Subscribe in a readerFacebook Un Named App
Here’s a combined hoax and malware. Let’s start from the beginning.
People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.
Below are some quotes of the hoax:
ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on
this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.
Cannot believe how much quicker mine is running after doing this….
I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.
Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.
A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.
The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).
There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).
BlackBerry Hoax Message
The following message gets sent to BlackBerries. The idea is that people believe what’s written there and forward it to all their contacts. Then each one of those people repeats the same process.
It’s a hoax. No damage can be done by the message, whether you forward it or not. And of course it will annoy people if you do forward it. It’s also very unprofessional to forward things like this to work contacts.
The message reads:
Do not accept this contact : 21536 (mireya diaz) she’s a hacker!!!! She will format ur blackberry and all ur contacts also.
Att: if one of ur contacts accept her u will get hacked also!!! Send this to all ur contacts
And don’t take the mentality that you should forward it “just in case”, or that it’s “better to be safe than sorry”. This is the wrong attitude. Make a stand and accept that it’s a hoax, and let others know.
There’s also something called a “barcode photo” that people talk about on BlackBerry forums. I don’t use a BlackBerry so I don’t know what this is, but apparently you shouldn’t share this barcode with people you don’t trust. It lets strangers add your BlackBerry to their contacts and send you hoaxes etc. You should stay in control of your privacy and choose who to share details with.
Twitter Worm: StalkDaily
Some messages are being sent on Twitter right now that are part of a worm. If you receive one of the following Twitter messages ignore it and don’t click on the link.
- I love www.stalkdaily.com
- wow… www.stalkdaily.com
- Join www.stalkdaily.com everyone!
- Hey everyone, join www.stalkdaily.com. It’s a test site like Twitter but with pictures, videos, and so much more!
- Woooo, www.stalkdaily.com
- Virus? What? www.stalkdaily.com is legit!
- Dude, www.stalkdaily.com is awesome. What’s the fuss?
If you click on the link some code runs in the background that sends the same messages but from your own Twitter account.
Is it harmful? No, it was a publicity stunt by a site called StalkDaily. This is what a worm is, something that spreads through the internet similar to a virus but without infecting files. It’s still not a good thing to have around.
In this case it’s harmless but it could have been harmful. By the time you click the damage could have been done.
Foxtel SMS
I just received this one. I haven’t worked out if it’s a scam or how it works, I’ll update this post when I find out (please post your comments here if you know anything). (Update: it’s legitimate)
The SMS was received in Australia and reads:
When you are home please call FOXTEL on 1800882016 (12pm to 8pm) so we can help you check whether your dish requires a component upgrade (no charge).
I don’t have a Foxtel dish and never requested any kind of service or upgrade. My guess is that if I call that number I’ll be charged at a premium rate, or someone will ask me for my credit card number.
Update 1: Someone pointed out that I should be able to call the 1800 number from a pay phone for free. So I’ll do that tomorrow, I have nothing to lose.
Update 2: Pay phones are rare these days. After finding one I called the free number, it’s an electronics engineering company that services Foxtel dishes. Seems like it’s a legitimate SMS, just sent to the wrong person (me). I also received a second SMS exactly the same.
So there we go, it’s not a scam.
Skype Scam
The following message came through on Skype. It’s a scam designed to scare you into clicking the link. Below is the message that came through:
WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================ATTENTION ! Security Center has detected
malware on your computer !Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows NT Server 4.0
Microsoft Windows Win98
Microsoft Windows Server 2003Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdownsRecommendation: Users running vulnerable version should install a repair
utility immediatelyYour system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
There’s a link at the end that takes you to a site made by these scammers. Their web page then tries to trick you into installing their malware.
Never click on these type of messages. Ignore them. Better yet you can set Skype to block messages from people you don’t know.
Hidden Camera in a TV Set Top Box
There’s a video being posted around the internet that claims digital TV set top boxes have hidden cameras inside and that the government can use these to spy on you.
It’s a hoax, the guy who made it thought it would be funny (and it is). Set top boxes don’t have hidden cameras, and governments aren’t interested in spying on families.
The video is shown below, and here is a web site with more information.
Congratulations You Won
This article is about the fake lottery ads you see on web pages.
I was trying out some new ads on this site, expecting them to put ads for real items that you can legitimately purchase. Instead, this ad appeared:
It’s a very annoying ad that changes colours a lot. The text says:
Contragulations! You are the 999,999th visitor: Congratulations you WON! Click here to claim
It’s a scam so I quickly removed the ad and contacted the advertising company – I only want nice legitimate ads on this site that don’t annoy and don’t deceive readers.
You are not the 999,999th visitor, it always shows this no matter how many times people visit the page.
And you didn’t win, and clicking on the link doesn’t help you claim your fake winnings.
The link took me to a page run by Freelotto. It asks you for some personal details, and again has a button claiming it will "release your winnings". However the terms and conditions suggest that there’s some chance involved before you’ll get anything. It also states that they’ll send you ads, lots of ads.
A quick search on Google shows that Freelotto is a scam.
So I’ll continue to filter out scam ads and to inform you about them.
WorldPay Fake Emails
Another fake email, this time claiming to be from WorldPay. The body of the email makes you think you’ve paid for something, and since you surely haven’t you’ll be suspicious enough to open the attachment hoping to find more information.
The attachement is a zip file, disguised as something else. The attachment’s filename is WorldPay_CARD_Transaction_Confirmation_OrderNo76621.doc.zip – this is an old trick of using two extensions at the end. .doc is usually a Word document, but the real extension is the last one, in this case .zip. A zip file can contain programs (.exe) such as malware. So always look at the last bit of the extension (.zip) when deciding whether or not to open the attachment.
Below is an extract of the email:
Thank you!
Your transaction has been processed by WorldPay, on behalf of Academic Resources Center Inc.
The invoice file is attached to this message.
This is not a tax receipt.
We processed your payment.
Academic Resources Center Inc has received your order, and will inform you about delivery.
Sincerely,
The AcaDemon Team
Enquiries
This confirmation only indicates that your transaction has been processed successfully. It does not indicate that your order has been accepted. It is the responsibility of Academic Resources Center Inc to confirm that your order has been accepted, and to deliver any goods or services you have ordered.
Fake eNom emails
Below are two fake emails claiming to be from eNom (a domain name and web hosting provider). The emails are worded such that they sound technical and that they require immediate action.
Both emails contain a link you’re supposed to click on, however if you examine the link closely you’ll see they actually point to someone else’s site. This is sneaky and you really need to be aware how to distinguish real links from malicious ones like these.
In this case the link is displayed as: http://www.enom.com – but if you place the mouse pointer over the link and wait a second, you’ll see the real link displayed (depending on which browse and email client you’re using). In this case the link really points to httpz: // w ww.enom.com.com92. _biz - See what they did there? They added a few characters to the end. This is enough to make it point to a completely different site. Even though is has part of eNom’s address in there, it’s different. (Note that I broke up the URL to stop you from accidently clicking on it).
The second email is similar, it really points to h ttp :/ / www. enom. comcom94._com – Again this is different, even though it has part of eNom’s address. Even one letter or number is enough to make it go somewhere else. (Again I broke up the address to stop you clicking on it).
How can they do this? Unfortunately at this time nobody stops scammers registering an address that is very similar to a legitimate address. It’s up to you to take care what you click on.
Another couple of tips to protect you from these tactics:
- Use a good antivirus package that checks every web page you load. These days they have a list of good and bad sites, and it’ll warn you if you’re going to a known “bad” site.
- If your web browser or email client doesn’t let you see the real link (by hovering the mouse pointer over the link) then upgrade to another browser or email client.
- Use some kind of spam filtering with your email. This is fairly common these days.
- Use an alternative browser, such as FireFox, Opera, Chrome, or Safari. This isn’t always enough these days, as we’ve seen with Flash malware. But it helps a little.
Below are the two emails. I’m putting them here so that people can search Google and get to this page to learn what they really are.
Email 1:
Dear eNom Customer,
Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable:
* Main site
* All web hosting services
* Email services
* Communication with the registry affecting new registrations, renewals, and transfers
For access your account follow this link – http://www.enom.com
The following services will not be affected and will continue to be fully operational:
* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period
* Email forwarding and site redirection will operate normally
We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience.
Sincerely,
eNom Tech Support
Second email:
Dear eNom Customer,
Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable:
* Main site
* All web hosting services
* Email services
* Communication with the registry affecting new registrations, renewals, and transfers
For access your account follow this link – http://www.enom.com
The following services will not be affected and will continue to be fully operational:
* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period
* Email forwarding and site redirection will operate normally
We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience.
Sincerely,
eNom Tech Support
-
-
Stats