Update: HP Software Update Tool

Posted by on 29 April, 2008 3 comments

Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.

A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 4.0.9.2 or earlier is vulnerable. The problem has been resolved in the latest update, version 4.0.10.8.

So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.

printerThe risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.

Note that this only affects Windows users.

Hospital Spam Review

Posted by on 29 April, 2008 No comments

graphLast week’s post about a threatening spam email (“She has already gone to hospital“) was extremely popular here, and I think it deserves a review.

I was informed about this malicious spam on Monday morning so I wrote about it here. Later that day this site had received a few hundred visits from Australia and New Zealand. This kept up until Thursday when it received over a thousand visitors, mostly from Canada. That was fun, and it’s interesting to see how the spam spread across countries. It’s still getting lots of attention till today.

I beleive the reason this site received so much traffic was because I was the 2nd person to write about it (as far as I could tell by doing a Google search on Monday morning). So when people started to do searches to work out if the threat was real or fake, Google directed them here.

It’s great to see people researching spam instead of blindly believing it. I just hope they had a chance to read this page before they clicked on the malicious link. And I hope everyone learns not to believe everything they read on the internet.

And a special hello to Karen and Stephanie, regular readers of FraudO.com :-)

AVG 8.0 Released

Posted by on 25 April, 2008 No comments

AVG Anti VirusAVG has released a new version of their anti virus program. It comes in three versions:

  • Free
  • US$35
  • US$55

8.0 was just released, the main new features are:

  • link scanning
  • anti spyware
  • Email and instant messaging protection

The difference between the three prices are the features included. See this chart for details.

Chinese Domain Scam

Posted by on 22 April, 2008 1 comment

A recent scam email uses the following technique:

  • Great Wall of ChinaThe scam email has a long story (see below) mentioning your web site name (which could be your business name or trade mark)
  • It mentions that someone else is interested in registering a web site with your web site’s name
  • The scam offers to sell you a .cn domain name (.cn is the top level domain for China)

Below is a sample of this scam email:

Dear Sir

We received a formal application from a company who is called Meiao Investment Co.,Ltd are applying to register “—” as their domain name and Internet keyword in China and also in Asia on Apr 17 2008. During our auditing procedure we find out that the alleged Meiao Investment Co.,Ltd has no trade mark, brand nor patent even similar to that word. As authorized anti-cybersquatting organization we hereby suspect the alleged Meiao Investment Co.,Ltd to be a domain grabber. Hence we need you confirmation for two things,

First of all, whether this alleged Meiao Investment Co.,Ltd is your business partner or distributor in China.

Secondly, whether you are interested in registering these domains. (The alleged Meiao Investment Co.,Ltd will be entitled to obtain a domain not needed by original trademark owner.)

If you are not in charge of this please transfer this email to appropriate dept.

This is a letter for confirmation. If the mentioned third party is your business partner or distributor in China please DO NOT reply. We will automatically confirm application from your business partner after this audit procedure.

Bst Rgs
chenllychen
Registration Commissioner
Beijing HA ZD Networks Science and Technology Co., Ltd
Tel: +86-10-82772601
Fax: +86-10-82773610
Email: chenlly.chen@ha-zd.com
http://www.ha-zd.com.cn

There are quite a few variations to this email, the concept is the same. Don’t reply to these emails and certainly don’t buy domain names from them. It’s just another scam. If you really want a Chinese domain name buy one from a reputable registrar.

She has already gone to hospital!…

Posted by on 21 April, 2008 5 comments

Below is a new scam email being sent around the internet. The topic of the email is shown above. The email’s contents are shown below (I’ve removed the link):

Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!! She has already gone to hospital, you’re next, this is evidence:

http://www.———.sk/fotos/

If you receive this email just delete it. It’s a scam to get you to click on the link, which will then have malicious code. More details in the comments below.

HTML_IFRAME.TW virus

BT Home Hub Wireless Networks

Posted by on 19 April, 2008 No comments

Wireless networks can be made safe but it’s so common to find networks that haven’t been secured properly. It’s even worse to see ISPs giving their customers routers that have been configured with weak security.

BT Broadband in the UK has been supplying wireless routers to their customers, called BT Home Hub, setup to use a very weak security system called WEP.

old rusty padlockIn fact it’s so weak that anyone sitting within wireless range (which can include a few of your neighbours) can just guess the wireless password in 80 attempts. And you wouldn’t even know someone’s trying to guess your password.

WEP is an old security system made for wireless routers, it’s been cracked before and it’s really no safer than an old rusty padlock with the key hidden in a pot plant. As the old saying goes, it keeps out honest people. WEP is practically useless. And BT Home Hub leaves it setup this way for their customers.

What everyone with a wireless network should do is change WEP to WPA. WPA is considered safe at the moment. And it’s best used with a long password (20 characters long).

To learn more about securing a wireless network read here. And to understand why it’s important to secure a wireless network read our article here.

Just remember, WEP = useless, WPA = secure.

FireFox and Safari Updates

Posted by on 19 April, 2008 No comments

The FireFox and Safari browsers have been updated. If you use either of these then you should upgrade today. The new version numbers are:

  • FireFox: 2.0.0.14
  • Safari: 3.1.1

This applies to Windows, Mac and Linux users. The updates fix vulnerabilities and hence are important security updates.

MasterCard 16% Scam

Posted by on 19 April, 2008 No comments

A fake promotional email, claiming to be from MasterCard SecureCode, offers a 16% discount on all purchases. This could be enough to tempt readers to sign up on the fake web site.

discount The email has a link to a web site that has been made to look the same as MasterCard’s web site with a form to sign up. The personal details entered here end up going to a scammer. Personal details including your credit card’s number, expiry date, 3 digit security code, and your date of birth.

If you receive an unsolicited email offering 16% discounts just delete it. And don’t click on links in these emails, instead go to a web browser and type in the address you need.

Microsoft Certificate Enrolment Code

Posted by on 18 April, 2008 1 comment

There’s a new phishing trick that involved the user downloading a security certificate. It’s been spotted on a fake Bank of America web site. When this fake page is accessed the user is asked to create a digital certificate.

US money The control is downloaded to the PC using Microsoft Certificate Enrolment Code. This ads a false sense of security for users.

The next step on the web site asks users to download a file called sophialite.exe This is a malicious program.

So if you end up at a web site that looks like the Bank of America pay close attention to the address shown in your web browser, make sure it’s exactly right.