Tag Archives: Malware

Virus/Scam Email: BEQUEST NOTICE

From: Harry Lucas (Advocate) [mailto:harry-lucas@lawyer.com]
Sent: Saturday, April 28, 2012 4:22 PM
To: undisclosed recipients:
Subject: BEQUEST NOTICE
Attach: bequest.pdf

Attention! BEQUEST NOTICE, open attachment for details.

I’m going to venture an informed guess here and say that, should you receive a message like this one, whatever else you do, you really, really should not open that attachment. Whatever is in it, you don’t want it.

The “Slow Computer” Scam

Does your computer seem to be running slower lately?

You’re not alone. Over time, computers tend to get bogged down. For example, you install a piece of software to accomplish some task you only perform every now and then, but the program requires that a component of itself be running in the background at all times. Or you upgrade your antivirus software—the new version does a better job of filtering out malicious software, but it also needs more system resources to do its job.

Perception also plays a role—the “new” wears off a computer pretty quickly, and what seemed like blinding speed a year ago now feels like you’re trudging through treacle every time you want to fire up a web browser, even if the machine is running just fine.

The net result is that a lot of people think, “Hey, this thing isn’t running as fast as it used to—something must be wrong!” Enter the Slow Computer Scam. It generally targets seniors, but anyone with a computer could fall for it.

It begins with a phone call from a stranger who claims to work for Microsoft. The caller tells the victim that the company has received notification that their computer has been running slowly or is infected with spyware, viruses or other problems.

At this point, if the victim agrees, the call will go one of two directions. In the first variant, the victim is instructed to go to their computer, then fed step-by-step directions by the caller that are supposed to fix the problem. What is actually happening is the victim is handing over control of their computer to a criminal, allowing them to search for files containing personal information, install spyware designed to harvest any data the victim enters, or link the computer to a botnet used to transmit data for organized criminals.

In the second version, the victim will be told that the caller can fix the problem, but only for a fee. They will be instructed to use Western Union to wire a few hundred dollars as payment.

There is a recent double-dip version in which the scammers call the same victim again a few weeks later. This time, they inform the victim that they are from Dell (or whoever manufactured the victims computer), the earlier call from Microsoft was a scam, and that their computer was infected with malware by the scammer. They offer to fix the computer for a fee of several hundred dollars, again to be wired via Western Union.

This may be one of the easiest scams to recognize. If your telephone rings, and someone is on the line telling you that there’s something wrong with your computer, that’s your cue to hang up.

Microsoft does not have a giant control room that keeps tabs on the performance of every computer in the world. Nobody is sitting at a monitor going, “Whoa. Some guy out in Indiana has a slow computer. Perkins! Get on this!”

The same goes for Dell and other computer hardware manufacturers—they don’t have a giant database of who owns their computers or how they’re running. If there’s a problem with your hardware or software, or if your machine is infected with malware, it’s basically on you to figure it out and fix it.

There is also no scenario in which Microsoft, Dell, or any other tech company is ever going to require payment via Western Union. Keep your antivirus software up-to-date, and when a stranger calls to tell you there’s a problem with your computer, hang up.

Fake Traffic Tickets Via Email

There’s a scam showing up in New York in which people are receiving fake traffic tickets via email. The messages contain attachments that, if opened, install some pretty nasty malware on victims’ computers.

Here’s why you should never fall for this type of attack:

Go outside and look at your car. Look at your license plate (you do have a license plate, right?). Look at the rest of your car. Unless you’ve got a small business and you’ve plastered little vinyl letters all over the car, your email address is not on display. It’s also not on your vehicle registration or your drivers license.

There is no way for a police officer or a traffic camera to look at your car and determine what your email address is.

Here’s the reason: email is not an “official” communication channel. Many (if not most) people have multiple email addresses. I could go online right now and register ten new ones inside of fifteen minutes if I wanted to. In fact…

…all done. Now, if they wanted to email me a traffic ticket, which one should they use? Keep in mind that, of the ten, I’ll only be checking three of them regularly and I won’t be making any of them public.

(Okay, you caught me. I didn’t actually register ten new addresses just now. I’m illustrating a point here.)

Email addresses are just too ethereal to be used for official communications. Your mailing address is offical—somewhere, there exists offical paperwork that says, “This is the structure to which I regularly return to rest my weary bones. This is the place where I keep my stuff while I go out and get more stuff. You can find me here most of the time.”

Of course, if your mailing address is a P.O. Box, you don’t actually live in there (unless you’re very weird). However, there is still a reasonable expectation that, “Yes, I will regularly open this little metal door to see what’s inside.”

Email addresses just change too rapidly for government use. If they’re going to mail you a speeding ticket, it’s going to show up at the mailing address on your vehicle registration.

Facebook “check out your profile stalkers” scam

For what seems like the millionth time, a scam has made the rounds on Facebook purporting to reveal to users who has viewed their profiles, only to turn out to be yet another in a long line of malware attacks. Here’s the text of the wall post:

“OMG! Its unbelievable now you can get to know who views your profile. I can see my top profile visitors and I am so shocked that my ex is still creeping my profile every hour.”

If you click on it, it tells you to paste a line of code into the URL field…you know what? I’m not even going to go into it. Suffice it to say that it perpetuates the scam.

Here’s the thing: there is no way to see who has viewed your Facebook profile. There’s never going to BE a way to see who has viewed your Facebook profile. OMG! I KNOW, RIGHT?!

Here are the key takeaways from this information:

  • If you see a wall post claiming to link to an application or website that shows you who has viewed your profile, don’t even stop to wonder if it’s real. It’s not. It never has been, and it never will be.
  • You don’t NEED to see who has viewed your profile. What are you really going to do with that information? If you answer that question honestly, it’s “nothing positive.”
  • You also don’t NEED to see that, no, your ex is totally NOT “creeping” your profile “every hour,” because he actually couldn’t care less what you’re up to anymore. Just enjoy the (more than a little conceited) assumption that he’s pining for you, unable to sleep or eat, scrawling tortured poetry in a black notebook under a bare 40-watt light bulb. If that’s what it takes to get you through the day.
  • If you’re still worried about who is looking at your profile, set it to “private” already.
  • If you’re still still worried about who is looking at your profile, click the little X in the upper right corner of the screen (or wherever the X is on a Mac), shut down the computer completely and stand up. Put on some shoes. Now, walk out the front door of your house and look around. Go for a run. Or a walk. Or drive to the library. Call someone on the phone and talk. Arrange to meet and do something together. Repeat daily until you no longer care who is looking at your Facebook profile.

Link: Krebs’s 3 Basic Rules for Online Safety

I usually only like to create my own content around here because my ego is just that huge. Seriously; I had to buy a different car than the one I wanted last summer because my head wouldn’t fit in a Focus.

I kid.

Anyway, sometimes somebody else just sums it up so perfectly, it’s better to just let them say it.

With that in mind, please give Krebs’s 3 Basic Rules for Online Safety a read right now. It won’t take you five minutes to read, but it lays out three principles that could save you a lot of headaches down the road.

In fact, if you’ve got a few sites you regularly read, I’d recommend adding Krebs on Security to that list.

A fictional story about a guy who did everything wrong one day

Hi there.

My name is Johnny, and I had a busy day today.

I woke up around eight because I had a new job as a secret shopper. I got an email a couple weeks ago, and they hired me on the spot when I responded. Yesterday, an envelope arrived with a check and my first assignment.

I headed to my bank around nine. At first, the teller didn’t want to cash the check because I only had six bucks in my account, but I whined and got in her face and demanded to talk to the manager until she relented. “That’s a cashier’s check,” I told her in no uncertain terms. “Those are the same as cash.”

I left the bank with $2,700 in my pocket and headed to the nearest Western Union location. The guy there kept asking me questions about the money I was wiring, so I finally told him it was for a relative in Canada, just like the secret shopping company told me to do. It was a little annoying the way he wouldn’t leave me alone. I’m going to put that in my report for sure.

By the time I was done, it was only ten o’clock. I had made $150 for less than an hour of work! I could get used to this lifestyle. I decided to head home.

The phone was ringing when I came in the door. I ran to answer, and this guy from the county courthouse was telling me I was going to be arrested for not appearing for jury duty.

“But I never got a letter that said anything about jury duty,” I said.

“That doesn’t matter,” he replied. “The fact is that you didn’t show, and an officer will be stopping by later today to make the arrest.”

“But…isn’t there some way I could just do jury duty another time? I didn’t miss on purpose.”

“Let me see what I can do, sir,” the man said. After a minute on hold, he told me I could just pay a fine and the whole thing would be taken care of. I gave him my name, date of birth, Social Security number and some credit card information to pay the fine. I was relieved when I hung up the phone. Crisis averted.

The mail had arrived, but it was nothing but a pile of credit card offers. I threw these in the trash unopened. Nobody’s going to rip me off.

I sat down on the sofa to unwind with some TV. It was mostly talk shows at that time of morning, but there was a news broadcast between commercials that caught my eye. It gave some phone number you could call to get your debts eliminated. I have a lot of debt, so I wrote down the number. It seemed like a strange place for a news alert, during the commercials, but whatever. There was a ticker on the screen and some footage of the President, so it must be some kind government program, right?

I went to the computer to write up my report for the secret shopping job. I hate my computer. It came with this virus protection software, but the only thing it’s done for the past two years is tell me my subscription is expired. It’s annoying. Plus, when I opened my web browser (Internet Explorer 6) and tried to visit a website, this window popped up offering a free virus scan. I clicked “OK” and it found like ten infections. The software that came with my computer doesn’t even work!

After the scan, there was a window that wouldn’t go away, so I just closed the browser and checked my email. There, a miracle happened. It turns out I was entered in the lottery up in Canada, and I won! $2,500,000, all for me. I called the claims agent right away. It turns out there are some taxes and fees I have to pay first, but that’s okay—they’re going to mail me a check. I think I may retire from secret shopping. After all, with two-and-a-half million, I’m going to be pretty much set for life.

I’m not going to tell anyone about it, though. I don’t want everybody asking me for money.

My name is Johnny, and I made at least ten mistakes today, if not more. Can you spot them all?

NACHA Phishing Email

History sure is repeating itself an awful lot lately. In a similar vein to the FDIC Phishing Emails I wrote about the other day, now there are malicious messages that claim to be from NACHA, which contain links to what is very likely some form of virus or spyware.

NACHA is the National Automated Clearing House Association (not to be confused with NACHO, a tasty corn chip-based snack). The organization is involved in networks that handle ACH transactions for financial institutions across the country. Much of what NACHA does is regulatory rather than operational in nature.

Here’s a sample of the email:

From: Information
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction

Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report

Naturally, the link is fake. In this case it probably executes malicious code on your computer.

Add NACHA to the list with the FDIC and NCUA—none of these organizations ever contacts consumers directly. NACHA doesn’t even handle actual ACH transactions; they’re involved in the setup of the networks that handle them.

It’s important to get in the habit of ignoring email. Even when it’s not phishing or scams, ignoring email is a great way to save time (for example, I almost never open anything with “FW:” in the subject line, because they’re almost always dumb).

But when messages like this arrive, you must make sure to never click on the links, even “just to see.” While many phishing messages take you to pages designed to steal personal information, many (if not most) phishing websites now give you a one-two phishing/malware punch; if they can’t get you to enter your account numbers, at least they can hit your computer with some spyware, which will be loaded and executed before you can even blink.

Malware Alert: Fake CareerBuilder email

I just received an incredibly dangerous looking spam message. Normally, I’d save this for a Friday installment, but this one is especially sneaky.

From: crist.and@qualityacademy.info
Date: Tuesday, May 04, 2010 3:40 AM
To: [correct address]
Subject: Re: Job Interview

Dear Employee,

Could I get an update on your resume? Your cooperation will be appreciated in this matter.
The resume we have on file for you is http://www.careerbuilder.com/ShareInfo/Resume.aspx?DID=J93JSN0382.

Best regards,
Cristian Anderson

The link is disguised; it actually takes you to http://www.horsetailtrails.com/resume.exe (don’t you even think about visiting this).

See that “.exe” at the end? That’s an executable file, and that’s bad news. If you visit the link, your computer will automatically download and run whatever malicious software is hidden under the name “resume.exe.”

This message just goes to show how tricky these crooks are. How many people are using CareerBuilder in an attempt to find a job right now? To them, a message like this might look completely harmless. Heck, it would look positively helpful—somebody’s interested; that’s what you want!

Always use extreme caution when it comes to links in emails, and never click on anything that ends in “.exe” unless you know exactly what software you’re installing on your computer, and only then if you meant to do so.

Who’s Who Among Executives and Professionals: you’d think they’d at least try to use a human name.

I received yet another “Who’s Who” spam email recently, for what must be the thousandth time this year.

This one was addressed to “Dear www.regionalfcu.org.” I wasn’t quite sure how to tell our website it had been selected as an upstanding person in the business community.

You would think they would sell a lot more directories if they’d just do ten seconds of research and find out the first name of the person they’re targeting. I mean, my first name is all over this site, along with my work email. It wouldn’t take that much effort.

However, this makes me wonder if this was a real fake Who’s Who email, or a fake fake Who’s Who message with a much more sinister purpose. The link looked strange to me, so I didn’t click on it, even for a laugh. Yes, I have been known to visit Who’s Who registration sites and just enter rude words where it asks for your name and other information. But something seemed off this time.

It could be that a real fake Who’s Who directory just decided to use a script instead of a person to harvest email addresses and names, but it could also be part of an attempt to install some form of malware.

I guess the lesson here is: don’t click on links in emails from strangers, no matter what you’re planning to do. I guess I’ll have to get a new hobby.

Ridiculous Spam Friday Lives.

I’ve got two examples of spammy fun today. The first is a short and sweet attempt to get you to open an infected file.

From: western union <danielnkasiobi4life@gmail.com>
To: undisclosed-recipients 
Date: Thursday, March 25, 2010 2:52:05 AM 
Subject: Thank you for using Western Union!!! OPEN YOUR ATTACHMENT.

Attachment: Thank you for using Western Union!.doc

Thank you for using Western Union!!!
OPEN YOUR ATTACHMENT.

Yeah, you know what? No.

It’s funny how often money wiring services like Western Union seem to come up in scams, even when the setup doesn’t involve the victim wiring money at all. I’m sure the malware in this message would allow an outside party to access and control your computer.

I think you’re supposed to get this message and think, “Whoa, it’s gonna give me an access code to get somebody else’s wire transfer!” and then open the attachment in hopes of committing what amounts to theft. One thing about dishonest people—they always assume everyone else is as dishonest as they are.

This next one is sort of long.

From: Nokia Lottery Promotion <prmmanager@live.com>
To:
Date: Thursday, March 25, 2010 4:08:09 AM 
Subject: Winning Notification.

NOKIA COMMUNICATIONS
1O4TH STAMFORD BRIDGE,
LONDON,
SW1V 3DW UNITED KINGDOM.

Congratulations!!!

We are pleased to inform you of the result of the first
online promotion conducted by Nokia Communications, your
email address was among the 30 Lucky winners who won
£1,000.000.00 (One Million Great British Pounds) each on
the NOKIA CONNECTING PEOPLE PROMOTION 2010.

Your e-mail address emerged as independent candidate with
the following Qualification Information attached:

(1) Your Lucky Number:7-17-21-26-37-42
(2) Batch: SL/06- GmbH/3434
(3) Reference Number: SL/06-GmbH/4009.

The online draws was conducted by a random selection of
email addresses from an exclusive
list of 250,000,000 E-mail addresses of individuals and
mobile phone users picked by an advanced automated random
computer search from the internet. However, no tickets were
sold but all email addresses were assigned to different
ticket numbers for representation and privacy.

The selection process was carried out through random
selection in our computerized email selection machine
(TOPAZ) from a database of over 250,000,000 email addresses
drawn from all the continents of the world.

This Lottery is approved by the British Gaming Board and
also Licensed by the The International Association of Gaming
Regulators (IAGR). This lottery is the 1st of its kind and
we intend to sensitize the public.

In order to claim your £1,000,000.00 (One Million Great
Britain Pound Sterling) prize winning, which has been
deposited in a designated bank with our offshore payment
center, However, You will have to contact the promotion
manager in charge of claims with your (Lucky Number,Batch
Number,Refference Number) for verification and then you will
be directed on how you can claim your winning funds:

Promotion Manager
Gary Morgan
For; Nokia Email Lottery
phone: +44 704 577 7980
Email: prmmanager@live.com

You are to keep all Nokia lottery information away from the
general public especially your Verification Number and Batch
Number. (This is important as a case of double claims will
not be entertained)

NOTICE: Verification claims with error or any misinformation
as regards filling for claims payment will be dishonored and
disqualified as abuse to our Policy Terms and Services. This
is in accordance with section 13(1) (n) of the National
Gambling Act as adopted in 1993 and amended on 3rd July 1996
by the constitutional assembly. Be thus informed.

*Staff of Nokia Communications Worldwide are not to partake
in this Lottery.Accept my hearty congratulations once again!

Yours faithfully,
Mrs. Gracey Anderson.
(Online Coordinator)
For: Nokia Online Lottery Promotion.

Copyright 1994-2010 The NOKIA National Lottery Inc.All
rights reserved.Terms of Service – Guideline.

Note that you are not to reply to this E-mail, please
contact your promotion manager directly to start the
processing of your claims.

Promotion Manager
Gary Morgan
Email: prmmanager@live.com

Alain S. BAGRE
Géomètre Expert Foncier
Urbaniste
01 BP 2693 Ouagadougou 01
Burkina Faso
Tél: Bureau 226 50368565
     Mobile 226 70200744

Pretty run-of-the mill lottery scam message. Nokia doesn’t hold lotteries, and they certainly don’t just give away large sums of money to random people. Who actually thinks businesses operate in this manner?

There are some pretty entertaining sentences in here, though, such as, “This lottery is the 1st of its kind and we intend to sensitize the public.” Sensitize? You’re going to make the public sensitive to the existence of the Nokia Lottery?

What an odd choice of diction. I thought they spoke English in England.

However, “you are to keep all Nokia lottery information away from the
general public” is a key sentence. In other words, don’t tell anybody about this message, because they might know it’s a lottery scam and keep you from sending us thousands of dollars.

I think part of the reason that lottery scams proliferate is that people just don’t understand how real lotteries function. When you buy a genuine $1 lottery ticket for a chance to win $100 million, your state government is actually making money on that deal. You may have only spent one dollar, but rest assured they sold more than enough tickets to cover the cost of the payout and make a large profit. That’s why states hold lotteries in the first place. They’re not just giving away money out of generosity.

One other point: companies don’t have lotteries. They might have a contest or a sweepstakes, but you never see them use the word “lottery.” Microsoft, Nokia and any other company you’ve seen in these scams are not government entities. They are private companies, and private companies don’t sell lottery tickets.