A new settings file for the <email address> has just been released

Dear user of the <email address> mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)

http://<removed>/ settings.exe

Best regards, <email address> Technical Support.

The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.

Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.

Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

This type of scam happens on both Windows and Mac computers.

The malware can affect Windows computers if you connect the phone to the computer. It’s as simple as that.

There are a couple of things you can do to avoid this malware, and to avoid similar malware in the future from similar scenarios:

• Disable the autorun feature in Windows (click here for instructions)
• Install a good antivirus package.

This type of problem is becoming more frequent – ordinary consumer devices infected with malware at the factory.

Hey [name removed],

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Facebook Team

There’s another version some people have received that is similar but has a different introduction and sign off,

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
Your Facebook

Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.

So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.

The attachment has a virus, of course. And the email has all of the usual traits such as poor spelling and grammar. Below is what it says,

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

If you receive this email, delete it. Do not open the attached file.

So the following email I received is clearly an attempt to spread malware. It’s an email that claims to be from Microsoft – a quick look at the email’s header shows that it came from branchen4u.de. Not Microsoft.

So apart from the suspicious attachment and forged sender address, the other thing that tipped me off is that I don’t actually use Microsoft Outlook or Outlook Express.

Below is a copy of the infected email:

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

There was a zip file attached that contains the Bredlab trojan. If the trojan were installed it runs quietly in the background downloading viruses and other malware.

So again, don’t trust unsolicited emails. I didn’t ask Microsoft to email me patches so this one was unsolicited. And it turns out it contained a trojan.

You should also have a good antivirus package installed.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).

iPhones have some security built-in, courtesy of Apple. This security’s main purpose is to let Apple decide what you can and can’t do with the phone. For example, you can buy and install an approved program, you can’t install a hacked program.

Now there are plenty of people in the world who want to use their iPhones in ways not sanctioned by Apple, such as using it on a non approved network or running non approved programs. So these people remove this layer of security. This is known as “jail breaking”.

Now for a summary of what’s happened recently:

First, there was a practical joke called “rickrolling” – some people found their phone’s wallpaper (background image) changed to a photo of the singer Rick Astley. It was a practical joke, harmless.

How were these phones hacked? Someone wrote a program that looks on the internet for vulnerable iPhones and installs this wallpaper, then the program copies itself to that phone and does the same thing to others. (More details here)

It only affected some jail broken phones. People were told that it’s nothing to worry about.

Then a couple of days later someone else took this idea and wrote a malicious version that works the same way. Again, only some jail broken phones are vulnerable. Except this time instead of being a practical joke it steals personal data.

It connects to a server in Lithuania and lets hackers connect to the phone and do what they want (such as stealing passwords and reading SMS’s). This is bad.

How can you protect your iPhone?

• Firstly, if you don’t jailbreak your phone you have nothing to worry about.
• If you do jailbreak your phone you need to change a special password that’s built into the phone. The password is usually “alpine” – you can’t see this password unless you know what you’re doing but it’s there and it needs to be changed. There are instructions here on how to do this.

Summary

An iPhone is a “smartphone”, meaning that it basically works like a computer and it has an internet connection just like a computer. And like computers it can be hacked and can get viruses. Apple goes to a lot of trouble to make sure everything works well (it’s in their best interest to deliver a quality product) so people who go about circumventing the device’s security are taking a great risk.

Because of the measures taken to provide safety to our clients, your password has been changed.

You can find your new password in attached document.

Thanks,

The Facebook Team

If you see this email just delete it. Don’t click on the attached file.

1. You visit a web page that has been hacked. It’s an ordinary web page (such as a news site), nothing looks out of the ordinary.
2. A trojan is installed on your computer without your knowledge. It sits there on your PC waiting and watching.
3. You log onto your internet banking site. Everything still looks normal.
4. The trojan detects that you’ve logged into an internet banking site and it makes a transaction, transferring money from your account to the account of a money mule (more on this later).
5. When you look at your bank statement online, the trojan captures the network data and changes it to hide the transaction it made. The numbers it shows on the screen have been altered.

Step 5 is the sophisticated part of this attack. Normally you’d notice if money was transferred from your bank account without your approval, but the trojan hides this by showing you a fake statement on your screen. If you can’t see the money being taken from your account the criminals have more time to keep making withdrawals.

The amount of money it steals is different each time so that the bank’s anti-fraud detectors don’t see the pattern of theft.

More details here on this attack works.

So what’s a money mule?

Stealing money from people’s bank accounts is a big business. Criminals not only write sophisticated malware to carry out the transactions, they also recruit money mules to launder the money.

They place ads online offering jobs to desperate people. These jobs require no experience and you work from home (sound familiar?). People who sign up to these jobs receive money in their bank accounts, then they have to transfer it to someone else’s account. They do this willingly and are paid for it, but they usually don’t know that it’s part of a criminal organisation.

This is how the criminals receive their stolen money and cover their tracks. It’s a form of money laundering and is illegal. And to avoid a pattern detection they usually only use these money mules twice.

Here’s an example of a money mule job ad.

Lessons Learnt:

• Always use an antivirus program that not only scans your PC for malware, but also checks every web page you go to. Good antivirus programs cost money and it’s a good investment to protect your online security.
• Only use internet banking from a PC you trust.
• Always update your PC with the latest patches. For example, tomorrow there’ll be a large Windows update, you should install this as soon as possible (after you make a backup).
• Don’t trust job ads that promise the world for little to no effort.

• Their anti-virus programs blocks 1 billion malware a month. That’s 1,000,000,000 attempts to install viruses, trojans, password stealers, etc on to people’s PCs. A month. And that’s just by one small company.
• 1 in 15 people encounter a malware every day.
• They find about 3,000 new malware each day (that’s new and unique viruses, trojans, etc). They have 2.1 million in their database.

These statistics are not just marketing numbers, they give you an idea of how serious a problem malware is. If you don’t have a good anti-virus system installed on your computer they you need to take action now (today) and install something to protect you. Good anti-virus systems generally cost money – it’s a good investment, the cost of not buying one is usually greater.

And get something from a known vendor. Last week I talked about a comparison of anti-virus programs, you can use this as a guide.

And Macs and Linux computers aren’t safe either.

… Has Invited You To Play Monopoly

Monopoly Invite

Monopoly2009.com

If you see this email delete it, it’s a trick to get you to download malware. The website asks you to download a file called monopoly.exe – this is the malware, don’t download it.

Some people have been posting messages on Facebook saying:

to all those using FAN CHECK APPLICATION, please delete it & all its pictures, it contains a virus & takes 24-48 hours 2 infect everyone on your friends list please copy and paste 2 your status to let everyone know

Firstly, malicious Facebook apps do exist. The ones I know of are called Posts and Stream applications. They’re not viruses but they try to trick you into providing personal data (called phishing).

Secondly, Fan Check Virus doesn’t exist, but nevertheless there is a danger. What’s happening is that the virus writers have created web pages infected with real malware and fake antivirus programs.

So if you search for Fan Check Application on Google, you’re likely to end up on the infected web page looking for information, and that’s how your PC gets infected. Clever, right? So all the people writing about Fan Check haven’t done any research and are actually helping to spread the real malware.

There’s a video explaining more about it here.

And it seems this isn’t the first time this strategy was used. Another fake Facebook virus called Error Check System works in the same way, if you Google for information on it you’ll likely end up on a web site with a fake anti-virus product.

PDF Reader 2009 – New Version for Windows and Mac
The latest PDF Reader: Open, Edit & Create PDF Files
http://www.adobe-pdf-update.info
Included in this package:
Open Office Suite – Get things done more quickly and improve your work efficiency.
-Open, edit and view all PDF files.
-Enhanced performance with faster loading and zooming.
-Collect your data and combine it into a high quality document.
http://www.adobe-pdf-update.info

Download the complete Office solution today and also receive free updates
and 24/7 customer support.
"Since the 90′s, PDF has become the standard file format for document exchange." – Adobe
http://www.adobe-pdf-update.info

Thank you for choosing us, the worldwide leader in PDF Reader Solutions.
Best Regards,
Mary Norman
PDF Reader 2009

Adv Media Ltd  | 890 Avenue| Sydney | 1002 | Australia

Click here :
http://www.listmanagerservices.com/unsubscribe.php?M=
to Unsubscribe out of mailling list.

Apple has responded with a patch (called 3.0.1) that fixes the vulnerability. It can be downloaded and installed using iTunes.

Apple has more info here.

My home video

If you click on the link it takes you to a video page and asks you to download a new codec. I’ve written about the dangers of installing  new codecs, read about it here.

So don’t click on these Twitter messages.

There are people out there who hack into people’s home PCs (the PCs of ordinary people like you and me). They usually write a virus to do this, or pay someone to write the virus. Then when they’ve hacked into a home PC, they add it to a list.

After a few days they can get about 500,000 home computers on their list (yes, they work very fast). So once the hacker has hundreds of thousands of computers on their list, he writes a program that can control them all at once.

Now keep in mind that most home users won’t know their PC has been hacked. Everything still looks normal.

The hacker then sells this list of PCs to a spammer. The technical word for this list of controlled PCs is called a botnet.

A spammer buys this list of hacked computers and the program that controls them all at once. He uses also buys an email list from someone else (a list with millions of people’s email addresses). He presses a button, and all of the home PCs he’s controlling start sending out spam.

Again, home users don’t know their PC is now being used to send out spam. They might notice their internet go a little slower but most people don’t have the technical skill to work out why. It just gets ignored.

The spammer then sits back, relaxes after doing his 5 minutes of work. If anyone gets caught for sending spam it’ll be the home user, not him. The home user is ignorant of what’s going on. The hacker made his money and will do it again. And the cycle repeats again after a few days.

So how much spam are we talking about?

The largest botnet in operation in June 2009 is sending 74 million spam emails a day, all of this from people’s home computers. That’s a lot of spam.

What can you do?

Don’t let your own computer become part of a botnet. Use a good antivirus product, scan for malware, and fix up any problems.

So can they spread malware such as viruses? Yes, they certainly can. On many Windows computers, when you plug in a USB drive it does a quick search and it can run programs installed on them. Microsoft calls this a feature.

But malware authors (bad hackers) know all about this and they write malware that runs as soon as the device is plugged into a computer. You won’t know it’s happened, malware can install itself quietly in the background without getting in the way of your work.

So what do you do about it?

• Be cautious about what you plug into your computer
• Have a good anti-virus package installed that can scan these devices for you
• You can disable a feature in Windows that automatically runs programs on these USB drives
• In an office environment a good system administrator can lock down this feature across the entire network

What else can plug into your USB port and carry malware?

• USB Flash drives (also called flash drives, pen drives, thumb drives or USB sticks)
• Digital cameras
• MP3 players (including iPods)
• Mobile phones (cell phones)

And if you’re thinking how can malware get onto a camera, I’ve seen it myself. A friend took their camera to the local shop to print some photos, then lent me the camera so I could help them with something, I detected a virus that installed itself on it from the shop.Yes, it really happens. Take care with USB devices.

If you receive any of the emails shown below, delete them:

Subject: Outlook Setup Notificataion

You have (1) message from Microsoft Outlook

Please re-configure your Microsoft Outlook again.

Download attached setup file and install.

Subject: TheBat Setup Notification

You have (98) message from Outlook Express.

Please re-configure your Outlook Express again.

Download attached setup file and install.

Not only does it install malware, it also asks you for your user ID and password.

Here are some tips to help you avoid this sort of scam:

• When you use any online banking service, look for the padlock icon in your browser. Then click on it, it needs to say your bank’s name, it’s full web address, and shouldn’t show any errors.
• If you receive an email from your bank, don’t click on any links. Instead, open a new web browser and type in your bank’s web address. This way you can’t be tricked into clicking the wrong link.
• Always be wary when you receive unsolicited emails. More often than not they’re scams.
• Use a good antivirus product

If you click, it runs a trojan on your computer that uses your Facebook account to send the same message to all your contacts.

The message has a few variations, such as the ones below:

Veryy veryy funnny videoo of you..;)

Donn’t cryy! Yoour mom wiill nnever see thhis moviee.HA-HA-HA!!

Check out my video: http…etc…

AA-ha-ha, i saw yourr a__ in the internnet! lol My a__ has not been on the internet. My hubby won a nipp

Yoou’ve bbeen fiilmed! Haven’’t you notiiced?Is this whatIra is talking about?

If you see these in Facebook don’t click on it. And tell the person who sent it that their PC might be infected with malware.

When Malware Doctor first starts up it pretends to scan your PC for viruses and other malware. Then it tells you it found a few things that shouldn’t be there.

It then says that you’re using an unregistered version of Malware Doctor and that you need to pay for the full version to remove the malware.

It’s a scam, if you see Malware Doctor on your PC you need to take action to clean your PC.

How does Malware Doctor appear on your PC?

There are viruses that spend their life downloading malware (viruses, trojans, etc) and installing them on your PC. So if you have Malware Doctor on your PC it means you have more malware that keeps installing it. A big problem.

How do you get rid of it?

There’s a procedure here. If this is too technical for you then you’ll need to get your PC serviced.

Always have a good anti-virus product on your PC that prevents all this malware from installing in the first place. It’s easier to prevent malware than it is to fix.

This new one’s the kind that asks you for money, it’s called System Security. It begins when you download the program believing it’s a new anti-virus product. It’s designed for Windows PCs.

When you install it, it pretends to scan your PC, then informs you it found a whole lot of malware on your PC including viruses, adware and spyware. This part is meant to scare and shock you.

Then it does something truly evil, it stops you doing anything on your PC until you “activate” the anti-virus. And by activate they mean pay them money. So at this stage the only thing you can do with your PC is go to the scammer’s website (which looks nice and professional), hand over your credit card details, and they’ll supposedly make your PC work again.

If you happen to download and install this fake product and it blocks your PC from working, don’t give them your credit card details or otherwise pay for it to be unlocked. You will be able to boot your PC in Safe Mode – ask for a PC technician to help you with this if necessary. You’ll then be able to remove the fake anti-virus.

This highlights the importance of using a good anti-virus product, one that’s known and respected in the IT industry. I generally try not to recommend one product over another but below are some of the trusted anti-virus companies available today:

• Trend Micro
• Symantec / Norton
• McAfee
• F-Secure
• AVG

There are many more and the market’s always changing. Feel free to write about your preferred products in the comments below. These days you can buy them online or walk into a computer store and buy one.

The email has an attachment that is supposed to be an invoice. Instead the attachment infects your PC with a virus that waits for you to use internet banking then steals your password.

The email reads:

Dear client!

The money transfer you have sent on the 12th of April was not collected by the recipient. Due to the Western Union regulation the transfers which are not received in 15 days are to be returned to sender.

To collect money you need to print the invoice attached to this email and visit the nearest Western Union branch.

Thank you!

If you see this email, or one similar to it, delete it. Western Union didn’t really send it. And don’t open the attachment.

Tell-tale signs of a scam email:

• There are a few grammatical errors in the email. It’s common for scammers to have poor English skills (though they’re getting better)
• Did you send money with Western Union in the past 15 days? If not then it’s almost definitely a scam. Don’t be tempted.
• If you’re unsure, copy & paste parts of the email into Google. Then read through the results looking for evidence of known scams.

You should also be scanning your email for spam and malware. This will filter out most of the scams before you have a chance to read them.

There was another Western Union scam that has been quite popular, read about it here.

What’s wrong with Torrents?

• Don’t download Windows from file sharing systems such as BitTorrent. Get it from Microsoft or one of their vendors.
• If you download free operating systems such as Linux from torrents know how to do a checksum test.
• Don’t use pirated software. Apart from being immoral and illegal, pirated software is often plagued with malware.

What if you already downloaded Windows 7 RC from BitTorrent? The safest thing to do is to download it again from Microsoft’s site, reformat your PC, and reinstall the official version. It can be safely downloaded from: http://www.microsoft.com/Windows/Windows-7/download.aspx As a side note I’d like to point out that Windows 7 RC is a test version, it’s not the finished product. And while it’s free for now it has a couple of restrictions:

• on 1 March 2010 it will start rebooting every 2 hours
• on 1 June 2010 it will completely stop working.

Update: There are now 25,000 PCs infected with the malware as a result of downloading the wrong copy of Windows 7 RC. These 25,000 PCs are being controlled by hackers as part of a botnet.

The malware found on this device is designed to steal passwords. More detailed info here.

It’s unfortunate that these days many devices have been shipped from the factory with viruses and other malware, such as digital photo frames and MP3 players.

The short answer is yes.

A botnet is a collection of infected PCs under a hacker’s control. There are millions of PCs today forming these botnets (millions of infected home computers being controlled by hackers). Some new research on botnets shows that they sometimes include code to completely disable the PC.

In April 2009 a malicious hacker decided to “kill” the PCs he was controlling using a botnet. It disabled Windows on 100,000 computers, making all those PCs useless until a technician can repair it. (This is a slight simplification but for the general public it’s accurate enough). These 100,000 computers belonged to real people using their computers at home or at the office. One day it just stopped working because a malicious hacker thought it’d be fun. You can read more detailed information about this here.

And then there are other malware (viruses etc) that can damage the PC in more serious ways. In March 2009 researches created a sample malware that writes itself to the computer’s BIOS (the BIOS is inside a chip inside the PC) . Reformatting the PC won’t remove it, buying a new hard drive won’t remove it either, and they claim that even a “BIOS flash” won’t remove it. You’d have to buy a new PC (or if you’re technical, a new motherboard) to fix it. More info here.

In the past there have been viruses that could damage drives and monitors but there’s been very little of this lately.

So overall malware can cause your PC to visit a repair shop for servicing, which is not only an inconvenience but also costly. It’s always better to prevent malware than to repair the damage (and often you may not know a PC is infected). And the usual tips apply here:

• Use a good anti-virus package, the kind that updates itself several times a day and scans web pages as well as files. They’re not expensive.
• Always patch and update your programs, including your operating system (Windows, Linux, Mac OS X).
• Never assume it can’t happen to you or that your computer is somehow better than others.
• Use one of the newer browsers such as FireFox, Chrome, or Opera. Read about browser hacking here.
• Don’t download programs from hacker sites such as password generators (they’re usually infected with malware).
• Don’t be tricked into installing something to watch a funny video. If your computer can’t play the video as it is then it’s probably not worth watching. Read more about it here.
• Don’t be tricked by fake anti-virus programs. Examples here.
• And backup your files. Do this often.

Sometimes hackers find innocent web sites and find a way to hack it and add malware. Below is an example. A (fake) message comes up telling you your PC is infected:

Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs.

Notice that the message is full of grammatical mistakes, scammers generally aren’t very good at English.

If you see a message like this click Cancel and close the window.

One such PDF file was found to have a password stealing malware hidden in the code that installs itself using a vulnerability in Adobe Reader. After it installs the malware it then opens a legitimate document with information about swine flu.

The document is called The Association of Tibetan journalists Press Release.pdf

If you see this in an email delete it without opening it, and let the sender know that it contains a password stealer.

There’s a free trial and a full (paid) version. The free trial is enough to help clean your PC. The paid version will help prevent future infections.

Today they announced that this product has cleaned 1 billion PCs over the past few years. That’s quite impressive. And it’s also scary to think that 1 billion people had their PCs infected with malware – if only they would read Fraudo and prevent the infections

You can download it here.

It’s a plugin for FireFox and Internet Explorer. It checks every web page you load, and if it’s a known dangerous site it stops it from loading, protecting you before any malware gets a chance to run.

This is very useful if:

1. Your main web browser is FireFox or Internet Explorer, and
2. You use Windows, and
3. You haven’t invested in a good anti-virus package.

It’s a fact that a lot of malware (including viruses, spyware, adware, etc) installs itself when you visit a hacked page. Most of the time you won’t know it’s happening – it’s important to install something that helps protect you.

Download it for free from: http://linkscanner.avg.com/

• Keep a spy eye on your Girlfriend’s mobile
• Do you want to catch a cheating girlfriend?
• You can read anyone’s SMS
• Read his messages

Lines such as the ones above might catch someone’s curiosity. If they click on a link they’re presented with a fake web page for their SMS spying software. The fake site says,

Get Your Free 30-Day Trial!

Do you want to test your partner or just to read somebody’s SMS? This program is exactly what you need then! It’s so easy! You don’t n3eed to install it at the mobile phone of your partner. Just download the program and you will be able to read all SMS when you are online. Be aware of everything! This is an extremely new service!

The download actually installs malware on your PC.

1. You click on a link to a web page. This web page has been hacked but you don’t know that.
2. A message comes up on your screen telling you that you might have malware on your PC.
3. You click on a button to start their scanning program. It pretends to do a scan of your PC. This fake program can be called AntiVirus2009, FileFixerPro, or FileFix Professional.
4. In the background it’s going through everything in your My Documents folder and encrypting all of the files. The encrypted files are now useless to you.
5. A message comes up asking you for $50 to get a program that will unencrypt your files.
6. If you pay, you may or may not receive a program that unencrypts them. The hackers would also then have your credit card details.

It’s a terrible situation to be in.

There are quite a few things you can do right now to prevent this from happening:

• Make a backup of your files. If you’ve never made a backup before then try to do it today, don’t waste time. If you ever lose your files, or you’re a victim of ransomware, you can just recover from your backup.
• When unexpected windows popup asking to do a scan of your PC, have a good think who’s asking. It’s an unsolicited request, so it’s probably a scam.
• Install a good anti-virus package. One that scans every web page you access.
• Start using one of the alternative web browsers, such as Chrome, Opera, FireFox, or Safari. These four browsers are better at detecting hacked web pages and at preventing malicious code from running. (They’re better than IE but not 100% safe).
• Keep reading Fraudo to stay on top of these scams. You can subscribe to the RSS feed or by email (the email option is on the top right corner of this page).

And if you’re unfortunate enough to have this happen to you, there’s a free tool that may be able to recover your files. I bolded the word may because the hacker’s technology is getting better all the time and if they did things right it would be impossible to unencrypt it without paying. But for now you can try the method shown on this page.

If you receive the Twitter message shown below and click on the profile, some code runs in your web browser and it starts sending the same message to others. You don’t need to go to a 3rd party web site, making it a little different (and much riskier).

The Twitter message is:

Twitter, hire Mikeyy!

If you receive this, remove it or ignore it (depending on your client).

Incidentally, Mikey is the person who wrote the StalkDaily Twitter worm. And it’s unconfirmed who wrote this one.

• I love www.stalkdaily.com
• wow… www.stalkdaily.com
• Join www.stalkdaily.com everyone!
• Hey everyone, join www.stalkdaily.com. It’s a test site like Twitter but with pictures, videos, and so much more!
• Woooo, www.stalkdaily.com
• Virus? What? www.stalkdaily.com is legit!
• Dude, www.stalkdaily.com is awesome. What’s the fuss?

If you click on the link some code runs in the background that sends the same messages but from your own Twitter account.

Is it harmful? No, it was a publicity stunt by a site called StalkDaily. This is what a worm is, something that spreads through the internet similar to a virus but without infecting files. It’s still not a good thing to have around.

In this case it’s harmless but it could have been harmful. By the time you click the damage could have been done.

The following versions of PowerPoint are affected:

• PowerPoint 2000 Service Pack 3
• PowerPoint 2002 Service Pack 3
• PowerPoint 2003 Service Pack 3
• Microsoft Office 2004 for Mac

If you’re using PowerPoint 2007, just the PowerPoint Viewer (not the full version), or Office 2008 for Mac, then you’re safe.

If you receive spam with an attached PowerPoint file delete it.

Here is Microsoft’s advisory about this problem.

The program does not generate any Wii points. It’s a scam that installs a trojan that then downloads more malware.

There are also videos on YouTube that claim to show you how to create XBox points and iTunes gift cards. These are also scams that install viruses.

When you install it, it adds something to your Mac so that every 5 hours it will try to download malware. So if your Mac becomes infected with malware and you clean it, in 5 hours it’ll download another one. This is pretty common these days.

So if you come across MacCinema don’t install it. And if a web site tells you that you need to install something to watch their videos, don’t trust it (this applies to Mac OS X, Linux, and Windows).

This can’t be an accident or coincidence. So far 1,300 computers have been found to be infected with Ghostnet (not many), including the computer used by the Dalai Lama, a NATO computer, computers in the embassies of India, South Korea, Indonesia, Romania, Thailand and many other government offices around the world. These were clearly targeted.

What’s Ghostnet do? Researchers have found that it can turn on the camera and microphone on computers that have one, allowing people to spy in a room (or office). Can malware really do things like that? Yes, malware can do anything on a PC, that’s why it’s important to protect your PC.

Who’s behind Ghostnet? Researchers have directly accused the Chinese of operating it.

How do you get it? So far it seems people are tricked into downloading a file that infects the PC. Specific people are targeted and asked to download the file. This is called social engineering. And because they only targeted a small number of people it takes a long time for anti-virus companies to find out about it and to update their anti-virus programs.

Below is an extract from the fake email:

Thanks for the purchase!

Booking number:

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

…and on and on…

If you see this email delete it, don’t open the attachment.

This malware changes network settings on the Mac and redirects web pages to somewhere else.

So yes, Macs can have Malware. And never trust pirated software (it’s also bad for the companies that spend time and money making software, and it’s illegal).

• Safari running on Mac OS X – hacked in 10 seconds
• FireFox running on Windows – hacked
• IE 8 running on Windows – hacked
• Chrome running on Windows – was not hacked

When a web browser is hacked (like in this competition), it means someone out there in the real world can do things on your computer, such as installing a virus or taking control of your PC.

You can see photos of the winners here. These are talented people that are using their skills to help developers fix their browsers. There are many more people who use their hacking skills to install malware and steal money from people’s bank accounts (this isn’t just about winning competitions).

The best thing you can do right now is:

• Stop using Internet Explorer (IE) for everything.
• Use Google’s Chrome as much as possible, at the moment it seems to be the most secure browser
• Keep updating your web browser – the latest updates are there to fix up bugs and security vulnerabilities
• Keep updating Windows (or Mac OS X or Linux) whenever a new update is released.
• Install a good anti-virus package that blocks web sites that have malware on them. This might cost you a bit of money (you usually have to pay a yearly subscription fee) and it’s a good investment.
• Don’t be ignorant and assume it won’t happen to you.
• Keep reading Fraudo to learn about online fraud and what you can do to prevent it.

So what is safe mode? It’s basically Windows without all the frills, very simplified. It’s intended to help techies fix problems if Windows is broken.

There’s also an assumption that malware can’t hurt your computer if you start it in safe mode. This has been proven to be a false assumption. Malware can still run in safe mode.

To be protected from malware you need some common sense (you’ll get plenty of that from this site), and having a good anti-virus helps.

WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows NT Server 4.0
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair
utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

There’s a link at the end that takes you to a site made by these scammers. Their web page then tries to trick you into installing their malware.

Never click on these type of messages. Ignore them. Better yet you can set Skype to block messages from people you don’t know.

One in particular sends you an email with a random love note and a link to a web site. The web site has a bunch of hearts for you to click on. If you click on any it asks you to open a file called you.exe.

Any file that ends with .exe is dangerous. In this case it infects your computer with malware.

Below is what the web site looks like:

If you see this close the window and ignore it.

If you see this toolbar don’t download it or install it.

PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website ….

The website that was printed tells people they need to download a program called PictureSearchToolbar.exe. This program then downloads malware onto people’s PCs. The malware can change but at the moment it tells people their PC is infected and asks them to download more malware.

This is a new way to trick people into downloading malware.

You can avoid these tricks by being cautious on what you download. The rule of thumb is that you never need to download anything to view a picture or video on the internet, unless you either know what you’re doing or really trust the company giving you this information (e.g. if you’re using Windows you could trust Microsoft since they made the operating system you’re using).

You can also install a good anti-virus package that scans web pages. This needs to be updated daily which generally means you need a paid subscription. It’s a good investment.

Ad-Aware

They’re just released version 8 which they’re calling their Anniversary Edition. They have a free edition and 2 paid editions, each with different features.

If you download the free edition remember that you’ll need an anti-virus program on your PC (one that scans web pages as well as your PC).

Main Ad-Aware web page (has all 3 editions): http://www.lavasoft.com/products/ad_aware.php

Direct download to the free version: http://www.download.com/Ad-Aware-Anniversary-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5&cdlPid=10998841

These fake news sites are designed to get your attention and to go to their web page. Their web page then attempts to install malware on your PC.

Some of the fake headlines include:

• Barack Obama has refused to be a president
• Haven’t you heard latest news about our president-elect?
• Barack Obama abandoned sinking ship
• Obama doesn’t wany [sic] anymore to be a president

These fake sites have a professional look and feel. If you don’t have a good anti virus package installed it’s very likely your PC will become infected and you won’t know about it. The infection forms part of a botnet, meaning it’s under the control of someone else and will be used to commit online crimes.

So be cautious about these fake news articles. It’s highly unlikely that Obama has changed his mind at this stage. Use a good anti virus package that also scans web sites. And don’t use Internet Explorer, start using one of the popular alternative browsers such as FireFox, Opera, Chrome, and Safari.

Whenever something big happens in the news there are people that will always take advantage with made-up sensational headlines, designed to trick you into opening their web pages.

It happens when someone sends you a specially formatted SMS. Some phones that receive this special SMS stop working properly – they won’t receive any more SMSs (it crashes the SMS messaging system inside the phone).

On some phones this means it just doesn’t receive any more messages and it won’t tell you there’s anything wrong. On other phones there will be a message that says:

Not enough memory to receive message(s). Delete some data first

The SMS that causes this to happen can’t be seen in the phone’s inbox, so you can’t delete it.

Turning the phone off and on sometimes lets you receive one message before it stops working again – this seems to vary depending on the phone model.

It’s also good to know that making and receiving calls still works.

What can you do?

It’s not a common problem yet and hopefully it won’t become one. For now it requires someone to send you the special SMS – it doesn’t spread by itself like viruses do.

It’s also a good idea to make a backup of your phone’s data now before anything bad happens. Some phones have an option to do this easily. Consult your phone’s instruction manual for more info.

If your phone is affected your choices are fairly limited at the moment.

• You can perform a hardware reset on the phone. You will lose all data on the phone if you do this (phone book, messages, most probably photos, etc). Think carefully before doing this.
• Phone manufacturers might release a firmware fix soon. Nobody’s promised anything yet.
• Contact the company you bought the phone from, they might be able to help.
• A security company called F-Secure has an antivirus package for mobile phones that they say can fix the problem. They also have a 7 day free trial that you could try. Apparently you need to download their program directly from the phone. Link here: http://mobile.f-secure.com/downloads/trial/index.html

More Info:

There’s a video on YouTube that demonstrates how it works. Link here.

Phones at risk:

Nokia: E63, 5800, N85, N79, E66, E71, 5320, 6220, N78, N96, 6210, N82, E51, N81, N95, 6121, 6120, 5700, N77, E90, E61i, E65, 6110, N76, N93i, 6290, N75, E62, E50, 5500, N93, N73, N72, N92, N71, N80, E70, E61, E60, 3250, N91, N70, N90, 6682, 6681, 6680, 3230, 6670, 6630, 6260, N-Gage QD, 7610, 6620, 3660, 3620, 6600, 3600, N-Gage, 3650, 7650

LG: KT615, KT610, KS10

Samsung: I7110, INNOV8, SGH-L870, SGH-G810, SGH-i560, SGH-i550, SGH-i450, SGH-i400, SGH-i520, SGH-D730, SGH-D720

Panasonic: X800, X700

Lenovo: P930

Siemens: SX1