Category Archives: Malware - Page 2

Fake Adobe Acrobat Links

The email shown below is not from Adobe, it’s a fake. It has words that would get most people’s attention but the links in the email do not point to any real Adobe products. If you receive this email, delete it. Don’t click on the links.

The fake email looks like this:

Dear Customers,
Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.
http:// www.adobe-new-software.com
Advanced features include:
– Collaborate across borders
– Create rich, polished PDF files from any application that prints
– Ensure visual fidelity
– Encrypt and share PDF files more securely
– Use the standard for document archival and exchange
To upgrade and enhance your work productivity today, go to:
http://www.adobe-new-software.com
If you have any question please contact us at: support@adobe-new-software.com
Best regards,
Michael Lobenberg
Adobe Acrobat
Copy rights © Adobe Acrobat 2010 – All Rights Reserved
Website: http:// www.adobe-new-software.com

Dear Customers, Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.
http:// www.adobe-new-software.com Advanced features include:
– Collaborate across borders- Create rich, polished PDF files from any application that prints- Ensure visual fidelity- Encrypt and share PDF files more securely- Use the standard for document archival and exchange To upgrade and enhance your work productivity today, go to:
http://www.adobe-new-software.com  If you have any question please contact us at: support@adobe-new-software.com Best regards, Michael Lobenberg Adobe AcrobatCopy rights © Adobe Acrobat 2010 – All Rights Reserved Website: http:// www.adobe-new-software.com

Adobe does not send out emails like this. Acrobat Reader can update itself by showing a small window with update information (and you should update it as soon as updates are released). You should not have to visit a web site to download Acrobat updates.

Chase.com Scam Email

The following email is a scam, it looks confusing and encourages readers to click on a link. And there are many links in this email, all pointing to a hacker’s virus infected site.

Below is the email, with personal details and all of the malicious links removed:

Dear …,

Thank you for scheduling your recent credit card payment online. Your ($USD) $117.00 payment will post to your credit card account (CREDIT CARD) on 08/06/2010.

Now that you’re making your payment online, are you aware of all the convenient ways you can manage your account online?

Just log on to www.chase.com/creditcards today. Using the "I’d like to…" links for your credit card account, you can access more than a dozen features, including links to:
See statements – Choose to stop receiving paper statements, and see up to six years of your statements online.
See automatic payments – Set up monthly payments to be made automatically.
Transfer a balance – Transfer a balance to your credit card account.
Go to Personalized Alerts – Schedule Alerts to remind you of key account activity.
You can also see past payments you’ve made online by logging on to www.chase.com/creditcards and clicking "See/cancel payments" under "I’d like to …"

If you have questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Sincerely,
Cardmember Services

Never trust emails like this, especially if you don’t have an account with the company.

A useful trick to spot these scams is:

  • Identify which company the email claims to be from. In this case, it’s a company called Chase.
  • Place your mouse pointer over a link, but don’t click.
  • Look at the bottom of your screen, you should see the real link it points to. (You need to be using a modern web browser for this to work).
  • If the addresses don’t match then it’s likely a scam.

E.g., the email above talks a lot about chase.com. This is a real company in USA. scam link - do not visit this siteWhen I place my mouse pointer over the link, my browser says it goes somewhere different. The addresses don’t match, this is a scam. See the picture on the right.

Fake Website Warning

As if malicious web sites weren’t enough of a problem now we have web sites with fake warnings that look just like the real thing.

Google Chrome has an excellent system that warns of dangerous web sites. When you click on a link to a dangerous (malicious) site, hopefully it will give you a large red warning page.

Now someone has been using this to trick people into thinking the website is malicious. It also asks you to download something called “Google Chrome secure updates” – this is bad, you shouldn’t have to install anything.

Here is the fake warning message (click to enlarge):

fake warning message

The popup message says:

This web page has been blocked based on your security preferences. Click ‘OK’ to download and install Google Chrome secure updates.

And here is the real warning message:

real warning message

So never trust web sites that ask you to download anything, and if in doubt search Google for more information.

Emails That Ask You To Run An Attachment

Any unsolicited email that asks you to open an attachment is bad. If that attachment is a program then you can consider it a scam. Below is an email I received with a link to malware. It’s asking me to download and run an unknown program. The email also says it was sent by me, rather odd. I’ve removed personal details from the email,

A new settings file for the <email address> has just been released

Dear user of the <email address> mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)

http://<removed>/ settings.exe

Best regards, <email address> Technical Support.

The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.

Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.

Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.

Fake Virus Scan

Here’s something that happens every day, a message appears in your web browser telling you a virus was found and to click OK to do a scan. To get straight to the point, this is a fake antivirus program designed to trick you into installing real malware.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

fake2

fake3

This type of scam happens on both Windows and Mac computers.

Infected Samsung S8500 Wave SmartPhones

Samsung’s new phone, the S8500 Wave, has appeared in Germany with its memory card infected with malware. And it’s fairly dangerous, if it installs itself onto your computer it will download backdoor programs and spyware, making your computer wide open to hackers and criminals. Prevention is definitely better in these cases.

The malware can affect Windows computers if you connect the phone to the computer. It’s as simple as that.

There are a couple of things you can do to avoid this malware, and to avoid similar malware in the future from similar scenarios:

  • Disable the autorun feature in Windows (click here for instructions)
  • Install a good antivirus package.

This type of problem is becoming more frequent – ordinary consumer devices infected with malware at the factory.

Facebook Password Reset (Virus)

I received an email that claims to be from Facebook (it’s a forged email). The email is designed to trick people into opening the attachment. Here’s what the it says,

Hey [name removed],

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Facebook Team

There’s another version some people have received that is similar but has a different introduction and sign off,

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
Your Facebook

Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.

So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.

ICS Monitoring Team

Another email designed to scare you and possibly make you curious enough to open an attachment.

The attachment has a virus, of course. And the email has all of the usual traits such as poor spelling and grammar. Below is what it says,

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

If you receive this email, delete it. Do not open the attached file.

Microsoft Does Not Send Updates By Email

Companies do not send updates by email, including Microsoft. They use other methods to tell their users about updates then expect users to download the updates themselves. Attachments in emails are generally bad.

So the following email I received is clearly an attempt to spread malware. It’s an email that claims to be from Microsoft – a quick look at the email’s header shows that it came from branchen4u.de. Not Microsoft.

So apart from the suspicious attachment and forged sender address, the other thing that tipped me off is that I don’t actually use Microsoft Outlook or Outlook Express.

Below is a copy of the infected email:

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

There was a zip file attached that contains the Bredlab trojan. If the trojan were installed it runs quietly in the background downloading viruses and other malware.

So again, don’t trust unsolicited emails. I didn’t ask Microsoft to email me patches so this one was unsolicited. And it turns out it contained a trojan.

You should also have a good antivirus package installed.