If you see any links to yahoo550.com it’s a malware site that installs a trojan. The authors behind it are trying to trick people into thinking it’s one of Yahoo’s websites (Yahoo has a service called 360°). So ignore the fake 550 and take this as a reminder to have a good internet security program (one that checks websites as well as the traditional files and emails).
Author: enrique
Deceptive Template Downloads
If you run your own website, in particular a blog such as the one this article is written on, you’ve come across templates. A template may also be called a skin, or a theme. These templates add the design, colour, layout, and feel of a website, and are developed by creative web designers.
Some templates are free, others are bought or custom made. And there are websites that collect free templates to make it easier for non designers to pick and choose.
It’s recently come to light that some of these template collections have been tainted. The person (or people) collecting and hosting the templates have quietly edited them all and embedded some code to suit their own purposes.
One such deceptive template collection is blogstheme.com. They’ve been caught adding code to the footer in the themes they host to collect marketing data. What makes this even more deceptive is that they didn’t actually create any of the templates, they’re modifying other people’s work. Another website previously ousted for doing something similar is templatesbrowser.com.
So if you run a website, blog, or similar and hunt around for interesting templates on these collection sites, always go back to the original developer’s website and download it from there. This way you’re downloading it directly from the person who created it, and not risking downloading a tainted copy.
It’s unfortunate that as the Internet continues to grow there are always new threats appearing where you least expect them. Hopefully by reading this site and encouraging others to do to we can all avoid the dangers and use the Internet to its full potential. Education is always a good solution.
Scammers Asking For Donations
There are many emails being sent by scammers that makre reference to major news stories, such as the recent fires in California. The emails may contain a real logo (copied from an organisation’s website) and claim to be from some charity or social organisation. They also have a link allowing you to make donations.
In these scams the link provided to donate money is owned and operated by the scammer sending the emails.
So as always don’t trust unsolicited emails you receive that ask for money. The people behind these scams are up to date with popular news stories and try hard to cash in on major events.
A New Way To Spread Viruses Using Google
This technique to spread viruses was only just discovered, and it’s clever.
Firstly it’s based on the assumption that people trust Google (which is a fair assumption since Google has done a lot to maintain good ethics and to help users avoid malware). So when people see a link to a Google site they would naturally assume it must be safe to click on.
Now someone sends you spam and in the body of the email is a link to Google’s website. The link is a clever trick that takes you to a gambling site containing a virus. How does it work?
On Google’s search engine there is a button called “I Feel Lucky“. This has been a distinctive feature of Google for many years and when you click on it, instead of showing you a page of results, it takes you directly to the first website. Now someone wishing to spread a virus just has to come up with some search terms that places their website at the top of Google’s results. Then they paste the link that created that search, with an option to take you straight to the “I Feel Lucky” link.
In short, it’s using a little known feature in Google to take you to someone else’s website, and the rest is reusing the usual spam and virus techniques.
For now this has been observed in spam emails and we should expect it to appear in other places such as websites, forum links, Facebook etc.
The best defence against this is to use a good antivirus package, one that checks webpages as well as the traditional virus checks.
It’s also good to pay attention to links before you click on them. Look out for things related to online gambling or pornography as these are the most common websites used to distribute malware.
And Google will most probably improve their systems to filter out exploits such as this one.
Sony SonicStage CP Vulnerability
Version 4.3 of Sony’s SonicStage CP program has a vulnerability (flaw) that can be exploited for malicious intent. The exploit comes in the form of a playlist received from an external party (website, untrusted friend, etc).
So if you’re using a Sony digital music player and this program on your computer don’t open any playlists you didn’t create yourself, until Sony releases a patch to fix it. Details here.
Downloading Codecs
Should you download new codecs when a website tells you to?
What’s a codec anyway?
Your computer needs video codecs to play videos. And like everything else there are quite a few different codecs to choose from. Your computer came with a set of the most popular codecs so you can watch videos, both online and from DVDs.
There are some websites that encode their videos with unusual codecs then ask you to install a new codec to view it. In particular, some pornographic websites have been tricking people into downloading a new codec. Unfortunately in some cases the codec is a trojan that makes very dangerous changes to your computer (allowing attackers to redirect your web browser to wherever they want).
There’s been a reportof some websites tricking Mac users into installing a bad codec like the one mentioned above. In the past Macs have been considered more safe than Windows computers but as they become more popular they also become targets to malware such as this. This particular attack doesn’t work very well because it asks the user to carry out a number of steps. Over time attackers get more sophisticated so it’s best to learn about it as early as possible.
The lessons to be learnt here are:
- Don’t install anything a website tells you to, unless you completely trust the person or company operating it. Even then you need to be certain of what you’re downloading.
- No computer is safe from malicious attacks, no matter what the ads, salesmen or zealous enthusiasts say.
- Pornographic websites are well known to carry malicious content like viruses and trojans.
- Attackers are creative and always find new ways to distribute viruses
SMS Authentication for Credit Cards
A few banks have recently introduced SMS authentication for their credit cards. Basically they’ll send an SMS (text message) to your mobile phone (cell phone, or handphone) to confirm a transaction. You reply to the SMS to approve the transaction.
It’s a security model called “Two Factor Authentication“. This means you need to be in possession of two “things” for a transaction to be approved. If someone stole your credit card details and made a transaction, e.g. online, you would receive an SMS on your phone and you’d know it was fraudulent. In this case you wouldn’t reply to the SMS and the transaction would be halted. And if you’re making the purchase yourself you can approve your own transaction.
The idea sounds good at first. And of course it has its own set of problems. More interesting is the reasons why these banks have introduced this technology.
Problems:
- Only some transactions are protected using this method. It’s up to the banks but generally it seems that a large number of transactions will continue to function as before.
- For legitimate purchases it can be a nuisance
- It’s not a foolproof system
- As more people use the SMS option the costs to the bank will increase greatly and they would either end the service or pass on costs to their customers
Here’s an interesting comment published in this ZDNet article. Matthew Woodrow, Head of Information Security at Westpac, was quoted saying “It’s not to do with security at all… consumers have expectations of security levels while using their mobile phones to do their banking. So you’re not thinking about security at all, but you’re thinking about the product and what consumers want”. In other words a large bank’s security expert is admitting that SMS authentication is more about how customers “feel” about safety.
It seems to be a temporary fix to credit card fraud. Smart card technologies (chips embedded in the credit card) seem to be a better solution.
In summary security is often more about how it makes people “feel” rather than truly preventing crimes. It helps to see things for what they really are and not believe what you hear in ads.
Harmful Websites
It seems Possibility Media’s websites have been hacked. There are a few interesting things to learn here. First have a look at the following screenshot:
At the time of writing (28 Oct 2007) if you go to Google’s website and search for the term “possibility media” you’ll get the results shown above. Google found the correct website and if you look closely there’s a warning that “This site may harm your computer“. If you don’t notice this small writing and just click on the link Google will display a large warning spelling out the risks. This is a very nice security feature provided by Google. They use a 3rd party tool to analyse websites for malware and make it difficult for you to load a website that contains harmful code.
The other thing to note is that Possibility Media’s websites have been hacked and contain harmful code. It’s still unclear what damage this can do to your computer (it’s currently being investigated by antivirus companies). Some of their other websites that have also been hacked are:
- webweekmag.com – Web Week Magazine
- itweekmagazine.com – IT Week Magazine
- technologyweekmag.com – Technology Week Magazine
- theinternetstandardmag.com – The Internet Standard
- securitystandardmag.com – Security Standard
Hopefully by the time you read this it would have been cleared up. The purpose of mentioning these websites is to point out that common websites that have completely legitimate businesses behind them are still vulnerable to malicious tampering and that it can affect pretty much everybody.
There are a couple of things you can do about this:
- Use a good antivirus program on your computer. To be effective against this type of attack it needs to do something called “web filtering”.
- Keep your antivirus software updated. This usually requires a paid (yearly) subscription.
- Use an alternative web browser. I haven’t written about this yet but consider using either FireFox or Opera.
Lottery Scams
A reader of FraudO.com, Christoph, has reminded us of a particular type of scam called Lottery Scams, also called a Dutch Lottery or a 419 Scam or a lottery of various other European countries. These scams begin with a letter or email telling the victim they have won a lottery.
The email instructs the victim to contact a “claims agent” to collect their prize money. The agent then sends the victim a claim form to verify their identity. The fake agent is building rapport and making it appear that there’s a real agency behind the emails. The form is in fact used to collect personal information about the victim, such as their passport number and driver’s license number. This is where the identity theft begins.
If the victim asks for some proof of the agency’s legitimacy they often fax back a legal looking document (which of course doesn’t prove anything, it just makes the victim feel more comfortable). This web page has examples of the fax and other documents the scammers send.
The victim is then given some options on how to collect the alleged winnings. In each case the scammer is setting up the victim:
- The winnings can be deposited directly to the victim’s bank account. This seems to be the more popular option. The scammer will request a large fee to make this happen (such as special taxes, insurance or legal fees). The scammer will end up keeping this money.
- The victim has the option to open a new overseas bank account to receive the alleged winnings. The bank is fake, but the victim is told that the bank requires a large deposit to open the account.
- The winnings can be picked up in person, often in The Netherlands. The victim will later be told that they have to pay a fee in cash to release the winnings. The victim is then given counterfeit prize money.
What to do:
- Don’t reply to the emails (or letters or phone calls). Don’t give the scammer any indication that you exist.
- Don’t send any money or provide any personal details.
- Report the scam to your local authorities.
It seems many people are victims of this particular kind of fraud. In most cases the scammers are never caught, and even if they are the money is usually never recovered. Please be aware of how common this scam is and help your colleagues, friends and family to be aware of it.
The scam works because people want to believe it’s real, even if they didn’t enter a lottery in a foreign country. It’s up to everyone to talk openly about it and increase awareness of it.