=os290coezlu3xq1

Message ID: FB-ulifv9wkm3pcwq9
2009 Facebook community, Message Center.

=================================================================

Right away you should see that the url for Facebook is bogus, it should just be 'http://facebook.com'. Instead you have a larger address with the words 'facebook' put at the beginning of it to make it look ahem "Official".

So at this time, just mark it as junk and delete it. If your interested on the further details of this time of virus scams please continue to read.

So I procededed to click the link (using Firefox, so I will be prompted if anything tries to install, do not do this with Internet Explorer, etc), and here is what I arrived at:

(click to see full size image)

The page almost looks identicle to a Facebook page, the layout, colors, but you should take a moment to view whats wrong here:

01. If you log out of Facebook, you normally have to "log" back in everytime. So you were not prompted for a name and password. You should never leave your account "rembered" that is stored in a cookie, and could easily be hacked.

02. Your name does not appear in the upper right corner of the blue bar, next to "Settings" and "Log Out". Indication, your not logged in, this is a fraude site.

Soon as you click the 'Play' button your immediately prompted that you require the latest version of Adobe player to view the video:

Then your prompted to download the file name of 'Adobe_Player11.exe'. This is the file which will infect your computer.

until next time...

Scam: Amazing Free Laptop (that you never get)

2009-03-12T11:15:00.000-07:00

This has been playing almost every commercial break on 94 WYSP in Philadelphia. I researched this and the site (surprise surprise) was down, there was no more offer. Looks like another curious person who runs the site "Rip-off Report" was able to review this while the site was up, here is the link for this scam and their findings:

http://www.ripoffreport.com/reports/0/410/RipOff0410355.htm

As reported a few months back, there is no such thing as a 'Free' laptop. You will get nothing but headaches and SPAM when attempting to get a "free" laptop, dinner, gift card, etc. They get your information and leave you high and dry with lots of spam. Not to mention now they have your name, and address, and who knows what they can do with that.

Don't fall for the "Free" things from emails, internet and radio.

Scam: Job

2009-03-02T11:31:00.000-08:00

With some people being handed their pink slip, Email Job Scams are now on the rise. Promising you easy to make money at home. Researching some of this malarkey, I found that some scams will want you to pay a fee up front before you are to start any job.

If you request a refund, you have to go through a nighmare of their "legal" clauses that they specified when you signed up (hint: take time, read the fine print on anything you sign!!).

Then you get some like this, who use a popular job hunting site, and then use a compromised email account. This was sent to my computer store newsletter account (which was a flag that this was spammed out).

===================================================================

We've found your resume at careerbuilder.com and would like to suggest you a "Transfer manager" vacancy.

I'm the Chief Manager of Department of employment We have thoroughly studied your resume and are happy to inform you that your skills completely meet our requirements for this position.

Our company buy, sell, and exchange digital currencies, like E-gold and E-bullion.

This is a part-time position. Your schedule will be flexible. You will need to spend on average 1-2 hours per day, Monday-Friday.

This is a work-at-home position. All communication will be online.

General requirements:
Applicants must be at least 21-years-old
Good communications skills
Honesty, responsibility and promptness in operations;

A position within our company on a trial period for one month starting from the beginning of the work will be offered to the successful applicants. During this trial period you will be receiving training and online support while working and being paid. Employees on a one month trial period are evaluated at least one week prior to the end of their trial period. The supervisor can recommend termination, during the trial period. At the completion of the trial period, the supervisor can recommend continued employment, extension of trial period, or termination.

During the trial period you you will be keeping 8 percent commission from every payment received from our customer. With the current volume of clients on average your overall income will add up to $3,000 USD per month. After the trial period your base salary will go up to $2,250 USD per month, plus 8 percent commission.

After the trial period you may ask for additional hours or proceed full-time.

If you are interested in this position, and would like to know more, please e-mail me ONLY to: michaelperryopportunity@gmail.com

We will contact you within 24-hours.
==================================================================

Obvious ploy, they will contact you, and will either give you another link to follow or request your up front fee to become employed with them.

Another flag, why is a 'Judson Dodd' (eb1303s@yahoo.com.sg) who is in registered to Yahoo! in Singapore, emailing for a "Michael Perry" on GMail. The email link above is actually asquraded, so when you click on it, it will reply to the Judson address, and not the Michale adderess.

* You should never have to pay a fee by an Employer to become employed in the USA, this is quick gimick scum use to make a quick buck off of the unemployed.

* Always pay attention to who you are replying to.

* Just skip all emails with "Make $asy money at home", "You keep x% of what you sell", ect they are all just gimicks to get you hooked into paying the scammer money. He has your cash and leaves you high and dry without a job.

* If someone states they saw your resume online, they will give you contact information immediately (usually local phone numbers, website, etc... Credentials!) for you to reference them by before contacting.

* And always be careful of these "Job Schools" that promise to train you and find a job, most of them are bogus and only it it for the money. There ideas of helping you find that job.. they look on the job search engines, and post positions on their community board for all their student's (they all have been "busted" by the media for this).

Official Job Seeking Sites that you should be using:

Careeebuilder.com
www.careerbuilder.com

Dice.com
www.dice.com

Job Circle.com
www.jobcircle.com

Monster.com
www.monster.com

USA Today Careers Network
careers.usatoday.com

Phisher: AOL Account

2009-03-02T10:21:00.001-08:00

"I lost on Jeopardy, baby"
-Weird "Al" Yankovic

This ones an obvious Phishing email, but for the record:

You recieve an email with this in the subject:

First off, looks like Thunderbird has warned me this is a Scam, Second, I hovered over the 'Click Here' link, and Thunderbird shows me that its not going to take me to aol.com, but to a oddball website, which they do not want their DN (Domain Name) displayed. (Hmm I wonder why...)

But I looked up the IP address on a few IP sites, and it appears to be coming from Israel:

80.179.149.122 - Geo Information
IP Address 80.179.149.122
Host 122.sharatim.co.il
Location IL IL, Israel
City -, - -
Organization Golden Lines International Communication Services
ISP Golden Lines International Communication Services
AS Number AS9116 Golden Lines Main Autonomous System
Latitude 31°50'00" North
Longitude 34°75'00" East
Distance 1601.37 km (995.04 miles)

So as you guessed it, I clicked... and wound up here, with what looks to be an official AOL page, with the AOL Eye Candy graphics, etc. But wait... whats this, they want my Credit Card number AND my ATM PIN Code???!

This is an immediate red flag that this is a Phisher scam trying to get your financial data..

Remeber NEVER give out your finiancial info to just any site that states your account is in jeoprary, will be terminated, etc. This is just scare tactics to get you willingly give up your information.

Phisher: Visa Scam

2009-03-02T09:49:00.000-08:00

"Little bitty pretty onec come on and talk-a to me.."
-Thurston Harris

Remember financial institutions will never email you requesting your information.

If there is any issues with your account, either manually go to the banks web page (aka never click on links in email), or pick up the phone and call them to find out what the problem is.

And now to introduce this latest Phisher scam email:

============================================================

Dear Visa Cardholder,

Continuous Monitoring is an integral part of Visa's multiple layers of security.
In addition to other fraud monitoring tools, we can often spot fraud based upon transactions on the card that are outside of cardholders typical purchasing pattern. This allows us to spot fraudulent activity as quickly as possible and acts as an early-warning system to identify fraudulent activity.

During a recent checkout we detected suspicious activity and your Visa card may have been compromised. Fraudulent activity made it necessary to limit your card for online services.

Your Case ID Number is: DD7Q8QQ9EDR7
Conform to our security requirements and in order to continue online services with your card, we must validate your identity.

Please click here to verify your identity

Visa takes online security very seriously so that you can shop safely on the Internet. As part of our commitment to fighting fraud we have the right to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of the terms and conditions for using Visa.

Sincerely,
Visa Customer Service.

© Copyright 2001-2009, Visa All Rights Reserved.

============================================================

I followed the link to a page that looks a lot like the official web page (aka Logo, etc), and instead of using the case number above, I decided to see how smart this Phisher's code was, so I just entered a random number

First right off the bat, most credit cards, are through your bank, or a primary credit card company (aka: Mr Smith's Visa Card), so 90% of the time you don't directly deal with the Visa company itself.

Second, always pay attention to the web address, when does 'filmsound.com' have anything to do with visa.com?

(click to enlarge)

I presented another sixteen character code '01234567890123456' and '11111' for the ATM code to satisfy the requirements.

(click to enlarge)

I was then presented with a bogus "your information is now safe with us, and your account validated successfully..." mubo-jumbo. And in less then four minutes, your "pushed" to the official Visa page to make it look official.

(click to enlarge)

Til' next time kiddies....sleep tight and don't let the Scammers & Phishers byte...

Scam/Trojan: You have (insert Holiday) ecard

2009-02-16T05:06:00.000-08:00

"I found out long ago..It's a long way down the Holiday Road"
~Lindsey Buckingham

You may receive some mysterious "ecards" in your inbox with links to a web site or a '.exe' or '.zip' file attachment.

This one was from Valentines day

------------------------------------------------------------------------------

William has created for you a Valentine e-card and wrote this to you:
"I live for you!"

Your Ecard is here:
http://uehewr.yourgreatlove.com/?ID=94398159c552455e0503a41e9e
Best Wishes, Jib Jab.

------------------------------------------------------------------------------

(click to view)

The link displayed in the email differs from the actual link (circled in red), which leads you to a dark site that will attempt to install software or prompt you to download the virus/trojan and have you run it.

Just delete these emails unless you truly know who they are from.

Phishing: IRS Stimulus Package

2009-02-12T08:05:00.000-08:00

Since the 'Stimulus Package' is a big news story now, Phishers are on the move pretending to be the IRS. And pf course still trying to get to your personal information via email with bogus links contained within them.

First off, the IRS does not initiate communications with taxpayers through email, states it right on their site.

Second, you should always be on the defense when links come in the email, and if you click on it and any information is requested, just don't do it. Even if it is for your name, age, and yes, your job position (these are used in the bogus Lottery, Nigeria scams, etc).

The only official site for the http://www.irs.gov, if your link takes you to any other site then just close it out. Phishers will "steal" web page content to make their bogus sites look like the official site.

Just mark these as junk and delete them.

Scam/Spyware: AntiVirus 360

2009-02-12T06:35:00.000-08:00

The AntiVirus 2009 is back, and under a new name "Antivirus 360" to make it look like "Norton AntiVirus 360". If Norton changed their name to "Norton ABCD", the scum who makes AntiVirus would rename theirs to "AntiVirus ABCD".

The bogus 'AntiVirus' creators also like to spend a lot of their time using smoke & mirrors to make you think you have a virus. And will just use one big flashy animation to think they are scanning your system and find threats.

This 'rouge' AntiVirus program can be removed by using "Malwarebytes' Anti-Malware". I have tested the "Malwarebytes' Anti-Malware" myself, and its a valid. It does not install Spyware or viruses itself to make it look like its working or found something.

As a result you become infected, and you are offered to pay a fee to remove their product from your computer. The last going rate for this is $80.00.

Reviewing this further, Internet Explorer pretty much let this "waltz" right in, by only
prompting the user with a [Continue] button. Most people would be confused, and
proceed to click the [Continue] button not knowing what they just unleashed.

This is why it is VERY important, to stop using Internet Explorer, use FireFox or Opera, the idea here is NOT to use an Internet Browser like IE that is merged into the Windows operating system.

Here is a good article on "Bleeping Computers" that shows how to manually remove it:

http://www.bleepingcomputer.com/malware-removal/remove-antivirus-360

Phiser: McDonalds Survey

2009-02-03T17:22:00.000-08:00

"Clowns to the left of me, Jokers to the right.."
~Stealers Wheel

Another bogus survey, this time "promising" you $80 to be credited to your credit card account if you take the McDonald survey. A good indication is when the Phisher does not bother using a spell checker to correct the grammar and spelling mistakes.

[Email]==========================================================
Dear McDonalds Customer,

Year 2009 will be a year full of improvements here at McDonald's and we definitelly want our customers to enjoy our products more and more, for that we have started a selective $80 Reward Survey.

Take part to our quick survey and we will credit $80 to your account - Just for your time!

TO GET YOUR REWARD CLICK THE LINK BELLOW:
===============================================================

You are wisked away to "http://www.mcdonalds.com.go2voip.net" instead of the official site which is "http://www.mcdonalds.com".

Once there, you fill out a bogus survey, and then the McPhiser attempts to steal your data with the form below. Notice the bogus $80 has changed to $100 now. (click on the picture for full size):

A good indication is not only Ronald holding a Bomb, but also when Ronald wants your credit card number, social security number, even your CIW (your credit card security code).

And yes the bogus $80 was suddenly changed to a bogus $100 credit.

This phisher comes from France (yes insert the Conehead jokes now)..

Scam: Cell Phone "Do Not Call List"

2009-02-02T06:56:00.000-08:00

This one is starting up again, its been around for a few years now.

It is originally started by a Telemarketer or company that wants to acquire your
cell phone number for their evil use (sell it, etc).

Just mark and delete these types of email.

[Example]=============================================

This just takes a minute and is good for 5 (five) years. You must call the Do Not Call number from your cell phone.

THE FIRST WEEK OF [insert month], ALL CELL PHONE NUMBERS ARE BEING
RELEASED TO TELEMARKETING COMPANIES AND YOU WILL START TO
RECEIVE SALES CALLS........YOU WILL BE CHARGED FOR THESE CALLS......

To prevent this, call the following number from your cell
phone: [Phone number deleted] or visit this website: [Website
address deleted]

It is the National DO NOT CALL LIST. It will only takes a
minute of your time and will block your number for 5 years.
===========================================================

The "official" do not call list, will never ask you to call, you can access it from the web: https://www.donotcall.gov

There you can put in all your phone numbers, including your cell number.

If you have registered already, it is normal for the "verification" system to send you an email to show when you registered your phone number.

Phisher: Ebay Items

2009-02-02T06:37:00.000-08:00

You received an email from eBay, stating you won a bid on something you don't remember bidding on. The first dead give away is the "Dear....", and its not, or nowhere near your name you would use on ebay. In this case "Dear yakibo", where did they come come up with this one, from a hat with names in it?

The Phisher is betting on you will log into eBay to see what is going on, and if you actually placed a bet. In this case, it was a brand new video game (which doesn't interest me at all), but never the less, they put a hot item everyone will go ga-ga for (example: Wii, Xbox, DVD, etc).

And now the bogus email:
============================================================
Thank you for purchasing NEW Gears of War 2 C3U-00001. Please leave feedback for me on eBay. Take this opportunity now and help build a better eBay community.

To leave feedback, just click on the link below:

Thank you for purchasing NEW Gears of War 2 C3U-00001. Please leave feedback
for me on eBay. Take this opportunity now and help build a better eBay community.

To leave feedback, just click on the link below: [link removed]

Item title: NEW Gears of War 2 C3U-00001
Web Address: [link points to a real item up for bid]
Item number: 120330259294
Buyer User ID: yakibo
Seller User ID: buy
Total: $167.97

Note: Every eBay user has a Feedback profile made up of comments from other eBay users.

Thank you so much for your business.

Learn how you can protect yourself from spoof (fake) emails at:
[link removed, pointing to real page at ebay.com to make it look legit]

This eBay notice was sent to you from eBay. Your account is registered on [link removed]
As outlined in our User Agreement, eBay will send you required notifications about the site and your transactions. If you would like to receive this email in text format, change your

Copyright © 2009 eBay, lnc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, lnc. eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
============================================================

Scam: Nigerian

2009-01-14T12:40:00.000-08:00

"He just smiled and gave me a Vegemite sandwich..."
-Men At Work ("Down Under")

Ah the oldest of scams on the Internet the "Nigeria" scam.

This will end up costing you hundreds or even thousands of dollars, while exposing your personal info to uncountable number of people.

It all revolves around some Nigerian prince, who has a boat load of money and he needs someone to help him. And If you help them you will be rewarded with an unimaginable fortune. In reality the "helper" is taken for everything they have.

By the way, Thunderbird detected this as a scam...so just mark it and delete it.

Example of one of many Nigeria Scam letters

===================================================

FEDERAL REPUBLIC OF NIGERIA
Special Duties/Logistics Department
FOREIGN CONTRACT PAYMENT BUREAU
Spear Heading Nigeria Debt Reconciliation Unit
39 Grace church Street Victoria Island Lagos-Nigeria.
Email : senatepresidentnig1@gmail.com

Attn: Sir/Ma ,

This message is based on the letter United State Government received from the International Monetary Funds Agency  (I.M.F) and the G8 Summit headed last regarding the settlement of all our  contractors / beneficiaries debt, that is why the Secretary of the United State of America have decided to personally monitor this payment and make sure all U.S.A citizen and other related contractors/beneficiary that are concern received there payment without any delay.

I, The  the Senate President ,Federal Republic of Nigeria , Dr Ken Nnamani (GCFR) and the Governor of Central Bank Of Nigeria , Prof Charles Soludo in Conjunction with the Board Of Directors , Sen., Ifeanyi Ararume held a meeting last week concerning contract payment , both foreign  and local contractors and some inheritance funds.

On going through contractors file yesterday, we discovered that your file was dumped untreated, so at this juncture, we apologize for the delay of your contract payment and please stop communicating with any office now and attention to the appointed office below for you to receive your payment accordingly.

Now you’re new Payment Reference No.-35460021, Allocation No: 674632 Password No : 339331 , Pin Code No: 55674 and your Certificate of Merit Payment No : 103 , CBN Released Code No: 0763; Immediate Telex confirmation No: -1114433 ; Secret Code No: XXTN013, Having received these vital payment number , therefore You are qualified now to received and confirm  Your payment with the Federal Government of Nigeria immediately within the next 24hrs .

Now you are directed to contact the Office of the Paymaster General of Federation Nigeria Dr. Mike Obih   immediately so that he will pay you and fax you the payment Copy Slip and also you should reconfirm your Banking Details, Secret Code No: which is ( XXTN013), this is to avoid mistake while  transferring your overdue contract payment to you today .

Contact Person:

Dr. Mike Obih the Paymaster General,  Private Email consultant101@live.com, Tel: +234-803-056-1007.  Contact  him now and inform him that you received a  message from the Senate President Federal Republic Of Nigeria, Instructing you to contact him for immediate release of your contract payment and forward your Details to his office such as:

1) Your Full Name:
2) Phone, Fax And Mobile:
3) Company Name, (if any) Position And Address:
4) Bank Details:
5) Profession, Age And Marital Status:
6) Copy Of your Int'l Passport/Driving license

NOTE : We have mounted our security network to monitor every in-coming calls and emails , if we still find out that you are still dealing with all those fraudsters that have been frustrating you for years , I shall stop and cancel your payment immediately .

Best Regards   
Sen. David Mark
(Senate President Federal Republic Of Nigeria)
==================================================================

Phisher: Pay Pal Account

2009-01-14T12:06:00.001-08:00

"Go on take the money and run"
- The Steve Miller Band

PayPal is good, and also bad, due to it houses your money (like an online bank) to allow you to pay as cash online (example: eBay auctions, etc). So many Phishers try to obtain your PayPal account information (if you have one).

If you don't, then you need not worry. And as always do not follow the link in these types of emails. You should always use your bookmark of the official PayPal site or call them to verify if their is an issue with your account.

Oh, and think about gettiing Thunderbird, and use it as your primary email client, Thunderbird
detected this as a Scam (see below). And gave me the option to change the status.

Just mark and delete these PayPal scam emails.

SCAM: AntiVirus 2009, 2008, 2007, etc

2009-01-14T11:20:00.000-08:00

"I think I'm in Trouble...."
-Lindsey Buckingham

AntiVirus 2009 has been out for years, and of course various versions. An its main focus, to infect your system, and make you pay to remove the viruses it puts on your system. This is a basic tactic most bogus Security software companies do. Its all goes back to the old days of the Wild West Medicine men selling their "Snake Oil" off the back of their wagons which will cure any aliment.

Meanwhile, back in the present day....

It first starts like a small window, warning you you have a virus like window pictured left.

This is just a popup window with a .jpg or .gif picture in it, to make it seem "real". And states yuo 'need' to download AntiVirus 2009 to remove the threat (virus, trojan) from your computer.

At this point you just want to close it and keep moving along.

Meanwhile, armed with Firefox and AVG, I've
decided to click [Continue] to see hat we get.

Good 'ol Firefox looking out for me, most of the AntiVirus 2009 sites were registered with the search engines, and Firefox reads the database of the reported sites to warn you.

I tried this with Internet Explorer, and it just let me right on through. Almost as if it didn't want to be bothered. (This is another good feature of Firefox for all your Internet Explorer users).

Afte telling Firefox to allow me to go, I was whisked faster away to the web site then a Pampered Chef whisker. And then the site begins with its "smoke & mirrors" tricks showing me its scanning my system for viruses. But there is a small over site of the site.. I have 8 partitions, and I do not name my partitions "Local Disk" , etc.

So I allowed it to continue with its parlor tricks, and much to my (not) surprise, it finds that I have Malware.

I have two trojans, and 69 files are infected along with another infection. But it was nice and found and removed a threat.

So I decided to leave the magic show, and I was greeted with another screen stating that I am still infected, and I was warned it has to be removed. No matter what button I clicked, I am presented wit the same Window to download their software to really Infect my system rather then cure it. Oh by the way now instead of two "Criticle" problems, I now only have one.

(click to enlarge)

The Antivirus 200x site also plays havoic with your back buttons, when you try to go back, it will just reload (java trick). So at this point you just want to close down your browser and re-launch it.

If you have been infected, here is a site that will get you on your way to remove this nasty, vial, piece of software:

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

Until next time...

Trojan: News Video Footage

2009-01-09T11:05:00.000-08:00

And the Hackers play on trying to get you to infect yourself so they do not break the law of hacking your PC.

You may receive an email from 'CNN News', 'NBC News', and 'News Media Centre', etc that some stories make you take a double take, while others are seeming rather truthful.

First, the meida will never just send you an email without you subscribing to their service. And if your like me, you find it easier just to hit their site and read news rather then it clogging up your inbox.

Second, pay attention to the spelling of words in the email and from the sender, in this case the Hacker sent it from a bogus user named 'Media Centere' which is the European version of 'Center'. This should send a flag up right away if it is from an American news media company.

So I followed the link with my trusty armed with my trusty Firefox and AVG by myside to see what it offered. And as reported a few blogs it was a video that could not be played without downloading addtional software (see the 'Long Lost Classmates' blog entry). This attemptted to download the same file "Adobe_Player10.exe" which is a Trojan Horse and will infect and notify the Hacker basically "I'm here...come on in!".

Just mark these as junk, and delete the email.

SCAM: Free Dinners

2009-01-07T09:12:00.000-08:00

These scams come in as free dinners for RedLobster, Olive Garden, etc.

And just as with the 'Free Laptop', they are out for your personal info and to populate your mailboxes with junk mail. Oh yeah, and you still don't get the free offer.

This one had me go through 60 offers of selecting
"yes" or "no", then I had to apply for two credit cards (with application fees of course) that had a early fee each for $49.95.

Just mark these as junk, and if you encounter them on the web while surfing, just ignore or close the banner out and move on.

Until next time...

SCAM: Free Laptop

2009-01-07T06:45:00.000-08:00

WOW A Free Laptop!

But wait, there are several catches, and some Phishing behind the colorful email picture, and of course, there is no free laptop, its just a gimmick to give up your information and for scamming company to make money off of you from marketing companies.

First when you click on the email, it notifies back to the scaming company, that your email is an 'active email', keep sending these bogus emails.

Next, your required to fill out your email address (so they can assure your address is correct from clicking above) to send you just more junk mail.

Then you get you give them your street address for... yes you guessed it, more junk mail to fill up your home mailbox now.

Then after sitting through clicking "no" on about 40 offers, your then told you have to complete two special offers below. And its the offers you just clicked 'No' on. Some other offers include siging up for a high APR credit card (some with yearly surcharges, etc).

This who scam also applies to the following popular items of our time:

xbox
wii
ipod
cell phone

SCAM: BlueHippo PC

2009-01-05T07:25:00.000-08:00

It seems so simple, no matter what your credit is, good or bad, you can easily receive a PC from a company such as BlueHippo computers (this goes for the "other" scam companies of this nature too).

But in reality, your getting yourself in to a finacial nightmare, and end up paying from three to five times the retail cost of the new computeter

Also the systems they sell are the real low cost end, some are even outdated technology. For instance you woud end up paying $2,000 for a $400 system. And guess who gets the $1600.

BlueHippo wants anywhere from $99.00 - $125.00 up front. Then makes payment arangements with you they end of changing without your knowledge. BluHippo offers 'low payments' of $100 a week for their product.

And BlueHippo is bad on delivering the goods once payments are made. Customers have waited weeks (while still being charged) without any deliveries. But once threatened by the customer, BlueHippo suddenly shipped out their orders.

These companies are just bad news, if you want a new computer, and and are credit challenged, your best bet is to start saving your pennies and go by one without any help from challenged computer companies such as BlueHippo.

SCAM: TV "Fix PC" Commercials

2009-01-05T07:00:00.000-08:00

You have seen these commercials for fixing your PC problems. These commercials are from "Finally Fast.com", and "StopSign.com" show flashy animations, and show people with computer problems.

Well first off, they overlaid Bogus errors on the monitor screens of the commercials (for instance an Apple computer with a Microsoft Windows error screen).. So in general they are starting right away with the old smoke and mirrors.

They have also notified that if any issues were found, you would have to purchase their software to remove/fix the issues. This is noted in the small fine white print that is pretty much unreadable at the bottom of the TV screen.

It just gets worse folks....please continue to read.

Going to their sites, they do not use your browser to check your PC for problems, instead they prompt you to download a program to install on your computer to check for issues. In the case of
'FinalyFast.com' it's named "ActiveSpeed_setup.exe".

And even though they have a "Microsoft Certified" logo on the page, does not mean they are in this day in age, its just a picture that anyone can right click, and 'save as' and use.

Now reviewing this executable problem "ActiveSpeed_setup.exe", contains SpyWare, and will be removed safely by AVG and some other AntiVirus aoftware.

This program will also report false information, attempting to trick the user to quickyly purchase the product to remove the infection (that they installed!).

Just stay clear of these scams, they just lead to complicate your computer issues much worse then they can be.

SCAM: The Check Is At FedEx

2008-12-31T08:53:00.000-08:00

This one claims there is a check for 2.5 million dollars locked somewhere in a box that FedEx does not know the contents of. But in order to recieve it, you need to give them ALL of your personal information, including your picture....fake ID's anyone?

Dead giveaway, FedEx would not be using a 'yahoo.com' account for their email.

Just mark it as junk and delete it.

--------------------------------------------------------------------------------------------

Hello Dear,
I have Paid the fee for your Cheque Draft.but the manager of Eco Bank Benin told me that before the check will get to you that it will expire.So i told him to cash $2.5 Million all the necessary arrangement of delivering the $2.5 Million in cash was made with FEDEX COURIER COMPANY LTD.This in the information they need to delivery your package to you.

ATTN: DR WILLIAMS BEN
Tel: 009229-93-72-44-86
EMAIL: (fedexdelivery.companylimited@yahoo.com)

Please, Send them your contacts information to able them locate you immediately they arrived in your country with your BOX .This is what they need from you.

And don't let them know the content to avoid delaying delivery ok.

1.YOUR FULL NAME:
2.YOUR COUNTRY:
3.YOUR HOME ADDRESS:
4.YOUR CURRENT HOME TELEPHONE NUMBER:
5.YOUR CURRENT OFFICE TELEPHONE:
6.A COPY OF YOUR PICTURE
7.COMPANY REGISTRATION NO EG58945
8.CODE NUMBER 0140479

Please make sure you send this needed information to the Director general of FEDEX COURIER COMPANY LTD, DR WILLIAMS BEN

Note. The FEDEX COURIER COMPANY LTD don't know the contents of the Box.I registered it as a Box of an cloths.They don't know it contents money.this is to avoid them delaying with the Box. don't let them know that is money that is in that Box.I am waiting for your urgent response.You can even call the Director of FEDEX COURIER COMPANY LTD with this line 009229-93-72-44-86
Thanks and Remain Blessed.

MR.PETER OBI.

--------------------------------------------------------------------------------------------

SCAM: AOL Billing Information

2008-12-31T08:23:00.000-08:00

And now enter the AOL Scam to obtain your AOL account information.

The Phisher (from Pakistan), uses a 'From:' address right, and sent it from 'updates@aoI.com' (duh!).

This one was interesting, they provided a real '888' phone number to call, when called it was the old dial-up access number line from AOL (it informs you of telephone charges when using dial up lines with your modem... )... (ah the golden days of dialing up with modems..memories....)

And then there is the [Click Here To Update Your Account], points to a news station web site in Pakistan, which the bogus AOL site no longer works.

Remember, IF IN DOUBT about your account expiring, log into it and look for any official messages from AOL, Yahoo, etc.

NEVER reply or click on shady links at the bottom of emails requesting you to change, or access your information.

--------------------------------------------------------------------------------------------

Welcome To AOL Support

It has come to our attention that your AOL Billing Information records are out of date. That requires you to update the Billing Information. Failure to update your records will result in account termination. Please update your records within 24 hours. Once you have updated your account records, your AOL session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems. You must click the link below and enter your login information on the following page to confirm your Billing Information records..

Thank You

[click here to update your account]

------------------------------------------------------------------------------------------------

SCAM: Yahoo Account Termination

2008-12-31T07:54:00.001-08:00

The wonders of how hackers try to confiscate your account info with the simple "update or it will be deleted" tactic.

This one went out a few days ago, stating if you did not update your Yahoo! account, it would be deleted.

If Yahoo was to purge any accounts, they certainly would not want your date of birth nor your zipcode, this is the first dead giveaway.

And NEVER click the 'reply' button as indicated here, this is just handing over your personal information without any questions or credibility to the hacker.

If you are in question about your account, always try to log in to Yahoo. If there is an issue you will generally see a message that pops up from Yahoo when loggin in.

==============================================================
Account Alert

Dear Valued Member,

Due to the congestion in all Yahoo users and removal of all unused Yahoo Accounts, Yahoo would be shutting down all unused Accounts,You will have to confirm your new password and E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

User Name:...........................

Password:............................

Date of Birth:..............................

Country Or Territory Zip:........................

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconvenience.

Warning!!! Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently

Warning!!!
==============================================================

Scam: Bank Account Demo

2008-12-10T08:10:00.000-08:00

This scam trying to get you to infect your own computer buy posing as a 'bank account demo' video, which you need to suddenly download additional ("correct flash movie player") software to view it.

Then your prompted to save a file "Adobe_player10.exe" which is the file to infect your PC.

Further research of the "Adobe_player10.exe" finds this is designed as a password/id stealer, and will log your keystrokes. Which are then sent back to its creator.

Just mark it as junk and delete it.

===========================================================================
To:
Subject: Colonial Bank Log in to Online Banking
From: Support Team

COLONIAL BANK CORPORATION NOTICE:

Colonial Bank presents new Online Banking Organizer 2009.
Colonial Bank Organizer 2009 is more efficient way of managing your bank
accounts.
You can discover it 24/7 365 days.

Proceed to view Colonial Bank Online Banking Organizer 2009 Demo:

We always protect the confidentiality and privacy of our clients and
participants.

With best regards, Trey Lacy.
Colonial Bank 2008. All Rights Reserved.
========================================================================

Virus: "Your order from Allegiant Air N9575536"

2008-12-09T07:21:00.000-08:00

Take to the skies with hackers trying to get you to launch bogus programs to print airline tickets.

Your tricked into thinking you have a balance on your credit card for plane tickets (which are bogus), and you are told to execute the .exe file("print-ticket.zip") that's included as an attachment.

AVG found the attachment with the 'WIN32/Cryptor' virus. This virus if launched, will continuiously download Spyware to your system, and as a result bringing your system to its knees to to the amount of Spyware installed.

Just mark it as junk and delete it.

[Example Email]==================================================

Dear client,
We appreciate deeply your decision to get our new service Purchase your airplane ticket On-line
You have just created your account:

login:
password: PASS5QM7

The balance of your credit card is $383.89.
We are glad to inform you that each time you are getting flight tickets with the help of our site you are given a reduction of 10%!
In the ZIP archive added to this letter you can find purchase Invoice and your airplane ticket. So just colour print the ticket and start your wonderful journey!

Good luck,
Allegiant Air

========================================================

SCAM: Google Contract

2008-12-02T07:03:00.000-08:00

Again, Hackers attempting to have you unwillingly install trojans on yout system to allow them to gain access to it.

This one comes as a bogus business proposition from Google, and wishes you to view the attached file (which contains a Trojan to infect your PC).

===========================================

Good morning

We’ve drew up the contract taking into account those paragraphs you’d wanted.

Our legal experts made some recasts on the last page of the contract. Please, get to know with it, and if everything is ok we are prepared to pay for the first lot on Friday The prepared contract is in the added file

We also can send the contract by fax

Waiting for your reply
Kelsey Pickett
Manager Google
============================================

Just mark it as junk and delete it.

Phisher: Account Accessed

2008-12-02T06:43:00.001-08:00

Phishers will also try to set panic into you by stating they are a financial institution and that your account has been access by an unauthorized computer/person, and they need to suspend it if you ignore the request.

If you get any types of emails like this, always call your financial institution and verify that things are okay. Otherwise you jeopardize your personal security.

Below is a sample email from a Phisher trying to pose as Chase Bank

Example Email
==========================================================

Dear JPMorgan Chase & Co. Bank Member,

Chase Bank is devoted to keeping a safe environment for its community of consumers and producers. To guarantee the safety of your account, Chase Bank deploys some of the most
advanced security measures in the world and our anti-fraud units regularly screen the Chase Bank database for suspicious activity.

We recently have discovered that multiple computers have attempted to log into your JPMorgan Chase Online Banking account, and multiple password failures were presented before the logons. We now require you to re-validate your account information to us.

If this is not completed by January 31, 2008, we will be forced to suspend your account
indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require
some specific information from you.

What you need to do:
- [Click Here] to log in with your User ID and Password.
- Enter the requested information and your online services will be reactivated.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account. Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.

We apologize for any inconvenience.

Thank you for using JPMorgan Chase & Co. Bank

=============================================================================

And as you guessed it, the Phisher waits for you to input your id/password, and then its all over. They now have access to your bank account, and then either "push" you to the real website or leave you with a blank screen.

Just mark this junk, and keep moving forward.

Scam: $$ Payment via Wired Money

2008-11-21T08:25:00.000-08:00


Scam trying to lure your info and have you pay for the wired money.

Just mark it "junk"

Example Email
------------------------------------------------------------------

My Dear

Now we have arranged your payment of ($1,500.000.00) One Million Five hundred thousand united state dollars in atm card to be sent to you through western union money transfer payment:

Your payment will sending to you by western union, the amount you will receive  per day is $7,000 the minister trust funds of Accra-Ghana will send you the currently standards track details you need to pick up your ($7,000) payment by western union, you will receive every days till you receive the $1,500.000.00 united state dollars, now no need to send you this atm card because you can not be able to withdraw the atm card due to the atm master card contain large money on it.

The director administrtor trust funds have already signed your payment, now you are free to comply with payment office on this email: (email address removed)

However, kindly contact the below person who is in position to release your payment by western union per $7,000 a day.

Mr James Mark,
E-mail: (email address removed)

The financial western union payment canter has been mandated to issue out your  payment and you have to stop any further communication with any other person(s) or office(s) to avoid any hitches in receiving your payment.

Note that the administrator payment need this details from you to process your payment:

Receiver name---------------
Country---------------------
City------------------------
Tel-------------------------
Test question---------------
Answer----------------------

Kindly comply with him because as soon as you sent this required details to Mr James Mark he will start sending your payment.

Regards,
Michael Robert.

------------------------------------------------------------------

Scam: Crazy Fox

2008-11-19T12:07:00.001-08:00

I found this review regarding the Crazy Fox commericals that have been airing recently (besides the obvious scam).

==================================================================
Crazyfox website and TV ad do not give any information on what the whole program is about.

Crazy Fox is associated with Herbalife (which has been around for YEARS and recently was fined $150 000 by Canadian authorities for Illegal Pyramid-like scheme).

Once you pay the $9.99 fee to Crazyfox - they send you the starter package, which isn't actually a package of any kind. It's a booklet telling you how great it would be to become financially free, to never have a boss again and so on...

Then the real fun begins. You start getting calls from Herbalife representatives who are trying to sell all these amazing deals at $200, $500, $1000 and more. They tell you that you have made an amazing choice and you are on your way to wealth...

Since crazyfox sells your personal information to third parties, you will also start getting calls from insurance brokers, credit card companies, telephone companies and many others. They will all tell you: "We have been notified that you are starting a home business, you might be interested in our new Business Telephone Line, Business Credit Card... etc - and it never ends, needless to say that you will not make single dime with these guys.

Crazyfox Review sites pop up now and than, but crazy fox scam team tries to shut them down or at least make them look "fake". However, they never tell you about the fine print at the bottom of the screen which pops up for couple of second during the infomercial:

"There are no guarantees of specific income nor are there any representations of actual income. Amounts stated are for illustrative purposes only and are not typical. Persons depicted are paid actors."

Unfortunately most of the people do not read the tiny letters on the TV screen and fall for a good looking TV ad actor who claims to make $5 000 a day without putting in any effort.

-Ezine @rticles

==================================================================

Scam: Work At Home

2008-11-19T11:18:00.000-08:00

They offer money without leaving your home, some state they can turn your PC into a money making machine, or crack the Internet code to make millions. They have owners or clients that testify of having sports cars, large houses, and even playgrounds for their own kids.

But wait! To take advantage of this wonderful money making plan, you must first pay them the $49.95 (or more) to start making money. Thats how they make their money, and in return you get a booklet stating how wonderful it would be make money on the Internet.

Recent scams like this are:

"Google Bailout" (they have no affiliation with Google, they use it because its a known name!)

"Legitimate Work at Home" by David Kennedy

"CrazyFox" (I'll post what I found about this one next)

Also another golden rule on junk mail in general, NEVER respond to them or click the unsubscribe" link provided in the email. This will "verify" that the email address is a valid address, and you will just receive more and more junk.

Scam: Dying and I have Lots of Money Stashed!

2008-11-19T10:54:00.000-08:00

Now here is a email stating that the person is dying and they wish to give their large sum of money to you. All you need to do is just contact them through their email account.

Below is an example I received:

---------------------------------------------------------

From:Mrs.Elinor.J.George
Greetings Dearest One,
With Due Respect And Humanity, I was compelled to write to you under a humanitarian ground. My is name Mrs. Elinor Jacob. I was born in Baltimore,Maryland, I am married to Mr. George Jacob director J.C Industries Cote d'Ivoire.We were married for 36 years without a child. He died after a Cardiac Arteries Operation.

And Recently, My Doctor told me that I would not last for the next six months due to my cancer problem (cancer of the liver and stroke).Before my hutsband died last year there is this sum $4.8 Million Dollars hat he deposited with a Private Finance Company here In Ivory coast.Presently this money is still in the Vault of the Company.

Having known my condition I decided to donate this fund to any good God fearing brother or sister that will utilize this fund the way I am going to instruct herein.I want somebody that will use this fund according to the desire of my late husband to help Lessprivilaged people, orphanages,widows and propagating the word of God.

I took this decision because I don't have any child that will inherit this fund, And I don't want in away where this money will be used in an un Godly way.This is why I am taking this decision to hand you over this Fund. I am not afraid of death hence I know where I am going.I want you to always remember me in your daily prayers because of my up coming Cancer Surgery.
Thank's and God bless you as you comply with me and please don't hesitate to get back to me through this Email id@(gelinor52@yahoo.com) because i don't really know how tommorrow might be because of my health but all my believe is that death is for everyone besides i'm not praying for death but due to my present condition i can't predict if i will survive or not all i know is that God know's what tommorrow will tell.
Best regards,
Mrs.Elinor George

--------------------------------------------------------------

Yes right off the top you see several spelling mistakes.

And reviewing the email headers (CTR+U in Thunderbird) you see the the email is now coming from 'elinor_george001@centrum.sk' instead of the '@yahoo' address. Further you see its being sent from a server called 'mail09-sk.centrum.cz' the '.cz' implies it is located in Czech Republic.

These scams are designed to get money out of you (aka money to wire the 8million dollars into your bank account, etc). They play on the mind, making you feel bad for the dying woman. Or they play on the greed part of others.

As a result, just mark it junk and move on.

Hoax: Don't Open Your Email Your PC will ...

2008-11-17T10:57:00.000-08:00

Another popular hoax is the "Don't open any emails with subject...", or "Don't Open your email at all on this date (days, weeks, etc)" or your computer will blow up, format the hard drive, etc.

Some of the subjects used are:

Fully Paid Trip to Disney for the year
Osama Bin Laden Captured or Hanged
...and the list goes on again.

For starters, the only way an email can infect your computer is if you click on an attachment to launch it or follow the link provided in the email and download and run the software from the site it took you to.

The "Osama" one was real, and it took the user to an undisclosed website (outside the email), and wanted the user to download executable files that were passed off to be pictures or some movie. The virus infected your PC and it was removable by Anti Virus software such as AVG Free Edition.

Opening an email to read will not infect your computer, in fact that email will remain out on the email server until you log into the server somehow (Thunderbird, Hotmail, ect) and delete it. Otherwise it will stay out there for as long as you have that email address.

What puts more fuel to the fire is when it is massed emailed to everyone (without Bcc'ing the list of people), and then you have to scroll down pages at a time to get to the bottom of the email.

Whats worse, is when nobody stops to review the origins or the concrete evidence behind the scare (research the virus/hoax), before mass mailing out to everyone in their address book

Follow these simple rules to avoid the embaresement and the hysteria that you may be contributing by just forwarding the email:

#1 Be proactive, stop, and research that email first before sending it out to everyone in your address book. If its false, then just simply market junk and delete it.

Do Not forward these emails "As is". Instead type up an email and the Bcc: option and warn people this is a hoax and to junk it. Do not set panic into people that their PC will explode, melt, or catch fire, or dogs and cats will start living together.

Be PRO-ACTIVE... mean time this is how you should use the Bcc: function of email to prevent the massive listings of email:

Example:

--------------------------------------------------------------------------

To: me@myself.com
Bcc: uncle@bob.com, joe@schmoe.com,meat@loaf.com
Title: Re: Mickey Mouse gives away free software Virus!

The virus is a hoax... just mark it as junk and delete it, do not follow
any links contained in the email.

--------------------------------------------------------------------------

That's all for now...

Trojan:"Click to Watch Video" email.

2008-11-17T08:41:00.001-08:00

A recent wave of these "click here to watch video" emails have been surfacing.

They so far have claimed the following subjects:

Fellow Classmates have been looking for you
Amazing Presidential Speech
Favoirte female (actress, model, etc) naked
..the list goes on and on, just to spark your interest.

We'll take an example of one:

[Email Example]-----------------------------------------------------------

Barack Obama Elected 44th President of United States

Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech at November 5!

Proceed to the election results news page >>

2008 American Government Official Website

This site delivers information about current U.S. Foreign policy and about American life and culture.

------------------------------------------------------------------------------------

The hacker lures you to a bogus site with a .jpg (picture) that looks like a videoplayer. When you
try to play, your instructed to download the correct flash movie converter. Then your prompted
to save and run a file 'adobe_flash9.exe' which will infect your system.

Simply mark this junk and move on.

Hoax: Free (insert your favoirte object of desire)

2008-11-17T08:34:00.000-08:00

These emails have been around for years, and yet still people continue to forward them to everyone in their address book.

These emails promise "Free GAP clothing", "Bill Gates Giving Away Free Copies of Windows", "Free Baby Gap Clothing", etc.

Here is the rain on your parade, it will never happen. Its a ploy set up to see how many emails the originating sender can get. It either falls into the wrong hands of a spammer, or the original sender eventually gets the email addreesses and sells them to spammers (yes there are cd's sold with email addresses...

Here is an example of a company who provides services to Spammers with all the email addresses they have collected on a nice CD set:

http://www.bio.net/bionet/mm/ag-forst/2002-September/017340.html

So if you get these "Free blah, blah blah", just delete them, they are an email hoax.

Phishing: Survey Emails Offering Gift Cards

2008-11-17T08:15:00.000-08:00

Here is one of many examples how a Phisher gets a hold of your information, by posing as a store survey for a $100 gift certificate (which you never receive).

[Sample eMail]---------------------------------------------------------------------

You have been chosen to access the Walmart 2 steps survey,and win a 150.00$
gift certificate.Please* click here * and complete the form to receive your reward.

Thank you

This is an automated message, you do not have to reply.

Message id: NWD98102

----------------------------------------------------------------------------------------

2 steps here.... First step, make you think your filing a survey for a free money, and 2nd step give up your Credit card information willingly.

Upon clicking the "Click Here", your taken to a site thats hosted in Taiwan (http://mail.leader.edu.tw) which turns out to be a mail server (quick access for the Phisher).

So I filled out the survey today as "Herman Munster" with some bogus info, upon clicking [Proceed] to file my survey, I was then greeted for my Credit Card Info (number, Exp. Date, Verificattion code, and even my PIN for the credit card). The reason for this is that the Phiser is pretending that Walmart will put the gift on my credit card. Just filled in the 17 digit card number with 1's, and 1's for everything else.

I clicked on the button to file my credit card info, and then was greeted with a "Thank you have a .nice day". Then I was pushed over to the real Walmart site to make it look official transaction.

The only "official" surveys I've seen are on the paper receipts you receive from the store or confirmation email from online purchases.

So with these types of emails, just delete them.

While we are on the subject of "Surveys", the advertising banners that you see while cruising the net (take a survey and win a free iPod, X-box, Dinner at Red Lobster, etc). They are just ploys into getting you to sign up for very high percentage Credit Cards and or subscription services (magazine subscription, etc). They will never deliver the goods they promised.

The first thing they want off the bat is your email address, this way they can hammer you with more spam. Then after giving them an address, you are then required to fullfill anywhere from two to three obligations (here is when you need to sign up for credit cards, or magazine subscriptions, etc), then a "thank you" and your left with nothing in your hand, and a over priced magazine subscription or high APR Credit Card (some that you now have to pay the signup fee of $49.95 for processing!!).

These are individuals or comapanies who get paid on a commision on each signup they processes.

Just mark these as junk and move on to the next email.

Trojan: 123greetings.com eCard Emails

2008-11-17T07:54:00.000-08:00

With the Holidays just around the corner hackers will be at it again trying to get you to install their viruses/Trojans.

A recent 'popular' one is the ecard awaiting you for you to dowload at '123greetings.com'

Sample eMail:
==========================================================

Good day.
You have received an eCard

To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):

link to download the 'e-card.exe'

Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!

We hope you enjoy you eCard.

Thank You!

http://www.123greetings.com
==========================================================

Although the 'www.123greetings.com' is a legit site, the Hacker has masqueraded the link to download your "free" ecard from a loved one, to their site to download their infected '.exe' file.

Some may even stated you need to install a program to view the eCard (a file to infect your computer).

When you get these types of emails, just mark them as "junk".

Time for the Return....

2008-11-14T11:27:00.000-08:00

A year since the last post, its now time to start getting down to business and busting some email scams. It's disgusting to see how many scams that come through email anymore.

So lets get down to the root of it and discuss eMail scams, we'll start with the Phisher.

Phishing: An email that is designed to lure you to a site and willingly give up your personal information. These emails arrive everything from a Bank warning to Credit Card company issues.

PHISHING

"Phishers" (people who take the time to set up their site to look like a official site, to get your info), will do everything possible to get your info.

Here is an example of an email sent to me from a Phisher trying to pass as "PayPal". Thunderbird immediately caught this and tagged it as a scam:

#1. If you suspect anything, always contact your bank, credit card co, etc. They will be able to assist you over the phone. Use Thunderbird, it has caught so many scams that have come my way.

#2. If you clicked on the link to "update your account" in the email, pay attention to the address bar where the site is. The obvious sign is a financial institution will have a very short web address (easy for their customers to remember, like www.bank.com) a Phisher will never be able to get that short of an address. But they will try to have the official name in the URL to make it look legit. Something like (www.phiser.edu\~blah\bank.com).

This is a very important item to check, because some Phishers will try to steal your web site id and password, and make you log in before anything. Some will word their site to ask you for your credit card right up front to log further into the site.

#3. If you logged in, and now your being prompted for information, do not go any further, stop and notify your financial institution that you have been Phished. Some Phishers will go to the legnths in asking you for ALL your personal information including Drivers License, MAC PIN, etc. They want as much info from you as they can get to steal your identity!

#4. You can make anything look like something else in HTML format in email. You can easily find out where it is taking you by hovering over the link, and looking at the bottom of the email client. You will find it is a completely different address (DING!Phishing site). Also you can make any email appear from someone else.

Phishers can not be "prosecuted" per say, this is where the law gets tricky. Yes they are out to steal your info, but they make you willingly give it up. They do not come into your computer and steal your info.

Again if you suspect any funny business with an email requesting you to update your information due to an issue with your account ALWAYS contact the company to verify they sent the email before proceeding. Otherwise, you will be jeopardizing your personal info.

Next up, the emails that state "you have a ecard from a loved one!" followed by the emails that have a link to a video... that you need to download another program to view it.

... stay tuned!

AdBlocking w/FireFox

2006-05-12T07:54:00.000-07:00

Firefox offers a nice Ad Blocking extention called 'AdBlock Plus' it will allow the user to right click on most advertisments and block them instantly and from showing up the next vist to the page.

Although some of the web sites are getting sneaky and putting the urls within a java code to make the blocking of the advertisements not so easy. But again this can be overcome by reviewing the code, and getting the url which is still within the java code.

After you get the url, simply manually add it into the AdBlock Plus filter list. Here is a few examples (common ones) that can be added:

http://dynamic.fmpub.net/adserver/*
http://as.casalemedia.com/*
http://pagead2.googlesyndication.com/pagead/*

With the '*' added to them this tells AdBlock not to display ANY thing from the url.

Nice Eh?

Firefox Users click here to install: AdBlock Plus Extention

If you are a non firefox user... make the switch today!

Get Firefox Now

NewDotNet Is A Threat!

2005-12-09T01:16:00.000-08:00

Got NewDotNet?

Removed this pest enough times to add it into the Blog today. This is a common Spyware / HiJacker. It begins by offering it as a free application to allow you to access other domains then '.com' (.tv, .edu, etc).

If you remove the Spyware from this application, it will detect it and kill your network access to your PC. This is due to it inserts itself between your PC and the network. The connection will be named as a modem brand to attempt to make it look legit.

It also is secretly installed via Internet Explorer, you don't know you have it until its too late and you can't get onto any Networks. Other times, it is offered to you via an ActiveX Pop-up Security Box.

Check to See If You Have It
===========================
Simply go into the 'Add/Remove' Windows application, and look for the logo above and or the name 'NewDotNet'.

If found, highlight and remove it!

You will need to reboot your machine, and possibility repair your network connection.

Just the FAQs Mam
=================
You do not need their software to access newer domains, that is controlled by your ISP's (Internet Service Provider) DNS (Domain Name Server). As the new domains are added they are added automatically into your ISP's DNS.

Companies like NewDotNet take computer u

Wireless Security

2005-11-12T00:28:00.000-08:00

Recently I have been intrigued with Wireless technology and also the pros and cons of it. I found the OTB (Out of The Box) security is far beyond safe. Sure you have no problem sharing your network, but once the 'bad apple' gets in, they can lay havoc within your Wireless network.

Below are a few terms you should be familar with and learn more about.

Wi-Fi - Short for wireless fidelity and is meant to be used generically when referring of any type of 802.11 network.

Warchalking - the drawing of symbols in publick places to advertise an open Wi-Fi wireless network. Inspired by hobo symbols and publicised by Matt Jones who designed the set of icons.

Standard warchalking chart:

WiFi Driveby (aka Wardriving) - Searching for Wi-Fi Wireless networks by automobile with a WiFi detecting device (PDA, Laptop, etc) on board. This is just like the movie "Wargames" which the kid used a modem to dial a phone numbers to find data lines.

"The Low Rider drives a little slower.."

I decided to take my newly aquired knowledge of WiFi, and first take a WiFi Driveby to see how many networks were broadcasting their SSIDs. In a half mile radius, I detected six networks.

I then chose one of the six, and attempted to connect. In about two minutes I was assigned and IP and on their network. I then proceeded to test their security, they had none, I was in their router in a minute flat.

Ways To Protect Yourself!

About's: Top 8 Tips for Wireless Home Network Security

How to Steal Wi-Fi & How to Keep the Neighbors From Stealing Yours

C= ommodore

2005-11-11T22:44:00.000-08:00

"Everyone is breaking down my door to play my Commodore 64!"

Yes the good old days of Commodore are back via Emulators for your system.

Amiga -> http://www.winuae.net

Emulate any amiga with any hardware configuration. You will though need to obtain the KickStart ROM images to get the emulator up and running. Along with that note you will also need to find a disk image of your favoirte game or application since you can not use Amiga 3.5" in an IBM 3.5".

Commodore Systems -> http://www.viceteam.org

It has the rest of the C= Systems Emulated (128, 64, VIC-20 and PET) everything is included except for your favorite game or application image.

Garfield the Admin to the Rescue!

2005-11-11T00:19:00.000-08:00

Garfield has the right idea how to handle Users.

Protect yourself with FireFox

2005-11-10T22:11:00.000-08:00

Get It -> www.mozilla.com/firefox

Support for it here -> Mozillazine