Fake Security Renewals

Posted by on 5 January, 2008 No comments

There’s a trojan that has a tricky way of extorting money from users. It begins with a computer being infected with this particular trojan.

Then it shows an image on your screen (that won’t go away) telling you that you need to renew your security software (whether or not you have security doesn’t matter, this shows a fake screen). It gives you two options to pay for an update, both of which are part of the scam, the money goes into the pockets of the people who have spread this trojan.

Method 1: it asks you to send an SMS to a premium service, which costs you £10 (or the equivalent in your currency).

Method 2: it asks you to call a phone number, which is also a premium service and costs you the equivalent of US$35 (different prices and currencies in different countries).

Have a look at the screen-shots on this web page to recognise the fake renewal request.

The message reads (complete with spelling errors):

Browser Security and Antiadware Software component license exprited! Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update

If you come across this, or any other similar scam never ever pay them any money, or call the supplied phone number or SMS (otherwise you’ll be out of pocket a small amount of money).

Penny Stock Scams Now Using Videos

Posted by on 4 January, 2008 No comments

The penny stock scam involves convincing people that a particular share is worth investing in, and in effect inflating the price on the stock market.

penniesIt’s a scam and you shouldn’t be taking financial advice from random strangers on the internet.

In the past I’ve written about mp3s being used to send this scam. Now scammers have created videos to spread their (false) messages. The videos (usually 30 or 60 seconds long) appear highly professional in quality, and come attached to an email.

Notes:

  • This scam is also called a pump-and-dump scam
  • These emails have been found to begin with the words "Jump on the wave" or "Take a look at this 60 second video to start"
  • Other forms of this scam use synthesised speech, PDF documents and Excel spreadsheets to promote their stock.
  • In September last year some individuals pleaded guilty to this type of scam, they had made over US$20 million from it.

Work From Home Scams

Posted by on 4 January, 2008 No comments

There are a lot of work-from-home job offers being sent by email. In general these offers make someone else money and there’s rarely any money at all to me made from home. It’s an old scam that existed before the internet.

messy deskWhat’s new is that emails are being sent that appear to come from legitimate employment agencies. What’s happening is that spammers are collecting names and email addresses from large job web-sites, then sending spam with forged "From" addresses.

It’s best to ignore unsolicited emails (spam).

RealPlayer Vulnerability

Posted by on 2 January, 2008 No comments

Here’s another vulnerability to report on. If your computer has the following then you’re at risk:

  • Windows 2000 or Windows XP
  • Internet Explorer 6 or 7
  • RealPlayer versions:
  • 6.0.10
  • 6.0.11
  • 6.0.12
  • 6.0.14
  • 6.0.14.536
  • 6.0.14.543
  • 6.0.14.544
  • 6.0.14.550
  • 6.0.14.552

The vulnerability makes it possible for you to infect your computer just by opening a malicious web page (you wouldn’t know it’s happened till it’s too late). So if your version of RealPlayer is out of date and you fall into the category above then update RealPlayer to the latest version.

Merry Christmas PPS Trojan

Posted by on 2 January, 2008 1 comment

christmasstocking There’s another email being sent around that contains an attachment called MerryChristmas.pps. It’s a PowerPoint presentation showing some Christmas type message and at the same time tries to install a trojan onto the computer.

Delete it and move on.

It’s also good to keep your antivirus software updated and if you’re using Windows then make sure you’ve updated it all (Windows, Office, etc), as described in this earlier post.

Welcome to 2008

Posted by on 2 January, 2008 No comments

It’s the beginning of a new year and it’s always a good time to pause and reflect on how far we’ve come and on the opportunities that lie ahead. In the short time this web site has been up I’ve written 54 posts and traffic has been slowly increasing. 2008 promises to be a great year and you can expect to see over 200 new posts. That’s a lot of information for most people to read (and research from this end), and by posting it a little at a time it’s easily achievable.

IT security is a massive industry. On the surface it’s a battle between people with bad intent and with security professionals working on behalf of all users. The best line of defence is to learn as much as possible and to use that knowledge to avoid being caught in the middle of this battle. Fight fraud with knowledge.

And if there’s one piece of advice I’ve kept repeating it’s to invest in a good anti-virus program.

With that I wish everyone a great new year.

2008

How To Recognise URLs

Posted by on 24 December, 2007 4 comments

Understanding URLs is extremely important in avoiding online scams. If there’s only one technical skill you need to know about the internet it’s this, and it will save you being caught out one day.

I’ve limited acronyms to just one (URL) to make it easier to understand.

URL. It doesn’t matter what the letters stand for, it means the address of the web page you go to. You get to see URLs in the top of your web browser. An example of a URL is:

www.fraudo.com

You probably see these every day, every page on the internet has one, and you see links for them every day. This is basically how the internet works.

The only other thing you’ll need to keep in mind for this article is that there are good web pages and bad ones – legitimate sites and scam sites created for various evil purposes.

Now we’ll explain how to recognise a good URL from a bad URL.

I’ve made up two names to demonstrate, and apologies in advance to anyone who’s real business name is similar to these (I googled the names and they came up blank so I’m fairly certain they aren’t real business names at the time of writing).

Let’s say a legitimate company is called SomeFancyBank, and that their legitimate website is www.somefancybank.com. It’s the good site. And imagine you have an account with them and a fair bit of money in there.

And let’s say there’s a fraudulent website registered as confusinglookingname.com. So this one is controlled by someone intent on stealing your money, it’s the bad site.

So if you get an email asking you to click on www.somefancybank.com/login.asp you’ll probably feel safe to do so.

If you see a link that looks a little like www.confusinglookingname.com/login.asp you’ll be surprised and you won’t click, it’s a fake website designed to look like the real bank’s site, only they capture your details.

What if the link is www.somefancybank.confusinglookingname.com ? You can see your favourite bank’s name in there so maybe it’s real… Read on, you’ll see why this is definitely illegitimate.

A URL can be broken down into three parts:

1. There’s the stuff at the beginning (often it’s www but doesn’t have to be). And it could be long and could include many dots.

2. Then there’s the domain name (e.g. somefancybank). It’s usually a company name or some other trademark, followed by a .com. There can only be one dot in this part.

3. Then there’s a / followed by a bunch of technical bits. We’re not covering this part in this article. It’s what comes before the / that’s important.

So there are three parts to a URL and we’re only concerned with the first two.

Let’s go straight to some examples (the important bits have been highlighted in bold):

  • somefancybank.com/login.php – good
  • abcde.somefancybank.com – good
  • 123.somfancybank.com/123/456/789 – good
  • abc.somefancybank.com/scaryletters/ – good
  • confusinglookingname.com/login.php – bad
  • 123.abc.zz45xy.confusinglookingname.com/some/fancy/bank – bad
  • www.somefancybank.confusinglookingname.com – bad
  • www.some.fancy.bank.confusinglookingname.com/somefancybank – bad
  • important.clicknow.confusinglookingname.com/some/fancy.bank/login.asp – bad

I’m sure you’re starting to get the idea by now. Now for some trickier examples:

  • www.somefancybank.com.au/login.php – bad
  • www.somefancybank.com.login.confusinglookingname.com – bad

Let’s leave things simple and end it there.

Humans are good at recognising patterns, so when you see your favourite company name in the URL you might immediately think it’s legitimate. Scammers take advantage of this and deliberately make these links to trick people.

You’ll find these fake links in emails, other web pages, chat programs, etc. They’re everywhere so get used to recognising how they work and you’ll be a lot better off.

Using Unsecured Wireless Networks

Posted by on 19 December, 2007 1 comment

Sophos (a large IT security company) recently conducted a survey of 560 people. 54% of them admitted to using someone else’s wireless network without permission. That’s more than half the respondents. Why should you care?

If you have a wireless network that isn’t well secured then:

  • Someone could be using your internet account and incurring expenses (or pushing you over a capped limit and effectively slowing down your connection)
  • Someone could be illegally downloading copyrighted content (such as using a file sharing program to download commercial movies – it’s illegal and you’re liable for providing the connection)
  • Someone could be using your internet connection to commit online crimes (just read the posts on this site to get an idea of how common this is).
  • It lets anyone within range bypass your firewall, making your computers and other wireless devices vulnerable. This is especially important if you have wireless in an office environment
  • It’s easier for someone to install spyware on your computer, making activities like online banking very dangerous

aerials The most important reason of these is how easy it makes it for someone to use your network to commit crimes. Imagine being involved in a child pornography investigation, or having your internet disconnected because your network was used to send millions of spam emails.

I’ve written before on how to secure a wireless network and if you haven’t done so it’s worth reading through here.

If you’re in the 54% of people who wouldn’t think twice of using someone else’s wireless network without permission then you should know that:

  • It’s illegal in a lot of countries (people get arrested for this quite often)
  • It’s effectively stealing. It isn’t a victimless crime
  • You can’t trust the network you’re using. It’s easy for someone to setup a wireless network in such a was that they can record all the traffic from it. This is one way to eavesdrop on other people’s traffic and to capture passwords

So the message here is to secure your wireless network, and don’t use other people’s wireless networks without permission.

Wireless Network Used in Extortion

Posted by on 17 December, 2007 1 comment

An Australian man in Rockhampton has been arrested for trying to extort money from people. Here’s how he did it.

  • He gained access to other people’s wireless networks. This is fairly easy to do, even if you turn on WEP encryption (read about securing a wireless network here). By using other people’s networks he was harder to locate
  • He sent users threatening messages, made to look like they came from elsewhere
  • He then demanded money to be dropped off at a specific location
  • And he repeated this a total of 12 times

Suitcase full of moneyThe police were able to find him and arrest him. It’s important to secure your wireless networks so that other people don’t use it to commit crimes.

Full article here.