Update: HP Software Update Tool

Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.

A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 4.0.9.2 or earlier is vulnerable. The problem has been resolved in the latest update, version 4.0.10.8.

So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.

printerThe risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.

Note that this only affects Windows users.

April 29, 2008 | Filed Under Malware, Security, Software | 1 Comment 

Hospital Spam Review

graphLast week’s post about a threatening spam email (”She has already gone to hospital“) was extremely popular here, and I think it deserves a review.

I was informed about this malicious spam on Monday morning so I wrote about it here. Later that day this site had received a few hundred visits from Australia and New Zealand. This kept up until Thursday when it received over a thousand visitors, mostly from Canada. That was fun, and it’s interesting to see how the spam spread across countries. It’s still getting lots of attention till today.

I beleive the reason this site received so much traffic was because I was the 2nd person to write about it (as far as I could tell by doing a Google search on Monday morning). So when people started to do searches to work out if the threat was real or fake, Google directed them here.

It’s great to see people researching spam instead of blindly believing it. I just hope they had a chance to read this page before they clicked on the malicious link. And I hope everyone learns not to believe everything they read on the internet.

And a special hello to Karen and Stephanie, regular readers of FraudO.com :-)

April 29, 2008 | Filed Under Admin | Leave a Comment 

AVG 8.0 Released

AVG Anti VirusAVG has released a new version of their anti virus program. It comes in three versions:

8.0 was just released, the main new features are:

The difference between the three prices are the features included. See this chart for details.

April 25, 2008 | Filed Under Antivirus, Security, Software | Leave a Comment 

Chinese Domain Scam

A recent scam email uses the following technique:

Below is a sample of this scam email:

Dear Sir

We received a formal application from a company who is called Meiao Investment Co.,Ltd are applying to register “—” as their domain name and Internet keyword in China and also in Asia on Apr 17 2008. During our auditing procedure we find out that the alleged Meiao Investment Co.,Ltd has no trade mark, brand nor patent even similar to that word. As authorized anti-cybersquatting organization we hereby suspect the alleged Meiao Investment Co.,Ltd to be a domain grabber. Hence we need you confirmation for two things,

First of all, whether this alleged Meiao Investment Co.,Ltd is your business partner or distributor in China.

Secondly, whether you are interested in registering these domains. (The alleged Meiao Investment Co.,Ltd will be entitled to obtain a domain not needed by original trademark owner.)

If you are not in charge of this please transfer this email to appropriate dept.

This is a letter for confirmation. If the mentioned third party is your business partner or distributor in China please DO NOT reply. We will automatically confirm application from your business partner after this audit procedure.

Bst Rgs
chenllychen
Registration Commissioner
Beijing HA ZD Networks Science and Technology Co., Ltd
Tel: +86-10-82772601
Fax: +86-10-82773610
Email: chenlly.chen@ha-zd.com
http://www.ha-zd.com.cn

There are quite a few variations to this email, the concept is the same. Don’t reply to these emails and certainly don’t buy domain names from them. It’s just another scam. If you really want a Chinese domain name buy one from a reputable registrar.

April 22, 2008 | Filed Under Fraud, Scams | 1 Comment 

She has already gone to hospital!…

Below is a new scam email being sent around the internet. The topic of the email is shown above. The email’s contents are shown below (I’ve removed the link):

Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!! She has already gone to hospital, you’re next, this is evidence:

http://www.———.sk/fotos/

If you receive this email just delete it. It’s a scam to get you to click on the link, which will then have malicious code. More details in the comments below.

HTML_IFRAME.TW virus

April 21, 2008 | Filed Under Malware, Scams | 7 Comments 

BT Home Hub Wireless Networks

Wireless networks can be made safe but it’s so common to find networks that haven’t been secured properly. It’s even worse to see ISPs giving their customers routers that have been configured with weak security.

BT Broadband in the UK has been supplying wireless routers to their customers, called BT Home Hub, setup to use a very weak security system called WEP.

old rusty padlockIn fact it’s so weak that anyone sitting within wireless range (which can include a few of your neighbours) can just guess the wireless password in 80 attempts. And you wouldn’t even know someone’s trying to guess your password.

WEP is an old security system made for wireless routers, it’s been cracked before and it’s really no safer than an old rusty padlock with the key hidden in a pot plant. As the old saying goes, it keeps out honest people. WEP is practically useless. And BT Home Hub leaves it setup this way for their customers.

What everyone with a wireless network should do is change WEP to WPA. WPA is considered safe at the moment. And it’s best used with a long password (20 characters long).

To learn more about securing a wireless network read here. And to understand why it’s important to secure a wireless network read our article here.

Just remember, WEP = useless, WPA = secure.

April 19, 2008 | Filed Under General, Security | Leave a Comment 

FireFox and Safari Updates

The FireFox and Safari browsers have been updated. If you use either of these then you should upgrade today. The new version numbers are:

This applies to Windows, Mac and Linux users. The updates fix vulnerabilities and hence are important security updates.

April 19, 2008 | Filed Under Security, Software | Leave a Comment 

MasterCard 16% Scam

A fake promotional email, claiming to be from MasterCard SecureCode, offers a 16% discount on all purchases. This could be enough to tempt readers to sign up on the fake web site.

discount The email has a link to a web site that has been made to look the same as MasterCard’s web site with a form to sign up. The personal details entered here end up going to a scammer. Personal details including your credit card’s number, expiry date, 3 digit security code, and your date of birth.

If you receive an unsolicited email offering 16% discounts just delete it. And don’t click on links in these emails, instead go to a web browser and type in the address you need.

April 19, 2008 | Filed Under Fraud, Scams | Leave a Comment 

Microsoft Certificate Enrolment Code

There’s a new phishing trick that involved the user downloading a security certificate. It’s been spotted on a fake Bank of America web site. When this fake page is accessed the user is asked to create a digital certificate.

US money The control is downloaded to the PC using Microsoft Certificate Enrolment Code. This ads a false sense of security for users.

The next step on the web site asks users to download a file called sophialite.exe This is a malicious program.

So if you end up at a web site that looks like the Bank of America pay close attention to the address shown in your web browser, make sure it’s exactly right.

April 18, 2008 | Filed Under Fraud, Malware, Scams | 1 Comment 

QuickTime Patch

Apple has released a new version of QuickTime for Windows and Mac. It fixes 11 vulnerabilities so if you have QuickTime installed on your machine it makes good sense to update it now.

music The new version is 7.4.5

Note that QuickTime is usually installed with iTunes, so if you use iTunes you probably also have QuickTime installed.

See Apple’s website for more details.

April 16, 2008 | Filed Under Software | Leave a Comment 

XP Antivirus

ads XP Antivirus is a fake antivirus program. It looks like an anti virus program and when run it tells you it found a number of threats. It then prompts you to spend money in order to remove the alleged threats. The threats it tells you about aren’t real, it’s a scam to get money from you.

The road to XP Antivirus is:

  1. A malicious ad appears on legitimate web sites. The operators of the web sites hosting this ad aren’t aware of what it is.
  2. A message appears offering a product called XP Antivirus. The message reads:
    • Attention! If your computer is infected, you could suffer data loss, erratic PC behaviour. PC freezes and creahes.

      Detect and remove viruses before they damage your computer!
      XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware.

      Do you want to install XP antivirus to scan your computer for malware now? (Recommended)

      (Note: I bolded the typo that appears in the original ad)

  3. If you say ok then a fake anti virus program is installed.
  4. The program then informs you about a large number of (untrue) malware on your computer
  5. You’re then asked to pay to remove them

A few days ago I mentioned a similar scam for Macs called iMunizator. These things will never let up so take care who you trust. Don’t just run or install unknown programs on your computer.

April 14, 2008 | Filed Under Antivirus, Scams | 2 Comments 

ActiveX Flaw in Symantec Products

Symantec is well known for making security products (they also use the Norton brand for home products). A serious flaw has been found in some of their products including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.

The flaw is in an ActiveX control that gets installed on the PC (the control is called SymAData.dll). This control is normally used for their AutoFix tool, however it was discovered that it can be exploited by adding some malicious code to a website. The exploit allows someone to take over the computer (generally a bad thing).

Two ways to fix this problem are:

Earlier we wrote about problems with ActiveX and suggested you disable it.

April 14, 2008 | Filed Under Antivirus, Malware, Security, Software | Leave a Comment 

2Wire Modems

2Wire is a DSL modem manufacturer. Earlier we reported that a Mexican ISP offers 2Wire modems to their customers and that there was a vulnerability in them affecting their customers. The vulnerability is called DNS poisoning.

Many other ISPs also offer this modem to their customers including AT&T. AT&T has taken some positive action to fix the issue, so if you’re an AT&T customer using a 2Wire modem then have a talk to them and see if your modem needs patching.

An AT&T spokesman, Seth Bloom, responded to a Slashdot article and had the following to say:

“The majority of our customers did not have gateways affected by this vulnerability. For those that did, as soon as we became aware of the issue, we expeditiously implemented a permanent solution to close the vulnerability. In fact, we’ve already updated the majority of affected 2Wire gateways, and we’re nearing completion of the process. We’ve received no reports of any significant threats targeting our customers.”

April 13, 2008 | Filed Under General, Security | Leave a Comment 

Flash Vulnerability

People that have Adobe’s Flash player version 9.0.115.0 or earlier, or 8.0.39.0 or earlier, need to update it now. A new exploit for these versions has been discovered and can allow someone to take control of your computer just from visiting a website that has malicious code.

The new version that you need is 9.0.124.0 and it fixed this new vulnerability.

AIR1.0 is also affected because it includes a Flash player built in. If you use AIR upgrade to version 1.0.1.

Adobe’s security bulletin says that this affects all platforms, so that would include all versions of Windows, Macs, and Linux.

April 13, 2008 | Filed Under Software | Leave a Comment 

iMunizator

iMunizator is an application for the Mac that claims to scan the computer and report problems.

iMunizator actually searches the computer for important files and tells the user that they are dangerous. It then offers to remove them.After removing them the computer is no longer usable.

In other words, iMunizator is a malicious program. Don’t ever run this program on a Mac.

It’s actually another version of MacSweeper, which we warned you about earlier this year.

imunizator
Imunizator’s website

April 12, 2008 | Filed Under Malware, Software | 1 Comment 

RealPlayer 11 Vulnerability

RealPlayer 11 has a vulnerability that can be exploited by viewing a video on the wrong web site. If you have version 11 then upgrade to version 11.0.2.

April 12, 2008 | Filed Under Software | Leave a Comment 

Next Page →