Another fake anti spyware site

All these fake sites and applications are becoming a bigger problem. The latest is called removal-tool . com (warning, do not try going to this site). It appears to be a collection of spyware removal tools except that it actually tries to install quite a few different bits of malware on your computer. It’s a malicious web page in disguise.

wolf The web site looks nice, contains a blog, a news section, and reviews. The authors went to some effort to make it look convincing. Most of the links on the site even work. It would be difficult to tell that this site will compromise your computer.

Good anti virus software these days has the option to filter all web pages and they stop most of these sites before your web browser starts loading them. It’s a good investment.

Another technique to avoid these traps is to use a less popular web browser such as Firefox or Opera, or to use a less popular operating system such as Mac OS or Linux.

At the moment the majority of malicious code is designed to target Windows and Internet Explorer. That’s not to say that other systems are immune, malware is just less common on them.

Any web address that ends with should be treated with caution. At the moment these pages are redirecting to a fake anti spyware page, tricking people into downloading malicious software.

For example an address such as

  • is not the same as
  • is not the same as

Because the last few letters are different it takes users to a completely different site. Even having one different letter or the dot in a slightly different position is enough for your computer to go to a different site, one owned and operated by an individual with questionable intentions.

In this example importantcompany could be any company or web site you’re familiar with (eg Google).

This is a problem because people are good at recognising patterns and the addresses look similar. However they are in fact different. Care should always be taken with deceptive addresses.

World of Warcraft Scam

trollThere’s another scam targeting World of Warcraft players. It starts with an email claiming that the recipient’s World of Warcraft account has been suspended. There’s a long explanation and a link to a website.

The website asks for a username and password. It then passes on the username and password to whoever wrote the email, it’s not a legitimate service.

This is called phishing. It works by tricking people into typing in their credentials onto a fake site.

These days good anti-virus packages can filter for these sites. You should also pay careful attention to the web page address. Read this explanation on how to identify false addresses (URLs).

Is it safe to give out your bank account number?

No, it’s not safe to give everyone your bank account details.

Jeremy Clarkson of Top Gear fame believed that all people could do with his bank account number is put money into his account. He was so sure he published the details in a newspaper.

atm Soon after he found £500 missing from his bank account, someone had set up a direct debit from his account and donated it to a charity called Diabetes UK.

Lesson? Don’t give out your bank account details to just anyone. In fact, give out as little personal details as possible. There are so many people in the world looking for opportunities to commit fraud and to take your money, usually using what’s called identity theft.

Sometimes you have no choice, e.g. you want to sell someone an item and you want them to deposit money in your account. It’s difficult to completely avoid these situations, but keep the information as private as possible.

Read about the incident here, it’s amusing.

Photo Gallery Downloads

powerstation This isn’t a new trick but scammers still try it. An email is sent telling the story of a tragic accident that’s happened (e.g. a nuclear meltdown in some city). There’s a link to a website with photos. It seems interesting except you’re asked to download a plugin (or codec) to view the photos.

You don’t need any plugins or codecs to view photos. And more importantly, the story about a nuclear meltdown or whatever other large disaster they think of is most probably false.

Be very cautious of anything that asks you to download a plugin or codec. It’s almost always not worth the effort and it’s almost always malware of some sort.

False Malware Cleaners

There are some programs that claim to test your computer for malware, then it will always tell you it found something bad. After that it either asks you for money to clean it or does some other misleading action.

tempted by a poison apple Based on some security company’s research there are now 500 of these programs, including some for Mac as well as for Windows.

They look like serious programs, have interesting names, and are complete with websites. Below are some of the more recent ones:

  • AVSystemCare
  • DriveCleaner
  • MalwareAlarm
  • AntiSpywareSheild
  • MacSweeper (written for the Mac)

Avoid all of these programs (don’t download or install them).

Unfortunately this is a growing trend with new products popping up all the time. Use a trusted antivirus package such as the kind that can be purchased from shops.

MySpace Pages Can Carry Viruses

There have been some pages on MySpace that cause a window to popup telling used to install a Microsoft Security Update. And instead of installing a security update it installs some malicious code.

The last one to make the news involves requests coming from a user called "Rita". This is just an arbitrary name that someone has setup, and it won’t be the last.

So if websites like MySpace or Facebook ask you to install programs on your computer you should generally ignore or deny them.

ADSL Modems in Mexico are being attacked

Yesterday’s article explained how DNS poisoning works. And there’s already quite a bit of it happening. In Mexico there’s an ISP that offers their customers ADSL modems with the brand 2Wire.

There’s an exploit for this particular model making it easy for their DNS settings to be changed, effectively attacking the internet of users. It’s as simple as opening an email with the malicious code.

If your modem is a 2Wire then change the password and filter your emails with a good anti-virus program.

iPhone Trojan

There’s an iPhone download available on the internet that is actually a trojan. After you install it, and when you try removing it, it seems to cause problems on the phone.

It’s called the iPhone firmware 1.1.3 prep tool, and people are being told it’s required before they can upgrade to version 1.1.3 of the iPhone. Do not install this application, just ignore it.

Update: it seems this utility was written by an 11 year old.