Subscribe in a readerEmails That Ask You To Run An Attachment
Any unsolicited email that asks you to open an attachment is bad. If that attachment is a program then you can consider it a scam. Below is an email I received with a link to malware. It’s asking me to download and run an unknown program. The email also says it was sent by me, rather odd. I’ve removed personal details from the email,
A new settings file for the <email address> has just been released
Dear user of the <email address> mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)
http://<removed>/ settings.exe
Best regards, <email address> Technical Support.
The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.
Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.
Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.
Fake Virus Scan
Here’s something that happens every day, a message appears in your web browser telling you a virus was found and to click OK to do a scan. To get straight to the point, this is a fake antivirus program designed to trick you into installing real malware.
If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.
Below are screenshots of how it looks (click to enlarge the screenshots):
This type of scam happens on both Windows and Mac computers.
Infected Samsung S8500 Wave SmartPhones
Samsung’s new phone, the S8500 Wave, has appeared in Germany with its memory card infected with malware. And it’s fairly dangerous, if it installs itself onto your computer it will download backdoor programs and spyware, making your computer wide open to hackers and criminals. Prevention is definitely better in these cases.
The malware can affect Windows computers if you connect the phone to the computer. It’s as simple as that.
There are a couple of things you can do to avoid this malware, and to avoid similar malware in the future from similar scenarios:
- Disable the autorun feature in Windows (click here for instructions)
- Install a good antivirus package.
This type of problem is becoming more frequent – ordinary consumer devices infected with malware at the factory.
Facebook Password Reset (Virus)
I received an email that claims to be from Facebook (it’s a forged email). The email is designed to trick people into opening the attachment. Here’s what the it says,
Hey [name removed],
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Thanks,
The Facebook Team
There’s another version some people have received that is similar but has a different introduction and sign off,
Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Thanks,
Your Facebook
Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.
So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.
ICS Monitoring Team
Another email designed to scare you and possibly make you curious enough to open an attachment.
The attachment has a virus, of course. And the email has all of the usual traits such as poor spelling and grammar. Below is what it says,
Your internet access is going to get suspended
The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.We are aware of your illegal activities on the internet wich were originating from
You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.
Sincerely
ICS Monitoring Team
If you receive this email, delete it. Do not open the attached file.
Microsoft Does Not Send Updates By Email
Companies do not send updates by email, including Microsoft. They use other methods to tell their users about updates then expect users to download the updates themselves. Attachments in emails are generally bad.
So the following email I received is clearly an attempt to spread malware. It’s an email that claims to be from Microsoft – a quick look at the email’s header shows that it came from branchen4u.de. Not Microsoft.
So apart from the suspicious attachment and forged sender address, the other thing that tipped me off is that I don’t actually use Microsoft Outlook or Outlook Express.
Below is a copy of the infected email:
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.Instructions
* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook ExpressSystem Requirements
* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
* This update applies to the following product: Microsoft Outlook / Outlook Express
There was a zip file attached that contains the Bredlab trojan. If the trojan were installed it runs quietly in the background downloading viruses and other malware.
So again, don’t trust unsolicited emails. I didn’t ask Microsoft to email me patches so this one was unsolicited. And it turns out it contained a trojan.
You should also have a good antivirus package installed.
Facebook Un Named App
Here’s a combined hoax and malware. Let’s start from the beginning.
People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.
Below are some quotes of the hoax:
ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on
this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.
Cannot believe how much quicker mine is running after doing this….
I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.
Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.
A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.
The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).
There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).
iPhone Viruses
A lot has happened in the past week with iPhones. First let me explain what “jail breaking” means.
iPhones have some security built-in, courtesy of Apple. This security’s main purpose is to let Apple decide what you can and can’t do with the phone. For example, you can buy and install an approved program, you can’t install a hacked program.
Now there are plenty of people in the world who want to use their iPhones in ways not sanctioned by Apple, such as using it on a non approved network or running non approved programs. So these people remove this layer of security. This is known as “jail breaking”.
Now for a summary of what’s happened recently:
First, there was a practical joke called “rickrolling” – some people found their phone’s wallpaper (background image) changed to a photo of the singer Rick Astley. It was a practical joke, harmless.
How were these phones hacked? Someone wrote a program that looks on the internet for vulnerable iPhones and installs this wallpaper, then the program copies itself to that phone and does the same thing to others. (More details here)
It only affected some jail broken phones. People were told that it’s nothing to worry about.
Then a couple of days later someone else took this idea and wrote a malicious version that works the same way. Again, only some jail broken phones are vulnerable. Except this time instead of being a practical joke it steals personal data.
It connects to a server in Lithuania and lets hackers connect to the phone and do what they want (such as stealing passwords and reading SMS’s). This is bad.
How can you protect your iPhone?
- Firstly, if you don’t jailbreak your phone you have nothing to worry about.
- If you do jailbreak your phone you need to change a special password that’s built into the phone. The password is usually “alpine” – you can’t see this password unless you know what you’re doing but it’s there and it needs to be changed. There are instructions here on how to do this.
Summary
An iPhone is a “smartphone”, meaning that it basically works like a computer and it has an internet connection just like a computer. And like computers it can be hacked and can get viruses. Apple goes to a lot of trouble to make sure everything works well (it’s in their best interest to deliver a quality product) so people who go about circumventing the device’s security are taking a great risk.
Facebook Password Reset
The following email contains a virus, it was not sent by Facebook:
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
If you see this email just delete it. Don’t click on the attached file.
-
-
Stats