Phishing

New rogue borrows massively from AV company sites Our friend M.N. Bharath drew our attention to this web site associated with the new System Adware Scanner 2010 rogue security product. Although the group claims 10 million users world-wide, oddly enough their site was only registered Nov. 25. It seems they also have recruited the entire management team from AVG anti-virus company as well. Right! Compare the names on the Smart Systems Technologies rogue page. http://sysadscanner.com/about.php ...

Don’t go there. There are a lot of rogue downloaders hiding in those links. Yahoo CEO Carol Bartz, speaking at the UBS Media and Communications Conference in New York, said the Tiger Woods sex scandal was a better traffic generator than the death of Michael Jackson, according to the ZDNet blog.

Following on from the latest Captcha techniques used by the W32/Koobface worm, it seems that the malware authors have turned to Santa for help to deliver it’s nasty surprise which awaits Facebook users. The infection drops other trojans such as FakeAlert and leaves the user renderless. It all begins with a post on a user’s Facebook Wall. If the user clicks on the link, they are presented with a fake video player with a Christmas greeting as shown below ...

Despite talk of Tiger Woods’ sponsors “limiting his role” in their advertising campaigns, he is still very much hot stuff when it comes to search engine queries which means he’s still a viable target for the malware writers. We can see that Tiger Woods related searches are still being poisoned with malicious results using Search Engine Optimisation techiques: This leads to the familiar: Which when downloaded installs fake AV branded as “Security Tool”. ...

Internet Security 2010, It’s a rebranded clone of Advanced Virus Remover, a rogue security product. It’s one of your run-of-the mill rogues, using run-of-the mill scare tactics, except its payment screen contains a static graphic that imitates the McAfee Secure certification. A real “McAfee Secure” certification is a DAILY certification, it contains the date and its logo should look like this: When you click on it, it should take you to the McAfee Secure rating verification page: https://www.mcafeesecure.com/RatingVerify that gives the name of the certified web site and the “Status”. ...

Lately, a Google work at home scam has been plastering its way throughout the Internet. The scam site is designed to look like a convincing news paper article and is currently circulating heavily through social networks (hacked and spam accounts) and ad networks. Example of the scam wall post on Facebook from a hacked account: The scam site: To “cash in on the opportunity” all you have to do is fork up a measly $1.95 for the “Easy Google Profit” kit. Unfortunately, if you fall for the scam, you’re going to be taken for more than what you bargained for. Ripoff Report shows one victims struggle with these scam artists. Aparently they automatically started charging the victim $39.98 per month on top of an additional $129.95 fee. On top of that, they enrolled him in a 14 day trial for another site, which charges $29.95 a month if not canceled in time. ...

Basically, the rogue antispy was directing the victim to a genuine Microsoft address, but was modifying the html on the fly as it came back from the real Microsoft page. It made it read that Microsoft was recommending that the victim should buy the rogue. That’s a pretty good trick that will catch a lot of folks, and it reminded us of another one that we frequently see. It works like this… The victim attempts to reach Microsoft, or receives a link like http://go.microsoft.com/?linkid=9480113 and if you go there on a normal computer, you see a page like this (click to enlarge)… ...

We recently alerted our readers to spam campaigns using the H1N1 vaccination program to prompt recipients to open the mail. And we have frequently mentioned that crooks love to take advantage of news, disasters, and other events. Now that the final draw for the FIFA World Cup in South Africa next year has taken place, it is time to remind you that sports events are no exception to the rule. I’ve already found some examples. The first is a fake lottery. In this case, the source claims the recipient has won a large sum of money from the South African Football Association. After contacting the lottery manager, the victim of the scam will be asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. Don’t expect to ever see a payment. ...

There are good reasons to be suspicious of e-mail. Some e-mail messages might be phishing scams, some might carry viruses. Images in spam e-mail might turn out to be pornographic, or to include Web beacons, which can be adapted to secretly send a message back to the sender. Follow these guidelines to help protect yourself when suspicious mail shows up in your Inbox. If you receive a phishing e-mail message, do not respond to it. Don’t open junk mail at all If an e-mail looks suspicious, don’t risk your personal information by responding to it. Delete junk e-mail messages without opening them. Sometimes even opening spam can alert spammers or put an unprotected computer at risk. Don’t reply to e-mail unless you’re certain that the message comes from a legitimate source. This includes not responding to messages that offer an option to “Remove me from your list.” Do not “unsubscribe” unless the mail is from a known or trusted sender. Use the junk mail tools in your e-mail program. For example, Windows Live Hotmail gives you the option to unsubscribe from mail that you previously had trusted or requested. This sends a notice back to the sender to have you removed from their list, while at the same time automatically adding the sender to your block list. Approach links in e-mail messages with caution Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL. ...

A few clues can help you spot fraudulent e-mail messages or links within them. What does a phishing e-mail look like? Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data. Phishing e-mail messages take a number of forms: They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site. They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don’t respond. They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages. They might include links to spoofed Web sites where you are asked to enter personal information. Here is an example of what a phishing scam in an e-mail message might look like. ...