Category Archives: Malware

This is why I don’t use ad-blocking plugins: so I can point out stuff like this

Today I checked out the weather forecast at, mostly to confirm my suspicions that yes, this winter is going to be eternal and that it’s never going to rise above four degrees for the rest of my life.

(Okay, the actual forecast wasn’t that bad, and it’s actually going to get a little warmer very soon, but still.)

I noticed this banner ad in the right-side column where usually puts them (among other locations):


Looks important, don’it? Like your security software is telling you something is wrong, right?

Yeah, well, it’s not. It’s an advertisement. Good thing the ONLY indication is the little Google AdWords logo in the upper right corner, eh?

Now, I don’t know exactly what this advertisement leads to, but as far as I’m concerned, they’re using deception to trick people into clicking on it. That makes me think of ransomware, because it’s almost the exact technique used by makers of that type of malicious software. Click on it and you may find your computer locked down until you pay $80 or more to some crook.

I wish I could issue “just never click on anything” as a general rule, but it’s sort of hard to use the Internet without clicking on something now and then. I would suggest this, though: if you see an ad like this on a major website, click on that little triangle AdWords logo (click carefully…you don’t want to click on the ad itself!) and use the submission form to tell Google about it. Google’s AdWords system is great because it allows access to online advertising for businesses of all sizes, but that wide-openness also means a lot of scammers get their greasy little banner ads through. It’s like those “work at home” scans in the old print newspapers, only a couple hundred million times larger in scope.

Email Scam/Malware Alert: “Corporate eFax message”

I received this message yesterday afternoon (links have been removed, but are shown in blue):

*   *   *

From: eFax <[redacted]>
Subject: Corporate eFax message – 9 pages

Fax Message [Caller-ID: 680-973-3656]

You have received a 9 pages fax at Wed, 03 Oct 2012 22:22:19 -1000.

* The reference number for this fax is min1_20121003222219.1055179.

View this fax using your PDF reader.

Click here to view this message

Please visit if you have any questions regarding this message or your service.

Thank you for using the eFax service!

Home | Contact | Login

© 2011 j2 Global Communications, Inc. All rights reserved.

eFax® is a registered trademark of j2 Global Communications, Inc.

This account is subject to the terms listed in the eFax® Customer Agreement.

*   *   *

eFax is a real company, and the whole thing looks right, with the footer and all. So how did I know this message was bad news?

By mousing-over the links. I’ve used that term before but I’ve never explained it, so here it is: to mouse over (or mouseover) is to move the cursor (the arrow, usually) on your screen over a link without clicking on it. In most web browsers and email clients, this action will show you where the link actually leads, usually in the lower left corner of the window. If the text of the link says one thing, but the information that shows up when you mouseover, that’s a good indication of foul play.

In this case, every single link was disguised. Here are the links and where they actually led, in order. Do NOT visit any of the sites listed!

  1. min1_20121003222219.1055179:
  2. Click here to view this message:
  4. Home:
  5. Contact:
  6. Login:
  7. eFax® Customer Agreement:

You’d think a legitimate message from eFax would have at least ONE link that led to, wouldn’t you? You’d also think the “from” address would contain “”

Instead, we’ve got web pages from all around the globe, including the UK and Turkey (.tr). Every single one of these pages has likely been compromised with malware.

Word on the street is that the linked sites will try to infect your computer with the BlackHole exploit kit, which takes control of your computer and adds it to a worldwide network of compromised (“zombie”) computers used to traffic illicit data, launder money and other criminal activity.

Like I said, bad news. If you get this message (the number of “pages” in the subject line may be different), don’t click. Delete it on sight.

Virus/Scam Email: BEQUEST NOTICE

From: Harry Lucas (Advocate) []
Sent: Saturday, April 28, 2012 4:22 PM
To: undisclosed recipients:
Attach: bequest.pdf

Attention! BEQUEST NOTICE, open attachment for details.

I’m going to venture an informed guess here and say that, should you receive a message like this one, whatever else you do, you really, really should not open that attachment. Whatever is in it, you don’t want it.

Fake Traffic Tickets Via Email

There’s a scam showing up in New York in which people are receiving fake traffic tickets via email. The messages contain attachments that, if opened, install some pretty nasty malware on victims’ computers.

Here’s why you should never fall for this type of attack:

Go outside and look at your car. Look at your license plate (you do have a license plate, right?). Look at the rest of your car. Unless you’ve got a small business and you’ve plastered little vinyl letters all over the car, your email address is not on display. It’s also not on your vehicle registration or your drivers license.

There is no way for a police officer or a traffic camera to look at your car and determine what your email address is.

Here’s the reason: email is not an “official” communication channel. Many (if not most) people have multiple email addresses. I could go online right now and register ten new ones inside of fifteen minutes if I wanted to. In fact…

…all done. Now, if they wanted to email me a traffic ticket, which one should they use? Keep in mind that, of the ten, I’ll only be checking three of them regularly and I won’t be making any of them public.

(Okay, you caught me. I didn’t actually register ten new addresses just now. I’m illustrating a point here.)

Email addresses are just too ethereal to be used for official communications. Your mailing address is offical—somewhere, there exists offical paperwork that says, “This is the structure to which I regularly return to rest my weary bones. This is the place where I keep my stuff while I go out and get more stuff. You can find me here most of the time.”

Of course, if your mailing address is a P.O. Box, you don’t actually live in there (unless you’re very weird). However, there is still a reasonable expectation that, “Yes, I will regularly open this little metal door to see what’s inside.”

Email addresses just change too rapidly for government use. If they’re going to mail you a speeding ticket, it’s going to show up at the mailing address on your vehicle registration.