Scam

I won’t abuse it, I promise…. cross my heart… spit into the wind… etc. Hi folks, Yesterday, I received this SPIM (Instant message spam) … usnews3.com sounds kind of official, doesn’t it? and the page looks impressive… There are lots of links on the page, but unfortunately, a mouse-over of each link reveals that they all go to the same place… That’s not a good sign for a legitimate webpage. Moreover, a whois shows that it was registered just on 7th December 2009, and that the ownership is hidden behind a privacy protector service. ...

Today there’s a phishing run underway in Twitter, using Direct Messages (“DMs”). These are private one-to-one Tweets inside Twitter. The messages look like these: If you follow the link, you end up to a fake Twitter page: If you mistakenly give out your credentials, the attackers will start sending similar Direct Messages to your contacts, posing as you. The ultimate goal of the attackers is to gain access to a large amount of valid Twitter accounts, then use these account to post Tweets with URLs pointing to malicious websites which will take over users computers when clicked. ...

With Windows 7 becoming increasingly popular, more and more software companies have begun to upgrade their interface for the latest Microsoft operating system. Manufacturers seem to understand the need for a beautiful user interface for their products. However, not all software behaves as good as it looks. Today, I saw a Fake Antivirus program with a newer, more jazzed up interface, which we detect as Troj/FakeAle-RK. This malware specifically targets users of Windows 7 and appears in the form of a pop-up dialogue box, which attempts to tell you that your Windows 7 PC has many serious threats. When a user clicks “Remove all Threats immediately”, another pop-up will be generated asking them to download a file called win_protection_update.exe. ...

Benjamin Franklin once wrote, “‘In this world nothing can be said to be certain, except death and taxes.” These days we can add to the certainty of those two inevitable events with the addition of the annual scams that accompany tax time. For those of you who haven’t heard of this type of scam, it’s basically another way to separate a man from his money, or if you want to look at the bigger picture, a way to defraud the federal government. Either way, your wallet suffers. The financial website money-zine has a good article on the latest tax scams you may encounter on the Web. ...

We regularly learn of cases where criminals have gained access to credit card numbers via keyloggers, skimmers or online hacks. Once they have the credit card numbers, they basically have three ways to turn them into cash: Sell them Make fraudulent purchases on them Create real-world cards out of them To create real-world cards, you need blank cards to start with. These are known in the underground as “blank plastic“. ...

Today has been quite a busy day for scammers. We have been tracking a global scam/spam run that targets Facebook users. The lure used in the run is a familiar one: Facebook Password Reset Confirmation! Customer Support. The email looks like the following [Just it won’t notify you it’s Spam, it’s my own Software 😉 ]: The activity on this particular scam run has been global from the beginning. The malware in the attachment is pretty much what one would expect: downloaders, password-stealing Trojan, fake-AV, or bot stuff, depending on which one you got. Check out the Artemis map of this malware: ...

Most of us are familiar with how high profile news events are used for malware distribution. We’ve seen it many times such as with Tiger Woods’ scandal and the earthquake in Haiti. Now the recent earthquake in Chile is used to prey upon unsuspecting folks interested in what’s going on with the post-quake and tsunami. This shows we should really be careful in our choices of where we go to get information. Try any related search term or phrase related to “Chile Earthquake”, “Tsunami”, etc. I’ve done so and will walk us through a few examples of risky to malicious content that my search turned up. This type of malware distribution tends to target the broadest audience possible, so I entered the search term “Chile” and then let Google auto-complete my search to “Chile quake 2010 tsunami” to load what is a popular search phrase. Almost immediately, among some recognizable news site results are random blog posts touting words like “download” or “.exe”. We should be suspicious of these. ...

About a year or so ago one of the “McMarketeers” decided it would be fun to run a campaign against “fram”–spam that friends send you. As you might guess, we in the Labs have no friends, so it was no problem for us to ridicule the idea. However, around the coffee machine the other day I got involved in a quick discussion about spam on Facebook. A long-term social networker genuinely thought that Facebook spam did not exist and that all the noise was from Facebookers playing games or using annoying apps. So I offered to write up an example. ...

Be on the lookout for websites offering up “free applications” which come with a nasty sting in the tail. Here’s a typical example: Appzkeygen(dot)com If you like videogame consoles, you may be a fan of emulators (programs that ape long dead consoles, allowing you to play old games on your PC – we’ll avoid the murky legal minefield that comes with this practice and instead focus on the malware). Below is a Playstation 2 emulator – no really, it is. Would they lie to you? ...

Hollywood celebrity Corey Haim has died in typical tabloid fashion: “under investigation.” And we all know that celebrity death equals Internet scams by the boatload. There are a number of spam runs currently circulating on video sharing sites such as Youtube, ready to catch out the curious and the unwary. Shall we take a look? “Suicide or killed! Watch Corey Haim first found dead” Classy. Visiting mycelebzone(dot)com will pop open a Hotbar prompt, which you need to install to “see the content”: ...