Emails That Ask You To Run An Attachment

Posted by on 19 July, 2010 No comments

Any unsolicited email that asks you to open an attachment is bad. If that attachment is a program then you can consider it a scam. Below is an email I received with a link to malware. It’s asking me to download and run an unknown program. The email also says it was sent by me, rather odd. I’ve removed personal details from the email,

A new settings file for the <email address> has just been released

Dear user of the <email address> mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)

http://<removed>/ settings.exe

Best regards, <email address> Technical Support.

The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.

Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.

Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.

Fake Virus Scan

Posted by on 13 July, 2010 No comments

Here’s something that happens every day, a message appears in your web browser telling you a virus was found and to click OK to do a scan. To get straight to the point, this is a fake antivirus program designed to trick you into installing real malware.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

fake2

fake3

This type of scam happens on both Windows and Mac computers.

Smileworld Scam

Posted by on 11 June, 2010 1 comment

If you receive the following email about SmileWorld delete it, don’t click on the attachment. It’s a scam.

Dear Customer,

This e-mail was send by smileworld.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.

(C) smileworld.com

 

smile

Note how many spelling mistakes and typographical errors there are in the email. A serious company would proof read any emails such as this.

Also, there is no reason for any company to send you unsolicited attachments. It’s a sure sign of a scam.

Infected Samsung S8500 Wave SmartPhones

Posted by on 8 June, 2010 No comments

Samsung’s new phone, the S8500 Wave, has appeared in Germany with its memory card infected with malware. And it’s fairly dangerous, if it installs itself onto your computer it will download backdoor programs and spyware, making your computer wide open to hackers and criminals. Prevention is definitely better in these cases.

The malware can affect Windows computers if you connect the phone to the computer. It’s as simple as that.

There are a couple of things you can do to avoid this malware, and to avoid similar malware in the future from similar scenarios:

  • Disable the autorun feature in Windows (click here for instructions)
  • Install a good antivirus package.

This type of problem is becoming more frequent – ordinary consumer devices infected with malware at the factory.

Facebook Password Reset (Virus)

Posted by on 27 April, 2010 No comments

I received an email that claims to be from Facebook (it’s a forged email). The email is designed to trick people into opening the attachment. Here’s what the it says,

Hey [name removed],

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Facebook Team

There’s another version some people have received that is similar but has a different introduction and sign off,

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
Your Facebook

Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.

So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.

Free $1000 Ikea Gift Card Scam

Posted by on 25 April, 2010 No comments

Some ads have appeared on Facebook and Twitter. The ads are:

  • Contratulations. Get a free $1,000 Ikea Gift Card
  • Get A Free Apple Ipad Just For Testing It!: Would You Like To Test Apple Ipod? Get Your Free IPad Here Hurry
  • Get the Aple iPad Free

Note how many mistakes there are on the second one, a clear sign of a scam.

All of these ads are part of a scam. They take you to a site that asks for your name, address, date of birth, and email. These details are used to send you more spam.

Then you are taken to an online gambling site, hoping that you’ll be tempted to hand over money.

Nearly 40,000 Facebook users have been tricked by this scam, and it doesn’t end there. The same scam is also used for fake food gift certificates, and no doubt will continue to evolve.

If you see scams like these, please don’t forward the message along. You don’t want your friends and family to fall victims of a scam. Do proper research before passing any “bargain” messages along.

Phishing emails from Skype

Posted by on 25 April, 2010 No comments

Phishing emails are emails that appear to be from a legitimate company and ask you for your username and password. It’s a simple trick to get your account details.

Recently (22 April 2010) several phishing emails were sent “appearing” to be sent from Skype. The emails have a link to a web page asking you for your Skype username and password. These details are then collected by hackers and used for malicious purposes.

The general rule is, if you receive any emails from legitimate companies asking you to log onto your accout, don’t click on the links. Open a new browser and go to the company’s web site yourself. This way you can be sure you’re on the real web page, and not be tricked into going to a fake copy of the page.

Passwords Compromised on JIRA, Bugzilla & Confluence

Posted by on 25 April, 2010 No comments

If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised. There was a targeted attack on these systems on the 9th April 2010.

These are services used by developers, most “normal” people would not have accounts on these services. If you do use these services please read the full incident report here.

Admin update

Posted by on 25 April, 2010 No comments

I haven’t posted much on this site for a few weeks, I’ve been quite busy with work. Today I have some time so I’ll post a few items I’ve been sitting on.

I changed DNS registrars a couple of days ago, it didn’t go as smoothly as I’d hoped for so yesterday this site would not have been accessible. My apologies for that. It’s all running smoothly again.