Free Screen Savers Carry Viruses

If you receive an email offering a free screen saver chances are the screen savers are infected with malware.

Screensavers are just like any other program and can carry malware. And as always you shouldn’t trust unsolicited emails offering something free.

3.6 Million People

Gartner is a well recognised research company. They’ve recently added up the numbers and come up with 3.6 million adults that lost money in 2007 due to phishing scams. In 2006 the figure was 2.3 million.

That’s a lot of people being conned and losing money online. According to this report it adds up to US$3.2 billion in USA alone.

Some tips you might find useful to avoid being of of these 3.6 million people:

• Never hand over personal details to people or web sites, unless you’re 100% certain of who you’re handing the details to.
• Pay attention to web addresses you click on. Read our article on this here.
• If you didn’t ask your bank or other service provider to send you an email then treat it as suspicious.
• Scammers always take advantage of popular events to send phishing emails. E.g., it’s now Easter so expect lots of Easter related scam emails.
• Be skeptical of what you read online. Chances are you didn’t really win a lottery in Spain without even buying a ticket.
• Use a good antivirus package that includes a web site scanner. The newer packages filter out fraudulent pages.

eBay Fraud

eBay fraud is rampant in Romania, Russia and China. In fact, eBay says that the majority of all eBay phishing emails comes from these countries.

Mark Lee is the trust and safety manager for eBay UK and he’s made the following comments:

• “[there's] no fear of real punishment [in these countries]“
• “These attacks are definitely organised”
• “There are towns in Romania where the entire focus is on sites like eBay as the main source of income”

There have been several hundred arrests in Romania after eBay initiated a campaign to stop fraud, in June 2007. But this hasn’t stopped them and it’s still rampant in these parts.

Techniques used by these criminals include asking eBay shoppers for personal details (when people bid or ask questions on the site) – this is known as phishing and the personal details are later used to commit other crimes.

If you use eBay to buy or sell goods have a read here [ http://pages.ebay.com/securitycenter/ ] for tips and tutorials on eBay security. And continue to read FraudO.com for online security tips.

FlashGet Malware

FlashGet is a popular free download manager. The latest version has a problem and someone exploited this problem causing anyone downloading this program to install a trojan on their computer.

Any version starting with the number 1.9 is susceptible to this problem. And if you downloaded it between the 29th of February 2008 and the 14th of March 2008 then it probably installed a trojan on your computer.

This is what FlashGet looks like:

Some useful advice:

• Use a different download manager
• Purchase a good antivirus package and scan your computer

Bypassing Passwords Using FireWire

If someone has physical access to a computer they have a pretty good chance of bypassing its security. This new attack uses the FireWire port found on some computers and notebooks to access its memory and change the system’s password.

It’s been demonstrated to work on  Windows XP and on Macs, and could possibly affect other systems.

It’s up to companies like Microsoft and other vendors to fix their software to disable this vulnerability. Some lessons to be learnt are:

• Restrict physical access to your computer
• Don’t let other people plug devices into your computer
• Apply software patches from vendors when they become available. Hopefully they’ll patch this problem
• And if you’re paranoid about this one you can disable FireWire on some computers (by disconnecting the cable inside the computer)

Here’s the article explaining how it works on Windows XP, and here is an article on how it affects Macs.

Microsoft Password Checker

Microsoft has a handy utility that rates your passwords. It doesn’t just look at the length of the password, it looks at how you mix upper case with lower case letters, numbers, punctuation marks etc.

When creating new passwords for your online services aim for Good or Best.

Try it here: http://www.microsoft.com/protect/yourself/password/checker.mspx

Note: there might be better password checkers in existence, I suggest this one because it’s hosted on Microsoft’s site. Whether you love them or hate them I believe their intentions are good and they won’t try to steal passwords.

Another Symbian Virus

There’s a new virus affecting mobile phones (cell phones) that use Symbian series 60. It’s been detected in China and is called Kiazha-A Trojan.

It gets transmitted through Bluetooth or MMS messages so you can’t completely avoid receiving it but you can delete it if it arrives on your phone.

It first deletes all text messages in the phone then displays a message asking for RMB 50 yuan (US$7) to get them back.

We have a list here showing some of the more popular phones that are vulnerable. If your phone uses Symbian S60 then be aware of virus messages like this one and delete them if you receive it.

It’s also a good idea to backup your phone’s contents to a memory card every couple of months.

Windows powered phones are also susceptible to viruses, as we’ve mentioned here.

G-Archiver Password Theft

G-Archiver is an archival tool for Gmail. It lets you backup your Gmail emails to your computer. It’s been discovered that it also has a darker purpose.

G-Archiver costs US$29.95, and it does what it claims. To use it you enter your Gmail username and password, and it downloads emails to your computer as a backup.

Unfortunately the program has also been sending people’s usernames and password to the program’s creator (identified as John Terry).

If you’ve used G-Archiver before then uninstall it and change your Gmail password.

PayPal Phishing

There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:

Subject: PayPal Account Review Department

Dear PayPal customer,

We recently reviewed your account, and we suspect an unauthorized transaction on your account

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.

• Login to your Paypal with your Paypal username and password.
• Confirm your identity as a card member of Paypal

Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

All typos and grammatical errors are from the original email.

If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.

So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.

There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Sponsored Ads:

  • Anastasia International Scam

• Recently Written

  • Emails That Ask You To Run An Attachment
  • Fake Virus Scan
  • Smileworld Scam
  • Infected Samsung S8500 Wave SmartPhones
  • Facebook Password Reset (Virus)
  • Free $1000 Ikea Gift Card Scam
  • Phishing emails from Skype
  • Passwords Compromised on JIRA, Bugzilla & Confluence
  • Admin update
  • McAfee Stinger
  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month July 2010  (2) June 2010  (2) April 2010  (5) March 2010  (3) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Affiliates

• Spam Blocked

  33,007 spam comments blocked by
  Akismet

• Stats