Malware infected emails are getting scarier with subjects about wanting to sue you. Take the email below, it suggests that your email is sending spam and that you’re going to be sued. This kind of tactic is called social engineering, the words have been carefully crafted to add a sense of urgency, which in most people causes irrational decisions to be made such as opening the attachment in the email.

The email says,

Hello. Your email is sending spam messages! If you don’t stop sending spam, we will be impelled to sue you! We’ve attached a scanned copy of the document assembled by our security service to this letter. Please carefully read through the document and stop sending spam messages. This is the final warning!

The subject is one of

• You are sending ad messages
• We are going to sue you
• This is the final warning
• We’ve sent you a copy of a complaint
• A message from our security service

If you see an email like this don’t click on the attachment. Delete the email. The attachment is a trojan that then installs viruses every time you reboot the PC.

Lately there have been some spam emails claiming to have details about an incorrect hotel transaction. The email is a ploy to install malware on your computer. Here’s how it works,

• You receive an email telling you that a hotel has incorrectly charged your credit card
• The email also says that you should fill out an attached form for a refund (i.e. open an attachment and get some money)
• The attachment installs a fake antivirus program
• The fake antivirus program asks you to pay money to clean your PC (even though there’s really nothing wrong with it)

Hotel Renaissance Chicago made wrong transaction

Hotel Westin St. Francis made wrong transaction

Wrong transaction from your credit card in Woodrun V Townhomes

In the last few days there have been some malicious videos posted on Facebook. If you use Facebook and see any of the following videos, don’t click on them.,

• a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid
• an X-rated video of celebrities Rihanna and Hayden Panettiere

These videos are not actual videos, but are links to a website that installs malware. Note that it affects both Windows and Mac computers. On Windows, the malware tells people to install a new version of Adobe Flash Player, but instead installs a fake antivirus program. On a Mac the malware brings up a fake security warning and asks people to install a fake “fix” to the problem. In both cases the malware then wreaks havoc with the computer, shows pornographic images, and asks the user to pay money to stop it happening. After (real) money is paid the malware remains. So overall it’s quite a nasty bit of work.

If you come across anything like this in Facebook please let the person who posted it know it’s malicious. The sooner they remove the post the less damage it will do.

This had to happen sooner or later. A virus has been discovered that can affect Android phones. It uses the conference call feature of the phone to send your conversations to a remote server (spying on your conversations).

The virus is reported to now be on over 150,000 phones. This is quite serious. There are also two strains of the virus now, indicating that people are working on making things worse for everyone.

This virus is called HongTouTou. It was discovered in an app called Dynamic Footprint Wallpaper, hosted on an app store in China. More information here.

How can a phone get a virus?

Android phones are smartphones, meaning the phone is actually a computer. And like any other computer you can download and install programs onto it, commonly called Apps.

Now the philosophy behind Android phones is that it’s less regulated than other phones, such as Apple’s iPhone, and you’re free to install any app you want. Even ones that contain viruses.

With Android phones you have a choice where to download your apps from. And unfortunately this included untrusted sources where people can add viruses to apps. It’s all very similar to Windows PCs and the popular viruses from a few years ago.

What about iPhones and other phones?

This particular virus only affects Android, not any other phones.

How to avoid HongTouTou?

For now the best thing to do is to only use app stores you trust. Don’t rush into downloading an app just because it’s popular or cool, read up on it first.

The email shown below is not from Adobe, it’s a fake. It has words that would get most people’s attention but the links in the email do not point to any real Adobe products. If you receive this email, delete it. Don’t click on the links.

The fake email looks like this:

Dear Customers,

Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.

http:// www.adobe-new-software.com

Advanced features include:

- Collaborate across borders

- Create rich, polished PDF files from any application that prints

- Ensure visual fidelity

- Encrypt and share PDF files more securely

- Use the standard for document archival and exchange

To upgrade and enhance your work productivity today, go to:

http://www.adobe-new-software.com

If you have any question please contact us at: support@adobe-new-software.com

Best regards,

Michael Lobenberg

Adobe Acrobat

Copy rights © Adobe Acrobat 2010 – All Rights Reserved

Website: http:// www.adobe-new-software.com

Dear Customers, Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.
http:// www.adobe-new-software.com Advanced features include:
- Collaborate across borders- Create rich, polished PDF files from any application that prints- Ensure visual fidelity- Encrypt and share PDF files more securely- Use the standard for document archival and exchange To upgrade and enhance your work productivity today, go to:
http://www.adobe-new-software.com  If you have any question please contact us at: support@adobe-new-software.com Best regards, Michael Lobenberg Adobe AcrobatCopy rights © Adobe Acrobat 2010 – All Rights Reserved Website: http:// www.adobe-new-software.com

Adobe does not send out emails like this. Acrobat Reader can update itself by showing a small window with update information (and you should update it as soon as updates are released). You should not have to visit a web site to download Acrobat updates.

The following email is a scam, it looks confusing and encourages readers to click on a link. And there are many links in this email, all pointing to a hacker’s virus infected site.

Below is the email, with personal details and all of the malicious links removed:

Dear …,

Thank you for scheduling your recent credit card payment online. Your ($USD) $117.00 payment will post to your credit card account (CREDIT CARD) on 08/06/2010.

Now that you’re making your payment online, are you aware of all the convenient ways you can manage your account online?

Just log on to www.chase.com/creditcards today. Using the "I’d like to…" links for your credit card account, you can access more than a dozen features, including links to:
See statements – Choose to stop receiving paper statements, and see up to six years of your statements online.
See automatic payments – Set up monthly payments to be made automatically.
Transfer a balance – Transfer a balance to your credit card account.
Go to Personalized Alerts – Schedule Alerts to remind you of key account activity.
You can also see past payments you’ve made online by logging on to www.chase.com/creditcards and clicking "See/cancel payments" under "I’d like to …"

If you have questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Sincerely,
Cardmember Services

Never trust emails like this, especially if you don’t have an account with the company.

A useful trick to spot these scams is:

• Identify which company the email claims to be from. In this case, it’s a company called Chase.
• Place your mouse pointer over a link, but don’t click.
• Look at the bottom of your screen, you should see the real link it points to. (You need to be using a modern web browser for this to work).
• If the addresses don’t match then it’s likely a scam.

E.g., the email above talks a lot about chase.com. This is a real company in USA. When I place my mouse pointer over the link, my browser says it goes somewhere different. The addresses don’t match, this is a scam. See the picture on the right.

As if malicious web sites weren’t enough of a problem now we have web sites with fake warnings that look just like the real thing.

Google Chrome has an excellent system that warns of dangerous web sites. When you click on a link to a dangerous (malicious) site, hopefully it will give you a large red warning page.

Now someone has been using this to trick people into thinking the website is malicious. It also asks you to download something called “Google Chrome secure updates” – this is bad, you shouldn’t have to install anything.

Here is the fake warning message (click to enlarge):

The popup message says:

This web page has been blocked based on your security preferences. Click ‘OK’ to download and install Google Chrome secure updates.

And here is the real warning message:

So never trust web sites that ask you to download anything, and if in doubt search Google for more information.

Any unsolicited email that asks you to open an attachment is bad. If that attachment is a program then you can consider it a scam. Below is an email I received with a link to malware. It’s asking me to download and run an unknown program. The email also says it was sent by me, rather odd. I’ve removed personal details from the email,

A new settings file for the <email address> has just been released

Dear user of the <email address> mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)

http://<removed>/ settings.exe

Best regards, <email address> Technical Support.

The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.

Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.

Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.

Here’s something that happens every day, a message appears in your web browser telling you a virus was found and to click OK to do a scan. To get straight to the point, this is a fake antivirus program designed to trick you into installing real malware.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

This type of scam happens on both Windows and Mac computers.

Samsung’s new phone, the S8500 Wave, has appeared in Germany with its memory card infected with malware. And it’s fairly dangerous, if it installs itself onto your computer it will download backdoor programs and spyware, making your computer wide open to hackers and criminals. Prevention is definitely better in these cases.

The malware can affect Windows computers if you connect the phone to the computer. It’s as simple as that.

There are a couple of things you can do to avoid this malware, and to avoid similar malware in the future from similar scenarios:

• Disable the autorun feature in Windows (click here for instructions)
• Install a good antivirus package.

This type of problem is becoming more frequent – ordinary consumer devices infected with malware at the factory.

I received an email that claims to be from Facebook (it’s a forged email). The email is designed to trick people into opening the attachment. Here’s what the it says,

Hey [name removed],

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Facebook Team

There’s another version some people have received that is similar but has a different introduction and sign off,

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
Your Facebook

Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.

So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.

Another email designed to scare you and possibly make you curious enough to open an attachment.

The attachment has a virus, of course. And the email has all of the usual traits such as poor spelling and grammar. Below is what it says,

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

If you receive this email, delete it. Do not open the attached file.

Companies do not send updates by email, including Microsoft. They use other methods to tell their users about updates then expect users to download the updates themselves. Attachments in emails are generally bad.

So the following email I received is clearly an attempt to spread malware. It’s an email that claims to be from Microsoft – a quick look at the email’s header shows that it came from branchen4u.de. Not Microsoft.

So apart from the suspicious attachment and forged sender address, the other thing that tipped me off is that I don’t actually use Microsoft Outlook or Outlook Express.

Below is a copy of the infected email:

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

There was a zip file attached that contains the Bredlab trojan. If the trojan were installed it runs quietly in the background downloading viruses and other malware.

So again, don’t trust unsolicited emails. I didn’t ask Microsoft to email me patches so this one was unsolicited. And it turns out it contained a trojan.

You should also have a good antivirus package installed.

Here’s a combined hoax and malware. Let’s start from the beginning.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).

A lot has happened in the past week with iPhones. First let me explain what “jail breaking” means.

iPhones have some security built-in, courtesy of Apple. This security’s main purpose is to let Apple decide what you can and can’t do with the phone. For example, you can buy and install an approved program, you can’t install a hacked program.

Now there are plenty of people in the world who want to use their iPhones in ways not sanctioned by Apple, such as using it on a non approved network or running non approved programs. So these people remove this layer of security. This is known as “jail breaking”.

Now for a summary of what’s happened recently:

First, there was a practical joke called “rickrolling” – some people found their phone’s wallpaper (background image) changed to a photo of the singer Rick Astley. It was a practical joke, harmless.

How were these phones hacked? Someone wrote a program that looks on the internet for vulnerable iPhones and installs this wallpaper, then the program copies itself to that phone and does the same thing to others. (More details here)

It only affected some jail broken phones. People were told that it’s nothing to worry about.

Then a couple of days later someone else took this idea and wrote a malicious version that works the same way. Again, only some jail broken phones are vulnerable. Except this time instead of being a practical joke it steals personal data.

It connects to a server in Lithuania and lets hackers connect to the phone and do what they want (such as stealing passwords and reading SMS’s). This is bad.

How can you protect your iPhone?

• Firstly, if you don’t jailbreak your phone you have nothing to worry about.
• If you do jailbreak your phone you need to change a special password that’s built into the phone. The password is usually “alpine” – you can’t see this password unless you know what you’re doing but it’s there and it needs to be changed. There are instructions here on how to do this.

Summary

An iPhone is a “smartphone”, meaning that it basically works like a computer and it has an internet connection just like a computer. And like computers it can be hacked and can get viruses. Apple goes to a lot of trouble to make sure everything works well (it’s in their best interest to deliver a quality product) so people who go about circumventing the device’s security are taking a great risk.

The following email contains a virus, it was not sent by Facebook:

Because of the measures taken to provide safety to our clients, your password has been changed.

You can find your new password in attached document.

Thanks,

The Facebook Team

If you see this email just delete it. Don’t click on the attached file.

Here’s an example of a very sophisticated piece of malware designed to steal money. It was discovered recently in Germany and was used to steal €300,000 in 3 weeks. Here’s how it works:

1. You visit a web page that has been hacked. It’s an ordinary web page (such as a news site), nothing looks out of the ordinary.
2. A trojan is installed on your computer without your knowledge. It sits there on your PC waiting and watching.
3. You log onto your internet banking site. Everything still looks normal.
4. The trojan detects that you’ve logged into an internet banking site and it makes a transaction, transferring money from your account to the account of a money mule (more on this later).
5. When you look at your bank statement online, the trojan captures the network data and changes it to hide the transaction it made. The numbers it shows on the screen have been altered.

Step 5 is the sophisticated part of this attack. Normally you’d notice if money was transferred from your bank account without your approval, but the trojan hides this by showing you a fake statement on your screen. If you can’t see the money being taken from your account the criminals have more time to keep making withdrawals.

The amount of money it steals is different each time so that the bank’s anti-fraud detectors don’t see the pattern of theft.

More details here on this attack works.

So what’s a money mule?

Stealing money from people’s bank accounts is a big business. Criminals not only write sophisticated malware to carry out the transactions, they also recruit money mules to launder the money.

They place ads online offering jobs to desperate people. These jobs require no experience and you work from home (sound familiar?). People who sign up to these jobs receive money in their bank accounts, then they have to transfer it to someone else’s account. They do this willingly and are paid for it, but they usually don’t know that it’s part of a criminal organisation.

This is how the criminals receive their stolen money and cover their tracks. It’s a form of money laundering and is illegal. And to avoid a pattern detection they usually only use these money mules twice.

Here’s an example of a money mule job ad.

Lessons Learnt:

• Always use an antivirus program that not only scans your PC for malware, but also checks every web page you go to. Good antivirus programs cost money and it’s a good investment to protect your online security.
• Only use internet banking from a PC you trust.
• Always update your PC with the latest patches. For example, tomorrow there’ll be a large Windows update, you should install this as soon as possible (after you make a backup).
• Don’t trust job ads that promise the world for little to no effort.

Avast! is a company that makes a decent anti-virus program. They recently published some statistics that are interesting:

• Their anti-virus programs blocks 1 billion malware a month. That’s 1,000,000,000 attempts to install viruses, trojans, password stealers, etc on to people’s PCs. A month. And that’s just by one small company.
• 1 in 15 people encounter a malware every day.
• They find about 3,000 new malware each day (that’s new and unique viruses, trojans, etc). They have 2.1 million in their database.

These statistics are not just marketing numbers, they give you an idea of how serious a problem malware is. If you don’t have a good anti-virus system installed on your computer they you need to take action now (today) and install something to protect you. Good anti-virus systems generally cost money – it’s a good investment, the cost of not buying one is usually greater.

And get something from a known vendor. Last week I talked about a comparison of anti-virus programs, you can use this as a guide.

And Macs and Linux computers aren’t safe either.

An email offering you a game of Monopoly may in fact be an invitation to download malware. The email has the subject “Play Online Together” and the email reads:

… Has Invited You To Play Monopoly

Monopoly Invite

Monopoly2009.com

If you see this email delete it, it’s a trick to get you to download malware. The website asks you to download a file called monopoly.exe – this is the malware, don’t download it.

There’s a rumour about a Facebook app called “Facebook Fan Check”. The rumour says that after 2 days this app goes through friends list and somehow infects their PCs.

Some people have been posting messages on Facebook saying:

to all those using FAN CHECK APPLICATION, please delete it & all its pictures, it contains a virus & takes 24-48 hours 2 infect everyone on your friends list please copy and paste 2 your status to let everyone know

Firstly, malicious Facebook apps do exist. The ones I know of are called Posts and Stream applications. They’re not viruses but they try to trick you into providing personal data (called phishing).

Secondly, Fan Check Virus doesn’t exist, but nevertheless there is a danger. What’s happening is that the virus writers have created web pages infected with real malware and fake antivirus programs.

So if you search for Fan Check Application on Google, you’re likely to end up on the infected web page looking for information, and that’s how your PC gets infected. Clever, right? So all the people writing about Fan Check haven’t done any research and are actually helping to spread the real malware.

There’s a video explaining more about it here.

And it seems this isn’t the first time this strategy was used. Another fake Facebook virus called Error Check System works in the same way, if you Google for information on it you’ll likely end up on a web site with a fake anti-virus product.

I just received this email – it’s a scam. If you click on the links it takes you to a site letting you download some spyware. Below is the text of the email. If you see this, delete it. Don’t click on the links, don’t download the program they have.

PDF Reader 2009 – New Version for Windows and Mac
The latest PDF Reader: Open, Edit & Create PDF Files
http://www.adobe-pdf-update.info
Included in this package:
Open Office Suite – Get things done more quickly and improve your work efficiency.
-Open, edit and view all PDF files.
-Enhanced performance with faster loading and zooming.
-Collect your data and combine it into a high quality document.
http://www.adobe-pdf-update.info

Download the complete Office solution today and also receive free updates
and 24/7 customer support.
"Since the 90′s, PDF has become the standard file format for document exchange." – Adobe
http://www.adobe-pdf-update.info

Thank you for choosing us, the worldwide leader in PDF Reader Solutions.
Best Regards,
Mary Norman
PDF Reader 2009

Adv Media Ltd  | 890 Avenue| Sydney | 1002 | Australia

Click here :
http://www.listmanagerservices.com/unsubscribe.php?M=
to Unsubscribe out of mailling list.

This product is a scam. It’s made to look like a real antivirus or antispyware program but all it does is ask you for money. It’s not a legitimate program, it doesn’t stop spyware, viruses or do anything useful.

It’s called PC Antispyware 2010, a name that sounds a bit serious (and misleading). The screen looks pretty fancy, maybe people trust things that look nice or shiny – don’t be fooled by it.

If you see the screen above then don’t click on the download link, don’t install it. You can see a larger screenshot by clicking here. Only use antivirus products from known and trusted vendors.

There was a vulnerability in the iPhone that could allow it to be hacked by sending it an SMS. In theory this would allow hackers to take control of your iPhone quite easily.

Apple has responded with a patch (called 3.0.1) that fixes the vulnerability. It can be downloaded and installed using iTunes.

Apple has more info here.

A new worm (a kind of malware similar to a virus) is being spread using Twitter. It appears as tweet that says:

My home video

If you click on the link it takes you to a video page and asks you to download a new codec. I’ve written about the dangers of installing  new codecs, read about it here.

So don’t click on these Twitter messages.

The technology spammers use is always changing. A report released by MessageLabs in June 2009 shows that 83% of spam is currently being sent from botnets. Now let’s explain what a botnet is.

There are people out there who hack into people’s home PCs (the PCs of ordinary people like you and me). They usually write a virus to do this, or pay someone to write the virus. Then when they’ve hacked into a home PC, they add it to a list.

After a few days they can get about 500,000 home computers on their list (yes, they work very fast). So once the hacker has hundreds of thousands of computers on their list, he writes a program that can control them all at once.

Now keep in mind that most home users won’t know their PC has been hacked. Everything still looks normal.

The hacker then sells this list of PCs to a spammer. The technical word for this list of controlled PCs is called a botnet.

A spammer buys this list of hacked computers and the program that controls them all at once. He uses also buys an email list from someone else (a list with millions of people’s email addresses). He presses a button, and all of the home PCs he’s controlling start sending out spam.

Again, home users don’t know their PC is now being used to send out spam. They might notice their internet go a little slower but most people don’t have the technical skill to work out why. It just gets ignored.

The spammer then sits back, relaxes after doing his 5 minutes of work. If anyone gets caught for sending spam it’ll be the home user, not him. The home user is ignorant of what’s going on. The hacker made his money and will do it again. And the cycle repeats again after a few days.

So how much spam are we talking about?

The largest botnet in operation in June 2009 is sending 74 million spam emails a day, all of this from people’s home computers. That’s a lot of spam.

What can you do?

Don’t let your own computer become part of a botnet. Use a good antivirus product, scan for malware, and fix up any problems.

USB Drives are so popular these days nobody thinks much about them anymore. They come in all sizes (up to 128GB these days) and don’t really cost that much. They’re cheap enough that some people give them away.

So can they spread malware such as viruses? Yes, they certainly can. On many Windows computers, when you plug in a USB drive it does a quick search and it can run programs installed on them. Microsoft calls this a feature.

But malware authors (bad hackers) know all about this and they write malware that runs as soon as the device is plugged into a computer. You won’t know it’s happened, malware can install itself quietly in the background without getting in the way of your work.

So what do you do about it?

• Be cautious about what you plug into your computer
• Have a good anti-virus package installed that can scan these devices for you
• You can disable a feature in Windows that automatically runs programs on these USB drives
• In an office environment a good system administrator can lock down this feature across the entire network

What else can plug into your USB port and carry malware?

• USB Flash drives (also called flash drives, pen drives, thumb drives or USB sticks)
• Digital cameras
• MP3 players (including iPods)
• Mobile phones (cell phones)

And if you’re thinking how can malware get onto a camera, I’ve seen it myself. A friend took their camera to the local shop to print some photos, then lent me the camera so I could help them with something, I detected a virus that installed itself on it from the shop.Yes, it really happens. Take care with USB devices.

This email tries to trick you into running a virus attached to the email. Why would anyone do this? Well, the email is vague and it sounds like it’s a serious and technical matter.

If you receive any of the emails shown below, delete them:

Subject: Outlook Setup Notificataion

You have (1) message from Microsoft Outlook

Please re-configure your Microsoft Outlook again.

Download attached setup file and install.

Subject: TheBat Setup Notification

You have (98) message from Outlook Express.

Please re-configure your Outlook Express again.

Download attached setup file and install.

A spam email pretending to be sent from the Bank of America tells readers they need to install a digital certificate. What it really does is install malware.

Not only does it install malware, it also asks you for your user ID and password.

Here are some tips to help you avoid this sort of scam:

• When you use any online banking service, look for the padlock icon in your browser. Then click on it, it needs to say your bank’s name, it’s full web address, and shouldn’t show any errors.
• If you receive an email from your bank, don’t click on any links. Instead, open a new web browser and type in your bank’s web address. This way you can’t be tricked into clicking the wrong link.
• Always be wary when you receive unsolicited emails. More often than not they’re scams.
• Use a good antivirus product

There’s a new Facebook Trojan – it shows up as a message from a friend asking you to click on a link.

If you click, it runs a trojan on your computer that uses your Facebook account to send the same message to all your contacts.

The message has a few variations, such as the ones below:

Veryy veryy funnny videoo of you..;)

Donn’t cryy! Yoour mom wiill nnever see thhis moviee.HA-HA-HA!!

Check out my video: http…etc…

AA-ha-ha, i saw yourr a__ in the internnet! lol My a__ has not been on the internet. My hubby won a nipp

Yoou’ve bbeen fiilmed! Haven’’t you notiiced?Is this whatIra is talking about?

If you see these in Facebook don’t click on it. And tell the person who sent it that their PC might be infected with malware.

There is another fake anti-virus product called Malware Doctor. It pretends to scan your PC then tries to trick you into paying them money.

When Malware Doctor first starts up it pretends to scan your PC for viruses and other malware. Then it tells you it found a few things that shouldn’t be there.

It then says that you’re using an unregistered version of Malware Doctor and that you need to pay for the full version to remove the malware.

It’s a scam, if you see Malware Doctor on your PC you need to take action to clean your PC.

How does Malware Doctor appear on your PC?

There are viruses that spend their life downloading malware (viruses, trojans, etc) and installing them on your PC. So if you have Malware Doctor on your PC it means you have more malware that keeps installing it. A big problem.

How do you get rid of it?

There’s a procedure here. If this is too technical for you then you’ll need to get your PC serviced.

Always have a good anti-virus product on your PC that prevents all this malware from installing in the first place. It’s easier to prevent malware than it is to fix.

There are many fake anti-virus products out there, they try to convince you there’s something wrong with your PC or Mac then either ask you for money to fix it or install real viruses.

This new one’s the kind that asks you for money, it’s called System Security. It begins when you download the program believing it’s a new anti-virus product. It’s designed for Windows PCs.

When you install it, it pretends to scan your PC, then informs you it found a whole lot of malware on your PC including viruses, adware and spyware. This part is meant to scare and shock you.

Then it does something truly evil, it stops you doing anything on your PC until you “activate” the anti-virus. And by activate they mean pay them money. So at this stage the only thing you can do with your PC is go to the scammer’s website (which looks nice and professional), hand over your credit card details, and they’ll supposedly make your PC work again.

If you happen to download and install this fake product and it blocks your PC from working, don’t give them your credit card details or otherwise pay for it to be unlocked. You will be able to boot your PC in Safe Mode – ask for a PC technician to help you with this if necessary. You’ll then be able to remove the fake anti-virus.

This highlights the importance of using a good anti-virus product, one that’s known and respected in the IT industry. I generally try not to recommend one product over another but below are some of the trusted anti-virus companies available today:

• Trend Micro
• Symantec / Norton
• McAfee
• F-Secure
• AVG

There are many more and the market’s always changing. Feel free to write about your preferred products in the comments below. These days you can buy them online or walk into a computer store and buy one.

Another Western Union scam email is being sent to people. The email claims that you sent money with Western Union and that it has been returned to you (this is the incentive designed to catch your attention, free money).

The email has an attachment that is supposed to be an invoice. Instead the attachment infects your PC with a virus that waits for you to use internet banking then steals your password.

The email reads:

Dear client!

The money transfer you have sent on the 12th of April was not collected by the recipient. Due to the Western Union regulation the transfers which are not received in 15 days are to be returned to sender.

To collect money you need to print the invoice attached to this email and visit the nearest Western Union branch.

Thank you!

If you see this email, or one similar to it, delete it. Western Union didn’t really send it. And don’t open the attachment.

Tell-tale signs of a scam email:

• There are a few grammatical errors in the email. It’s common for scammers to have poor English skills (though they’re getting better)
• Did you send money with Western Union in the past 15 days? If not then it’s almost definitely a scam. Don’t be tempted.
• If you’re unsure, copy & paste parts of the email into Google. Then read through the results looking for evidence of known scams.

You should also be scanning your email for spam and malware. This will filter out most of the scams before you have a chance to read them.

There was another Western Union scam that has been quite popular, read about it here.

Windows 7 Release Candidate (RC) was released recently by Microsoft. It’s free for anyone to download and test it before the final version’s finished. A few days before the official release someone posted a copy on a BitTorrent network. Unfortunately this copy was infected with a trojan that downloads more malware. This is very bad. When you install an operating system such as Windows you have to trust the installation. If you can’t trust the operating system then you shouldn’t be using it. What’s wrong with Torrents?

• Don’t download Windows from file sharing systems such as BitTorrent. Get it from Microsoft or one of their vendors.
• If you download free operating systems such as Linux from torrents know how to do a checksum test.
• Don’t use pirated software. Apart from being immoral and illegal, pirated software is often plagued with malware.

What if you already downloaded Windows 7 RC from BitTorrent? The safest thing to do is to download it again from Microsoft’s site, reformat your PC, and reinstall the official version. It can be safely downloaded from: http://www.microsoft.com/Windows/Windows-7/download.aspx As a side note I’d like to point out that Windows 7 RC is a test version, it’s not the finished product. And while it’s free for now it has a couple of restrictions:

• on 1 March 2010 it will start rebooting every 2 hours
• on 1 June 2010 it will completely stop working.

Update: There are now 25,000 PCs infected with the malware as a result of downloading the wrong copy of Windows 7 RC. These 25,000 PCs are being controlled by hackers as part of a botnet.

M&A makes a mini tablet PC (also called a netbook) called the Companion Touch. It’s been found to come with malware pre-installed. If you’ve bought this model after February 2009 you should scan it for viruses. You should also scan any devices you might have plugged into it, such as flash drives or other removable drives.

The malware found on this device is designed to steal passwords. More detailed info here.

It’s unfortunate that these days many devices have been shipped from the factory with viruses and other malware, such as digital photo frames and MP3 players.

We all know that malware can steal your passwords, cause you to lose money, and spread itself to other PCs. But can malware actually cause damage to your PC?

The short answer is yes.

A botnet is a collection of infected PCs under a hacker’s control. There are millions of PCs today forming these botnets (millions of infected home computers being controlled by hackers). Some new research on botnets shows that they sometimes include code to completely disable the PC.

In April 2009 a malicious hacker decided to “kill” the PCs he was controlling using a botnet. It disabled Windows on 100,000 computers, making all those PCs useless until a technician can repair it. (This is a slight simplification but for the general public it’s accurate enough). These 100,000 computers belonged to real people using their computers at home or at the office. One day it just stopped working because a malicious hacker thought it’d be fun. You can read more detailed information about this here.

And then there are other malware (viruses etc) that can damage the PC in more serious ways. In March 2009 researches created a sample malware that writes itself to the computer’s BIOS (the BIOS is inside a chip inside the PC) . Reformatting the PC won’t remove it, buying a new hard drive won’t remove it either, and they claim that even a “BIOS flash” won’t remove it. You’d have to buy a new PC (or if you’re technical, a new motherboard) to fix it. More info here.

In the past there have been viruses that could damage drives and monitors but there’s been very little of this lately.

So overall malware can cause your PC to visit a repair shop for servicing, which is not only an inconvenience but also costly. It’s always better to prevent malware than to repair the damage (and often you may not know a PC is infected). And the usual tips apply here:

• Use a good anti-virus package, the kind that updates itself several times a day and scans web pages as well as files. They’re not expensive.
• Always patch and update your programs, including your operating system (Windows, Linux, Mac OS X).
• Never assume it can’t happen to you or that your computer is somehow better than others.
• Use one of the newer browsers such as FireFox, Chrome, or Opera. Read about browser hacking here.
• Don’t download programs from hacker sites such as password generators (they’re usually infected with malware).
• Don’t be tricked into installing something to watch a funny video. If your computer can’t play the video as it is then it’s probably not worth watching. Read more about it here.
• Don’t be tricked by fake anti-virus programs. Examples here.
• And backup your files. Do this often.

Sometimes hackers find innocent web sites and find a way to hack it and add malware. Below is an example. A (fake) message comes up telling you your PC is infected:

Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs.

Notice that the message is full of grammatical mistakes, scammers generally aren’t very good at English.

If you see a message like this click Cancel and close the window.

There’s been lots of talk lately about swine flu, and there have been lots of PDF files emails back and forth with information about it.

One such PDF file was found to have a password stealing malware hidden in the code that installs itself using a vulnerability in Adobe Reader. After it installs the malware it then opens a legitimate document with information about swine flu.

The document is called The Association of Tibetan journalists Press Release.pdf

If you see this in an email delete it without opening it, and let the sender know that it contains a password stealer.

Malwarebytes Anti-Malware is a Windows tool to remove malware. I’m always explaining how to prevent malware in the first place, but if it’s too late for you and your PC is infected, this tool is great at removing it.

There’s a free trial and a full (paid) version. The free trial is enough to help clean your PC. The paid version will help prevent future infections.

Today they announced that this product has cleaned 1 billion PCs over the past few years. That’s quite impressive. And it’s also scary to think that 1 billion people had their PCs infected with malware – if only they would read Fraudo and prevent the infections

You can download it here.

AVG has been making anti-virus products for years, they’re a trusted company. They’ve now made one of their products free, and it would be useful for many of you. It’s called AVG LinkScanner.

It’s a plugin for FireFox and Internet Explorer. It checks every web page you load, and if it’s a known dangerous site it stops it from loading, protecting you before any malware gets a chance to run.

This is very useful if:

1. Your main web browser is FireFox or Internet Explorer, and
2. You use Windows, and
3. You haven’t invested in a good anti-virus package.

It’s a fact that a lot of malware (including viruses, spyware, adware, etc) installs itself when you visit a hacked page. Most of the time you won’t know it’s happening – it’s important to install something that helps protect you.

Download it for free from: http://linkscanner.avg.com/

A spam email promising some SMS spying software actually installs malware. Below are some examples of the spam:

• Keep a spy eye on your Girlfriend’s mobile
• Do you want to catch a cheating girlfriend?
• You can read anyone’s SMS
• Read his messages

Lines such as the ones above might catch someone’s curiosity. If they click on a link they’re presented with a fake web page for their SMS spying software. The fake site says,

Get Your Free 30-Day Trial!

Do you want to test your partner or just to read somebody’s SMS? This program is exactly what you need then! It’s so easy! You don’t n3eed to install it at the mobile phone of your partner. Just download the program and you will be able to read all SMS when you are online. Be aware of everything! This is an extremely new service!

The download actually installs malware on your PC.

Ransomware is malware that holds your files for ransom. Here’s a real life example of how it works:

1. You click on a link to a web page. This web page has been hacked but you don’t know that.
2. A message comes up on your screen telling you that you might have malware on your PC.
3. You click on a button to start their scanning program. It pretends to do a scan of your PC. This fake program can be called AntiVirus2009, FileFixerPro, or FileFix Professional.
4. In the background it’s going through everything in your My Documents folder and encrypting all of the files. The encrypted files are now useless to you.
5. A message comes up asking you for $50 to get a program that will unencrypt your files.
6. If you pay, you may or may not receive a program that unencrypts them. The hackers would also then have your credit card details.

It’s a terrible situation to be in.

There are quite a few things you can do right now to prevent this from happening:

• Make a backup of your files. If you’ve never made a backup before then try to do it today, don’t waste time. If you ever lose your files, or you’re a victim of ransomware, you can just recover from your backup.
• When unexpected windows popup asking to do a scan of your PC, have a good think who’s asking. It’s an unsolicited request, so it’s probably a scam.
• Install a good anti-virus package. One that scans every web page you access.
• Start using one of the alternative web browsers, such as Chrome, Opera, FireFox, or Safari. These four browsers are better at detecting hacked web pages and at preventing malicious code from running. (They’re better than IE but not 100% safe).
• Keep reading Fraudo to stay on top of these scams. You can subscribe to the RSS feed or by email (the email option is on the top right corner of this page).

And if you’re unfortunate enough to have this happen to you, there’s a free tool that may be able to recover your files. I bolded the word may because the hacker’s technology is getting better all the time and if they did things right it would be impossible to unencrypt it without paying. But for now you can try the method shown on this page.

Right after the StalkDaily Twitter worm was fixed up there’s another. It’s called cleaningUpMikey. The way it works is a little different:

If you receive the Twitter message shown below and click on the profile, some code runs in your web browser and it starts sending the same message to others. You don’t need to go to a 3rd party web site, making it a little different (and much riskier).

The Twitter message is:

Twitter, hire Mikeyy!

If you receive this, remove it or ignore it (depending on your client).

Incidentally, Mikey is the person who wrote the StalkDaily Twitter worm. And it’s unconfirmed who wrote this one.

Some messages are being sent on Twitter right now that are part of a worm. If you receive one of the following Twitter messages ignore it and don’t click on the link.

• I love www.stalkdaily.com
• wow… www.stalkdaily.com
• Join www.stalkdaily.com everyone!
• Hey everyone, join www.stalkdaily.com. It’s a test site like Twitter but with pictures, videos, and so much more!
• Woooo, www.stalkdaily.com
• Virus? What? www.stalkdaily.com is legit!
• Dude, www.stalkdaily.com is awesome. What’s the fuss?

If you click on the link some code runs in the background that sends the same messages but from your own Twitter account.

Is it harmful? No, it was a publicity stunt by a site called StalkDaily. This is what a worm is, something that spreads through the internet similar to a virus but without infecting files. It’s still not a good thing to have around.

In this case it’s harmless but it could have been harmful. By the time you click the damage could have been done.

Some new PowerPoint files are being sent around the internet that do some bad things. When you open the PowerPoint file it runs a program that lets others connect to your PC, it then installs more malware onto it. And finally it cleans up the original PowerPoint file to make it more difficult to detect that the PC has been infected.

The following versions of PowerPoint are affected:

• PowerPoint 2000 Service Pack 3
• PowerPoint 2002 Service Pack 3
• PowerPoint 2003 Service Pack 3
• Microsoft Office 2004 for Mac

If you’re using PowerPoint 2007, just the PowerPoint Viewer (not the full version), or Office 2008 for Mac, then you’re safe.

If you receive spam with an attached PowerPoint file delete it.

Here is Microsoft’s advisory about this problem.

There are a few YouTube videos promoting a product called Wii Points Generator. This product is supposed to create Wii points (Wii is Nintendo’s game console). The video shows a link to download a program called generator.exe.

The program does not generate any Wii points. It’s a scam that installs a trojan that then downloads more malware.

There are also videos on YouTube that claim to show you how to create XBox points and iTunes gift cards. These are also scams that install viruses.

Another Mac trojan. There’s a program for Macs called MacCinema Installer. The filename is: Flash.Player.Update.v9.19.dmg. Some web sites claim that you need to install it to watch their videos.

When you install it, it adds something to your Mac so that every 5 hours it will try to download malware. So if your Mac becomes infected with malware and you clean it, in 5 hours it’ll download another one. This is pretty common these days.

So if you come across MacCinema don’t install it. And if a web site tells you that you need to install something to watch their videos, don’t trust it (this applies to Mac OS X, Linux, and Windows).

Ghostnet is the name given to some malware that’s been spreading around the world recently. This sort of thing happens every day, but what’s different about Ghostnet is that it has mainly targeted political offices.

This can’t be an accident or coincidence. So far 1,300 computers have been found to be infected with Ghostnet (not many), including the computer used by the Dalai Lama, a NATO computer, computers in the embassies of India, South Korea, Indonesia, Romania, Thailand and many other government offices around the world. These were clearly targeted.

What’s Ghostnet do? Researchers have found that it can turn on the camera and microphone on computers that have one, allowing people to spy in a room (or office). Can malware really do things like that? Yes, malware can do anything on a PC, that’s why it’s important to protect your PC.

Who’s behind Ghostnet? Researchers have directly accused the Chinese of operating it.

How do you get it? So far it seems people are tricked into downloading a file that infects the PC. Specific people are targeted and asked to download the file. This is called social engineering. And because they only targeted a small number of people it takes a long time for anti-virus companies to find out about it and to update their anti-virus programs.

There’s some spam pretending to be from Delta Airlines. It tries to trick readers into opening the attached file, making readers believe that the ticket has been paid in full and that it’s ready to be used by the reader. The attachment is a trojan that gives people complete access to the PC and tries to download more malware every time you reboot.

Below is an extract from the fake email:

Thanks for the purchase!

Booking number:

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

…and on and on…

If you see this email delete it, don’t open the attachment.

Macs are not immune to malware such as trojans. At the moment there are some pirated copies of Apple iWorks 2009 and Adobe Photoshop for Mac, and some people think it’s a good idea to download pirated software. Unfortunately there’s currently a trojan called OSX_RSPLUG.B that is hidden in some pirated versions of these programs. So people installing it, thinking they’re getting free (and illegal) copies of these programs are actually installing malware.

This malware changes network settings on the Mac and redirects web pages to somewhere else.

So yes, Macs can have Malware. And never trust pirated software (it’s also bad for the companies that spend time and money making software, and it’s illegal).

There is a competition where people try to hack web browsers (they call it Pwn2own) , the winners get thousands of dollars in cash and prizes. Below are the results of the competition. It says a lot about which web browsers are safer than others:

• Safari running on Mac OS X – hacked in 10 seconds
• FireFox running on Windows – hacked
• IE 8 running on Windows – hacked
• Chrome running on Windows – was not hacked

When a web browser is hacked (like in this competition), it means someone out there in the real world can do things on your computer, such as installing a virus or taking control of your PC.

You can see photos of the winners here. These are talented people that are using their skills to help developers fix their browsers. There are many more people who use their hacking skills to install malware and steal money from people’s bank accounts (this isn’t just about winning competitions).

The best thing you can do right now is:

• Stop using Internet Explorer (IE) for everything.
• Use Google’s Chrome as much as possible, at the moment it seems to be the most secure browser
• Keep updating your web browser – the latest updates are there to fix up bugs and security vulnerabilities
• Keep updating Windows (or Mac OS X or Linux) whenever a new update is released.
• Install a good anti-virus package that blocks web sites that have malware on them. This might cost you a bit of money (you usually have to pay a yearly subscription fee) and it’s a good investment.
• Don’t be ignorant and assume it won’t happen to you.
• Keep reading Fraudo to learn about online fraud and what you can do to prevent it.