Category: Malware

Viruses, Trojans, Spyware, etc

Fake SMS Spying

A spam email promising some SMS spying software actually installs malware. Below are some examples of the spam:

  • Keep a spy eye on your Girlfriend’s mobile
  • Do you want to catch a cheating girlfriend?
  • You can read anyone’s SMS
  • Read his messages

Lines such as the ones above might catch someone’s curiosity. If they click on a link they’re presented with a fake web page for their SMS spying software. The fake site says,

Get Your Free 30-Day Trial!

Do you want to test your partner or just to read somebody’s SMS? This program is exactly what you need then! It’s so easy! You don’t n3eed to install it at the mobile phone of your partner. Just download the program and you will be able to read all SMS when you are online. Be aware of everything! This is an extremely new service!

The download actually installs malware on your PC.

Ransomware

Ransomware is malware that holds your files for ransom. Here’s a real life example of how it works:

  1. You click on a link to a web page. This web page has been hacked but you don’t know that.
  2. A message comes up on your screen telling you that you might have malware on your PC.
  3. You click on a button to start their scanning program. It pretends to do a scan of your PC. This fake program can be called AntiVirus2009, FileFixerPro, or FileFix Professional.
  4. In the background it’s going through everything in your My Documents folder and encrypting all of the files. The encrypted files are now useless to you.
  5. A message comes up asking you for $50 to get a program that will unencrypt your files.
  6. If you pay, you may or may not receive a program that unencrypts them. The hackers would also then have your credit card details.

It’s a terrible situation to be in.

There are quite a few things you can do right now to prevent this from happening:

  • Make a backup of your files. If you’ve never made a backup before then try to do it today, don’t waste time. If you ever lose your files, or you’re a victim of ransomware, you can just recover from your backup.
  • When unexpected windows popup asking to do a scan of your PC, have a good think who’s asking. It’s an unsolicited request, so it’s probably a scam.
  • Install a good anti-virus package. One that scans every web page you access.
  • Start using one of the alternative web browsers, such as Chrome, Opera, FireFox, or Safari. These four browsers are better at detecting hacked web pages and at preventing malicious code from running. (They’re better than IE but not 100% safe).
  • Keep reading Fraudo to stay on top of these scams. You can subscribe to the RSS feed or by email (the email option is on the top right corner of this page).

And if you’re unfortunate enough to have this happen to you, there’s a free tool that may be able to recover your files. I bolded the word may because the hacker’s technology is getting better all the time and if they did things right it would be impossible to unencrypt it without paying. But for now you can try the method shown on this page.

Another Twitter Worm: cleaningUpMikey

Right after the StalkDaily Twitter worm was fixed up there’s another. It’s called cleaningUpMikey. The way it works is a little different:

If you receive the Twitter message shown below and click on the profile, some code runs in your web browser and it starts sending the same message to others. You don’t need to go to a 3rd party web site, making it a little different (and much riskier).

The Twitter message is:

Twitter, hire Mikeyy!

If you receive this, remove it or ignore it (depending on your client).

Incidentally, Mikey is the person who wrote the StalkDaily Twitter worm. And it’s unconfirmed who wrote this one.

Twitter Worm: StalkDaily

Some messages are being sent on Twitter right now that are part of a worm. If you receive one of the following Twitter messages ignore it and don’t click on the link.

  • I love www.stalkdaily.com
  • wow… www.stalkdaily.com
  • Join www.stalkdaily.com everyone!
  • Hey everyone, join www.stalkdaily.com. It’s a test site like Twitter but with pictures, videos, and so much more! 🙂
  • Woooo, www.stalkdaily.com 🙂
  • Virus? What? www.stalkdaily.com is legit!
  • Dude, www.stalkdaily.com is awesome. What’s the fuss?

If you click on the link some code runs in the background that sends the same messages but from your own Twitter account.

Is it harmful? No, it was a publicity stunt by a site called StalkDaily. This is what a worm is, something that spreads through the internet similar to a virus but without infecting files. It’s still not a good thing to have around.

In this case it’s harmless but it could have been harmful. By the time you click the damage could have been done.

New Malicious PowerPoint Files

Some new PowerPoint files are being sent around the internet that do some bad things. When you open the PowerPoint file it runs a program that lets others connect to your PC, it then installs more malware onto it. And finally it cleans up the original PowerPoint file to make it more difficult to detect that the PC has been infected.

The following versions of PowerPoint are affected:

  • PowerPoint 2000 Service Pack 3
  • PowerPoint 2002 Service Pack 3
  • PowerPoint 2003 Service Pack 3
  • Microsoft Office 2004 for Mac

If you’re using PowerPoint 2007, just the PowerPoint Viewer (not the full version), or Office 2008 for Mac, then you’re safe.

If you receive spam with an attached PowerPoint file delete it.

Here is Microsoft’s advisory about this problem.

Wii Points Generator

There are a few YouTube videos promoting a product called Wii Points Generator. This product is supposed to create Wii points (Wii is Nintendo’s game console). The video shows a link to download a program called generator.exe.

The program does not generate any Wii points. It’s a scam that installs a trojan that then downloads more malware.

There are also videos on YouTube that claim to show you how to create XBox points and iTunes gift cards. These are also scams that install viruses.

Wii Points Generator scam

MacCinema

Another Mac trojan. There’s a program for Macs called MacCinema Installer. The filename is: Flash.Player.Update.v9.19.dmg. Some web sites claim that you need to install it to watch their videos.

When you install it, it adds something to your Mac so that every 5 hours it will try to download malware. So if your Mac becomes infected with malware and you clean it, in 5 hours it’ll download another one. This is pretty common these days.

So if you come across MacCinema don’t install it. And if a web site tells you that you need to install something to watch their videos, don’t trust it (this applies to Mac OS X, Linux, and Windows).

Ghostnet – Cyber Espionage

Ghostnet is the name given to some malware that’s been spreading around the world recently. This sort of thing happens every day, but what’s different about Ghostnet is that it has mainly targeted political offices.

spying through the blinds This can’t be an accident or coincidence. So far 1,300 computers have been found to be infected with Ghostnet (not many), including the computer used by the Dalai Lama, a NATO computer, computers in the embassies of India, South Korea, Indonesia, Romania, Thailand and many other government offices around the world. These were clearly targeted.

What’s Ghostnet do? Researchers have found that it can turn on the camera and microphone on computers that have one, allowing people to spy in a room (or office). Can malware really do things like that? Yes, malware can do anything on a PC, that’s why it’s important to protect your PC.

Who’s behind Ghostnet? Researchers have directly accused the Chinese of operating it.

How do you get it? So far it seems people are tricked into downloading a file that infects the PC. Specific people are targeted and asked to download the file. This is called social engineering. And because they only targeted a small number of people it takes a long time for anti-virus companies to find out about it and to update their anti-virus programs.

Confirmation of Ticket Purchase

There’s some spam pretending to be from Delta Airlines. It tries to trick readers into opening the attached file, making readers believe that the ticket has been paid in full and that it’s ready to be used by the reader. The attachment is a trojan that gives people complete access to the PC and tries to download more malware every time you reboot.

Below is an extract from the fake email:

Thanks for the purchase!

Booking number:

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

…and on and on…

If you see this email delete it, don’t open the attachment.