False Adwords Emails

Some people have been receiving emails that appear to come from Google AdWords. The email has a long story about your account being suspended and gives you a link to reactivate it.

At first glance the link  to Google Adwords seems genuine but instead it takes you to a fake web site that looks exactly like Google Adwords. It lets you type in your username and password, sends it to the person who setup this fake site, then takes you to the login page of the real Google Adwords site.

This is a common phishing email targeting Google Adwords customers.

Usually to identify real links from fake malicious links put the mouse pointer over the link and wait a second. Most email clients will show you the true destination either in a yellow tool-tip or at the bottom of the window.

I checked my spam folder and found one of these emails, let’s have a close look at it:

adwords phishing

The sender looks legitimate. Look at the part in the angled brackets, adwords-noreply@google.com. Technically the sender’s name & email is trivial to forge. This email didn’t really originate from Google.

Now at the end of the email is a link to http://adwords.google.com/select/login. At first glance this look innocent. What everyone should get into the habit of doing is putting the mouse pointer over the link (without clicking) and looking at the bottom of the screen to see where it really points to.

Let’s have a look at where this link would really take you:

adwords_2

It’s says: http://adwrods.google.select.ncjd43.cn (NOTE: don’t try visiting this site).

This is not Google’s site. It’s hosted on ncjd32.cn (always look at the last 2 parts of the URL, as explained in our earlier article). CN stands for China, so this fake site was registered in China - something that should make you suspicious of this link. Also note they spelt adwords wrong (adwrods). The word Google in this link doesn’t have anything to do with the real Google, it’s only here to trick casual readers.

So there you have it, an example on how to spot a phishing email.

A good virus & spam filtering system will filter out most of these phishing emails.

Note: Google Adwords is an advertising service run by Google. Go to Google’s site and type in adwords to find the real site.

Malware Targeted Against Pro-Tibet Groups

Chess piecesA new malware infected email is being sent to people on Pro-Tibet mailing lists. This is an example of a targeted attack whereby a particular group of people are the intended recipients of the malware, and in this case politically motivated.

F-Secure have investigated the malware and have concluded that it originates from China. It carries a PDF file that installs a key-logger on a recipient’s computer. The key-logger sends all of the user’s key strokes to a server located in China.

To recognise the malicious email look for the following:

The Hague, 17 March 2008 - The Presidency of the Unrepresented Nations and Peoples Organization (UNPO), led by President Mr Ledum Mitee, expresses its solidarity on behalf of all UNPO Members with the people of Tibet in this period of extreme tensioni and reiterates its support for their decades-long nonviolent campaign against Chinese suppression.

If you receive this email or others like it, delete it.

According to F-Secure there are other similar emails that are also part of the targeted attack and may contain any of the following attachments:

For more information see here.

Brazilian Tax Return Site

Another fraudulent tax return site has appeared, this time targeting people in Brazil. It begins with a forged email claiming to be from Brazil’s Ministry of Finance, Ministerio da Fazenda.

The email has a link to a virus file called formulario.exe.

Brazil If you receive this email just delete it. Don’t click on the links and don’t download (or even worse, Run) the .exe file it offers you.

And of course invest in a good anti virus package that will filter these sites and block them.

Other recent tax scams:

KeePass

KeePass Password Safe is a Windows application that can store all your logins and passwords. It has a long list of useful features and can even generate random passwords for you.

Some features that make this a good tool:

Of course you need to have a computer you trust and use often for this program to be of any use to you. Use a good anti virus package and regularly backup the machine.

KeePass’s website is here.

Password Meter

Recently we mentioned Microsoft’s Password Checker. Today we’ve come across a much more sophisticated password testing program, Password Meter.

Password Meter measures a wide range of password metrics and gives them weighted values. It’s quite thorough.

Apart from strong passwords the following tips are useful:

Password Meter’s site is here.

Identity Theft Using LimeWire

Here’s an interesting story that hopefully raises your awareness of identity theft.

Lime Gregory Kopiloff, from Seattle USA, has pleaded guilty to a number of fraud related crimes and has been jailed for 4 years. He used LimeWire to download tax and credit reports, bank statements and student financial aid applications that people had made available using this P2P system.

Why would anyone put sensitive documents on a file sharing program for everyone to see? Maybe the people who put these files up thought they have nothing to lose, that documents should be free and shared. Whatever the reason documents like these are sensitive and should not be shared, especially through anonymous file sharing programs like LimeWire.

Gregory used this information, as well as dumpster diving and mail theft, to commit identity theft. He obtained credit cards and debit cards under these people’s names and used them to spend US$73,000 in online purchases.

In this case it’s not the technology that’s at fault, it’s the misconceived value placed on financial documents by regular people.

BBB Infected Website

The Better Business Bureau website has been infected with malware. Visitors to the site are asked to download and install an ActiveX control (that has malicious code). Their web site is www.national-bbb.com.

If you ever receive an alert you weren’t expecting, especially one asking you to download and install anything, cancel everything it asks you to do. There is no reason to install anything to view a web page.

We’ve written earlier about websites that ask visitors to install things, and on how to take more extreme measures to completely block ActiveX code.

Fake Anti Spyware

Brave Sentry is a fake anti spyware product that’s been going around a lot lately. It’s also known by these names:

Once it gets onto your computer it tells you it found a large number of threats. For example, it could say “BraveSentry Scan found 138 threats“. This is false, following its instructions takes you to a site asking for money to remove the spyware.

Here’s a procedure on how to remove Brave Sentry, if you happen to become infected.

And to avoid infection follow these tips:

  • Always use the latest web browser versions, download updates frequently.
  • Never ever download or run programs just because an email or a web site asked you to. This includes things like codecs to watch videos (unless you’re quite technical and know what you’re doing).
  • Avoid warez and porn sites (they’re often infected with malware)
  • 4.2 Million Credit Cards Stolen

    fruit basket It’s no surprise there are so many stolen credit card numbers being bought and sold on the internet. Earlier this week there was a data intrusion to Hannaford Bros.’s network and 4.2 million credit card number were stolen, together with their expiry dates. Hannaford is a popular supermarket chain in USA.

    If you shopped at Hannaford with a credit card recently then check your credit card statements for misuse.

    The official notice from Hannaford’s CEO is here.

    Free Screen Savers Carry Viruses

    If you receive an email offering a free screen saver chances are the screen savers are infected with malware.

    Screensavers are just like any other program and can carry malware. And as always you shouldn’t trust unsolicited emails offering something free.

    3.6 Million People

    crowdGartner is a well recognised research company. They’ve recently added up the numbers and come up with 3.6 million adults that lost money in 2007 due to phishing scams. In 2006 the figure was 2.3 million.

    That’s a lot of people being conned and losing money online. According to this report it adds up to US$3.2 billion in USA alone.

    Some tips you might find useful to avoid being of of these 3.6 million people:

    eBay Fraud

    eBay fraud is rampant in Romania, Russia and China. In fact, eBay says that the majority of all eBay phishing emails comes from these countries.

    Mark Lee is the trust and safety manager for eBay UK and he’s made the following comments:

    There have been several hundred arrests in Romania after eBay initiated a campaign to stop fraud, in June 2007. But this hasn’t stopped them and it’s still rampant in these parts.

    Techniques used by these criminals include asking eBay shoppers for personal details (when people bid or ask questions on the site) - this is known as phishing and the personal details are later used to commit other crimes.

    If you use eBay to buy or sell goods have a read here [ http://pages.ebay.com/securitycenter/ ] for tips and tutorials on eBay security. And continue to read FraudO.com for online security tips.

    FlashGet Malware

    FlashGet is a popular free download manager. The latest version has a problem and someone exploited this problem causing anyone downloading this program to install a trojan on their computer.

    Any version starting with the number 1.9 is susceptible to this problem. And if you downloaded it between the 29th of February 2008 and the 14th of March 2008 then it probably installed a trojan on your computer.

    This is what FlashGet looks like:

    image

    Some useful advice:

    Bypassing Passwords Using FireWire

    firewire cableIf someone has physical access to a computer they have a pretty good chance of bypassing its security. This new attack uses the FireWire port found on some computers and notebooks to access its memory and change the system’s password.

    It’s been demonstrated to work on  Windows XP and on Macs, and could possibly affect other systems.

    It’s up to companies like Microsoft and other vendors to fix their software to disable this vulnerability. Some lessons to be learnt are:

    Here’s the article explaining how it works on Windows XP, and here is an article on how it affects Macs.

    Microsoft Password Checker

    Microsoft has a handy utility that rates your passwords. It doesn’t just look at the length of the password, it looks at how you mix upper case with lower case letters, numbers, punctuation marks etc.

    password

    When creating new passwords for your online services aim for Good or Best.

    Try it here: http://www.microsoft.com/protect/yourself/password/checker.mspx

    Note: there might be better password checkers in existence, I suggest this one because it’s hosted on Microsoft’s site. Whether you love them or hate them I believe their intentions are good and they won’t try to steal passwords.

    Another Symbian Virus

    Nokia N95There’s a new virus affecting mobile phones (cell phones) that use Symbian series 60. It’s been detected in China and is called Kiazha-A Trojan.

    It gets transmitted through Bluetooth or MMS messages so you can’t completely avoid receiving it but you can delete it if it arrives on your phone.

    It first deletes all text messages in the phone then displays a message asking for RMB 50 yuan (US$7) to get them back.

    We have a list here showing some of the more popular phones that are vulnerable. If your phone uses Symbian S60 then be aware of virus messages like this one and delete them if you receive it.

    It’s also a good idea to backup your phone’s contents to a memory card every couple of months.

    Windows powered phones are also susceptible to viruses, as we’ve mentioned here.

    Next Page →