Category Archives: Malware

If you’ve let your antivirus subscription lapse, renew it today

There are basically two options available for safe use of the Internet:

  1. Get antivirus software, keep it updated, and scan your computer regularly;
  2. Don’t go online, for any reason, ever, forever.

We are well past the old days where getting a computer virus was mostly just irritating. Malware is big business for organized crime, and your computer can be locked up forever unless you pay (ransomware) or infected with programs designed to steal banking credentials.

You can lose a lot of money, in other words.

There’s a new threat called GozNym. I’m still researching it so I can tell you more, but so far the details I’ve found are hazy. It’s referred to as “Trojan horse” malware in some of the articles I’ve read. That usually means the victim opens a file they think is something else and gets infected, but that’s about all I know at this point. I can tell you this: GozNym targets financial accounts. GozNym is bad. You don’t want it. [smash cut to Elaine Benes from Seinfeld shouting “I know I don’t want it! I don’t need you to tell me what I don’t want, you stupid hipster doofus!” at Kramer]

And I can also tell you this: if you get an email with a file attached, be extremely careful about opening or running that file. Is it from someone you know? Is it something you asked for? Are you being led to believe it’s from the FBI or a local police department, or is it a “shipping confirmation” from an online retailer? Slow down. Think before you click anything.

I can also tell you not to download anything just because a website is asking you to download it. And even if you did go searching for files or software to download, make sure you know what you’re getting before you download or run anything. And scan it for viruses before you run it.

But you also have to have some form of antivirus software on your computer. It won’t be perfect. It won’t protect you from 100% of malware 100% of the time. Sometimes a new threat can’t be detected yet, and careless behavior on your part can almost always defeat even the best antivirus programs. And they usually cost money.

But they’re vital. That yearly subscription cost isn’t just a racket. Sure, it hurts to shell out $30 or $50 or more, but some things hurt even worse, like losing five years of digital photos or having a business’s checking account cleaned out.

An example of the exact type of email you should NOT open

Here’s a screenshot of something that appeared in my inbox recently:


I spend a lot of time trying to describe the kinds of emails you should avoid, but this one illustrates those concepts perfectly. Let’s look at a few warning signs:

  1. The message wasn’t expected (I’m not a USAA member, but even if I was, this isn’t a usual email)
  2. The subject line is intended to provoke a fear reaction
  3. The subject line is kind of weird, grammatically; are they saying that a “New Document” has been prevented? If “Due to Suspicious Sign-in” modifies the subject of the sentence, which in this case is “New Document,” then…okay, you get it;  it just reads weird.
  4. There is a file attached (the little paperclip icon)

What is supposed to happen with this kind of email is that the victim sees “Suspicious Sign-in” and immediately opens the message, which is most likely blank or contains instructions to open the attached file. Once the victim does that, some form of malicious software, anything from spyware to ransomware, will be installed on their computer.

What actually happens, when the recipient knows some of the warning signs, is that the message is immediately deleted and causes no harm.

Also note that this message slipped past some pretty burly anti-spam and anti-malware software. Those tools are important, but sometimes a dangerous email still makes it through. Stay vigilant!

This is why I don’t use ad-blocking plugins: so I can point out stuff like this

Today I checked out the weather forecast at, mostly to confirm my suspicions that yes, this winter is going to be eternal and that it’s never going to rise above four degrees for the rest of my life.

(Okay, the actual forecast wasn’t that bad, and it’s actually going to get a little warmer very soon, but still.)

I noticed this banner ad in the right-side column where usually puts them (among other locations):


Looks important, don’it? Like your security software is telling you something is wrong, right?

Yeah, well, it’s not. It’s an advertisement. Good thing the ONLY indication is the little Google AdWords logo in the upper right corner, eh?

Now, I don’t know exactly what this advertisement leads to, but as far as I’m concerned, they’re using deception to trick people into clicking on it. That makes me think of ransomware, because it’s almost the exact technique used by makers of that type of malicious software. Click on it and you may find your computer locked down until you pay $80 or more to some crook.

I wish I could issue “just never click on anything” as a general rule, but it’s sort of hard to use the Internet without clicking on something now and then. I would suggest this, though: if you see an ad like this on a major website, click on that little triangle AdWords logo (click carefully…you don’t want to click on the ad itself!) and use the submission form to tell Google about it. Google’s AdWords system is great because it allows access to online advertising for businesses of all sizes, but that wide-openness also means a lot of scammers get their greasy little banner ads through. It’s like those “work at home” scans in the old print newspapers, only a couple hundred million times larger in scope.

Email Scam/Malware Alert: “Corporate eFax message”

I received this message yesterday afternoon (links have been removed, but are shown in blue):

*   *   *

From: eFax <[redacted]>
Subject: Corporate eFax message – 9 pages

Fax Message [Caller-ID: 680-973-3656]

You have received a 9 pages fax at Wed, 03 Oct 2012 22:22:19 -1000.

* The reference number for this fax is min1_20121003222219.1055179.

View this fax using your PDF reader.

Click here to view this message

Please visit if you have any questions regarding this message or your service.

Thank you for using the eFax service!

Home | Contact | Login

© 2011 j2 Global Communications, Inc. All rights reserved.

eFax® is a registered trademark of j2 Global Communications, Inc.

This account is subject to the terms listed in the eFax® Customer Agreement.

*   *   *

eFax is a real company, and the whole thing looks right, with the footer and all. So how did I know this message was bad news?

By mousing-over the links. I’ve used that term before but I’ve never explained it, so here it is: to mouse over (or mouseover) is to move the cursor (the arrow, usually) on your screen over a link without clicking on it. In most web browsers and email clients, this action will show you where the link actually leads, usually in the lower left corner of the window. If the text of the link says one thing, but the information that shows up when you mouseover, that’s a good indication of foul play.

In this case, every single link was disguised. Here are the links and where they actually led, in order. Do NOT visit any of the sites listed!

  1. min1_20121003222219.1055179:
  2. Click here to view this message:
  4. Home:
  5. Contact:
  6. Login:
  7. eFax® Customer Agreement:

You’d think a legitimate message from eFax would have at least ONE link that led to, wouldn’t you? You’d also think the “from” address would contain “”

Instead, we’ve got web pages from all around the globe, including the UK and Turkey (.tr). Every single one of these pages has likely been compromised with malware.

Word on the street is that the linked sites will try to infect your computer with the BlackHole exploit kit, which takes control of your computer and adds it to a worldwide network of compromised (“zombie”) computers used to traffic illicit data, launder money and other criminal activity.

Like I said, bad news. If you get this message (the number of “pages” in the subject line may be different), don’t click. Delete it on sight.

Virus/Scam Email: BEQUEST NOTICE

From: Harry Lucas (Advocate) []
Sent: Saturday, April 28, 2012 4:22 PM
To: undisclosed recipients:
Attach: bequest.pdf

Attention! BEQUEST NOTICE, open attachment for details.

I’m going to venture an informed guess here and say that, should you receive a message like this one, whatever else you do, you really, really should not open that attachment. Whatever is in it, you don’t want it.

Fake Traffic Tickets Via Email

There’s a scam showing up in New York in which people are receiving fake traffic tickets via email. The messages contain attachments that, if opened, install some pretty nasty malware on victims’ computers.

Here’s why you should never fall for this type of attack:

Go outside and look at your car. Look at your license plate (you do have a license plate, right?). Look at the rest of your car. Unless you’ve got a small business and you’ve plastered little vinyl letters all over the car, your email address is not on display. It’s also not on your vehicle registration or your drivers license.

There is no way for a police officer or a traffic camera to look at your car and determine what your email address is.

Here’s the reason: email is not an “official” communication channel. Many (if not most) people have multiple email addresses. I could go online right now and register ten new ones inside of fifteen minutes if I wanted to. In fact…

…all done. Now, if they wanted to email me a traffic ticket, which one should they use? Keep in mind that, of the ten, I’ll only be checking three of them regularly and I won’t be making any of them public.

(Okay, you caught me. I didn’t actually register ten new addresses just now. I’m illustrating a point here.)

Email addresses are just too ethereal to be used for official communications. Your mailing address is offical—somewhere, there exists offical paperwork that says, “This is the structure to which I regularly return to rest my weary bones. This is the place where I keep my stuff while I go out and get more stuff. You can find me here most of the time.”

Of course, if your mailing address is a P.O. Box, you don’t actually live in there (unless you’re very weird). However, there is still a reasonable expectation that, “Yes, I will regularly open this little metal door to see what’s inside.”

Email addresses just change too rapidly for government use. If they’re going to mail you a speeding ticket, it’s going to show up at the mailing address on your vehicle registration.