The following email contains a virus, it was not sent by Facebook:
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
If you see this email just delete it. Don’t click on the attached file.
A personal firewall is a program you install on your computer. It stops unknown programs talking to the internet. Why is this important?
Just say some malware gets installed on your computer. It wasn’t picked up by your antivirus program for whatever reason (maybe you don’t even have antivirus). It starts watching you type in your passwords and tries to send details to a criminal’s server. This actually happens every day to some people.
A personal firewall would detect that an unknown program is trying to send information to the internet and bring it to your attention. It blocks the program and asks you if you want to allow it to proceed.
It’s different to a normal firewall because it runs on your PC instead of on the network. And it doesn’t just keep people from hacking into your computer, it stops malware connecting out to the internet. So overall it’s a good thing to have, it’s just a bit more defence against online fraud.
Below are some new deals I’ve come across. I haven’t tried these programs and can’t comment on how well they work – I suggest you ask around.
ZoneAlarm Pro – this program has been around for many years. The Pro version, which usually costs USD39.95, will be free for today only (13th of October 2009). Go to their web site here.
Online Armor Premium – I haven’t heard of this product before but it’s legitimate. It usually costs $39.95 but it’s free to PayPal members, until the 19th of October 2009. Click here, then on the button to buy now, then proceed to pay with PayPal, it will be discounted to $0.
Windows also has a firewall built in but in my opinion it isn’t very good and it’s difficult to configure. And most antivirus packages, the kind that cost money, include a personal firewall.
Here’s an example of a very sophisticated piece of malware designed to steal money. It was discovered recently in Germany and was used to steal €300,000 in 3 weeks. Here’s how it works:
Step 5 is the sophisticated part of this attack. Normally you’d notice if money was transferred from your bank account without your approval, but the trojan hides this by showing you a fake statement on your screen. If you can’t see the money being taken from your account the criminals have more time to keep making withdrawals.
The amount of money it steals is different each time so that the bank’s anti-fraud detectors don’t see the pattern of theft.
More details here on this attack works.
So what’s a money mule?
Stealing money from people’s bank accounts is a big business. Criminals not only write sophisticated malware to carry out the transactions, they also recruit money mules to launder the money.
They place ads online offering jobs to desperate people. These jobs require no experience and you work from home (sound familiar?). People who sign up to these jobs receive money in their bank accounts, then they have to transfer it to someone else’s account. They do this willingly and are paid for it, but they usually don’t know that it’s part of a criminal organisation.
This is how the criminals receive their stolen money and cover their tracks. It’s a form of money laundering and is illegal. And to avoid a pattern detection they usually only use these money mules twice.
Here’s an example of a money mule job ad.
Lessons Learnt:
Tomorrow, Tuesday the 13th October, Microsoft is releasing several critical updates to Windows. They fix known security problems so it’s important for all Windows PCs to download these updates.
Microsoft tries to release these updates on Tuesdays, tomorrow’s batch will be larger than usual. So as always, make a backup of your PC’s data today in case the patches cause any problems.
Today Microsoft launched a new anti-virus program called Microsoft Security Essentials. People who have tested it are fairly happy with it, it’s certainly better than not having any anti-virus. And best of all it’s free. It works on Window XP, Windows Vista, and Windows 7.
Free download of Microsoft Security Essentials: http://www.microsoft.com/Security_essentials/
Now I’ve always said that paid anti-virus programs are generally better. I still believe this because you get more security features such as web page scanning, a personal firewall and fraud detection. And with all the online fraud and scams that happen every day you need all the security you can get and that costs money.
But sometimes you really can’t justify paying for anti-virus, like a computer you’re only going to use for a month. So this fits in nicely. Also keep in mind that there are several other good free anti-virus programs out there.
I’d also like to point out that sometimes internet security companies can be biased. Take Symantec as an example. On the same day that Microsoft launches a free anti-virus program Symantec started a campaign telling people that free anti-virus programs are bad. I see it as a clearly biased argument to protect their business. Marketing is always biased, it’s always best to get an independent opinion (Fraudo is not sponsored by any companies, the ads on the right are dynamic and I don’t get to choose them).
Avast! is a company that makes a decent anti-virus program. They recently published some statistics that are interesting:
These statistics are not just marketing numbers, they give you an idea of how serious a problem malware is. If you don’t have a good anti-virus system installed on your computer they you need to take action now (today) and install something to protect you. Good anti-virus systems generally cost money – it’s a good investment, the cost of not buying one is usually greater.
And get something from a known vendor. Last week I talked about a comparison of anti-virus programs, you can use this as a guide.
McAfee, a large anti-virus company, has published a report called “Inside the Password Stealing Business: the Who and How of Identity Theft”. It goes into the details of password stealing programs and explains the “industry” driving it.
It’s quite detailed and at 17 pages it won’t take too long to read – it’s not very technical.
Password stealing is when a program gets installed on your PC that catches every stroke of your keyboard and sends it back to a criminal. The idea is that it’ll record all your passwords as you type them, no matter how strong they are. It’s a sophisticated piece of technology and a very large problem worldwide. If you’re not constantly upgrading your anti-virus software, web browser and OS then you’re at high risk.
These passwords are then sold off and used to steal money from your bank account or to commit other crimes. Even if you don’t use online banking you still have something to lose – someone can apply for a credit card under your name and use it to make expensive purchases, then you’re left to deal with the credit card company and convince them it wasn’t you (this happens every day).
So click on this link and have a read of the report.
An email offering you a game of Monopoly may in fact be an invitation to download malware. The email has the subject “Play Online Together” and the email reads:
… Has Invited You To Play Monopoly
Monopoly Invite
Monopoly2009.com
If you see this email delete it, it’s a trick to get you to download malware. The website asks you to download a file called monopoly.exe – this is the malware, don’t download it.
There is an organisation called AV-Comparatives that tests antivirus programs and compares their performance. They’re independent from the antivirus vendors making their tests more useful. So it’s good to look through the results and see which antivirus programs are working better than others. Below are their top 7 programs, in no specific order:
Recent Comments