Fake Alert Uses McAfee-like Domain Name to Attract Victims

Cybercriminals love to use social engineering techniques to trick users into installing their malware. One of the latest fake-alert variants attempts to trick users into believing the software is related to or hosted by McAfee:mcafeevirusremover.com. The script hosted by the domain can attack the Windows browsers Internet Explorer, Mozilla Seamonkey, and Chrome. The script also affects browsers on Linux platforms. This fake-alert variant is hosted on at least 13 other known domains. McAfee’s Trusted Source blocks the IP addresses and the domains (including DNS and mail servers) associated with this Trojan. For example: ...

January 6, 2010 · 1 min · 141 words · Omid Farhang

Seen in the wild: Specialty phishing

From a site that is hacked and serving phishes: What’s mildly interesting is the types of phishes — “speciality phishes” that are not your typical banking/finance scam. These are phishes that are highly targeted, in this case at email systems of tiny Hamiltom College (not the first time I’ve seen this), the religious site cfaith.com, Saginaw Valley State University, and Villanova. ...

January 6, 2010 · 1 min · 65 words · Omid Farhang

GreatDefender

GreatDefender is a great big scam. GreatDefender is the latest rogue antispyware software, or phony security program that rips people off. If GreatDefender has infected your computer, do not buy the software, you should remove it immediately. GreatDefender uses scare tactics to frighten people into buying this corrupt software. These scare tactics include: System scans that report numerous infections, yet requires purchase of GreatDefender before it will remove the infections (These are fictitious scan results) Alerts and Pop-Up system warnings stating the PC is infected and recommend purchase of GreatDefender (These warnings are fake) Web browser redirecting to random websites (these websites are owned by cyber thieves and will further infect your PC) GreatDefender will prevent other programs from opening, stating they are infected (The programs are not infected) If your windows is infected with this malware you should remove it as soon as possible, Click Here to learn how to remove it. ...

January 6, 2010 · 1 min · 153 words · Omid Farhang

Are you caring for your Mom and Dad at Xmas?

For those of you that are having to put up with looking after your parents over Christmas: Would you much rather selfishly indulge yourselves with partying? A kindly spammer has a very seasonal Christmas Eve message offering to make this the last year that you will have to “put up” with the burdens of family elders. But be careful that your own children don’t read this. Free Help Finding Senior Care for Mom or Dad ...

December 24, 2009 · 1 min · 213 words · Omid Farhang

APCProtect

APCProtect is a phony security program, designed to rip people off. APCProtect uses scare tactics including false security warnings and system scan results that are false to frighten people into purchasing it. If APCProtect is installed on your computer, you should remove it immediately. if your computer is infected with this malware, you must remove it soon, Click Here to learn how to remove it. ...

December 24, 2009 · 1 min · 65 words · Omid Farhang

All about Brittany on Twitter

It’s the usual situation, with the bad guys exploiting the death of a famous person, just like they did with Michael Jackson. Yesterday we identified some Twitter accounts that are being used both to send “make money on the Internet” spam, and also to spread links to malware. In both cases, they used Brittany Murphy’s name. Here’s a couple of examples: The actual text of messages of this type can vary. What characterizes them is that the first link is genuine, i.e. it leads to a site which really does talk about the topic tweeted. The second link though, leads to standard spam advertising sites which tell you how to earn money on the Internet, offer various goods, etc. The second type of tweet we’re seeing is undeniably malicious. These tweets, like the first type, use Brittany Murphy’s name, but have a shortened bit.ly URL leading to malware: ...

December 23, 2009 · 2 min · 402 words · Omid Farhang

NRA: Beware the '12 scams of Christmas'

This is the ‘12 scams of Christmas’ I mentioned in last post: Pipers tout fake gold rings as Maids are ‘a-phishing’ to milk bank accounts On what is traditionally the busiest online shopping day of the year (1), consumers are being warned not to become victims of the ‘12 Scams of Christmas’ and to take extra care with personal and IT security. The ‘12 Scams of Christmas’ developed by the National Fraud Authority (NFA), The UK Cards Association and the City of London Police (CoLP) highlight the greatest holiday fraud threats and how to spot them. ...

December 22, 2009 · 4 min · 791 words · Omid Farhang

Crime time

Crime traditionally increases during the holiday season, and cybercrime is no different. The malware writers, spammers and scammers are out in force. They’ve recently hit “Odnoklassniki” with this message: “Hi! I’ve got a New year surprise for you [emoticon] send 2133 279 (must be with a space) to 4460 and you’ll be pleasantly surprised! If you don’t take a look, I’ll be very grouchy with you [emoticon]” ...

December 22, 2009 · 1 min · 169 words · Omid Farhang

Facebook: money mule or credit card

I was just looking at Facebook to check for spam and scams when I found this: I’ve blurred out a few things for privacy, and, most crucially, safety. The point of this post is the domain name. The spaces around the dot and the zero in “C0M” are just as they were in the original spam message. If spammers are going to the trouble to obfuscate their messages, it seems to show that Facebook’s spam filters are having some effect. Malformed links mean that you have to make an serious effort to actually go and visit the spammer site. And consequently, if someone’s going to go through all that trouble, they’re more likely to buy into whatever scam is at the other end. Click on the link, and you immediately get redirected, even though you won’t notice: ...

December 22, 2009 · 3 min · 598 words · Omid Farhang

Check Your Friends! Facebook IMs May Lead To Trouble

I ran into a few strange IMs over the weekend. When I was not shoveling out my driveway from the 15 inches of snow that covered it I was logged into Facebook telling people about it…. It was then that I started receiving some VERY interesting IMs from a friend extolling the virtues of a clean colon (yep – you read that right): ...

December 21, 2009 · 2 min · 257 words · Omid Farhang