Tag Archives: virus

Virus/Scam Email: BEQUEST NOTICE

From: Harry Lucas (Advocate) [mailto:harry-lucas@lawyer.com]
Sent: Saturday, April 28, 2012 4:22 PM
To: undisclosed recipients:
Subject: BEQUEST NOTICE
Attach: bequest.pdf

Attention! BEQUEST NOTICE, open attachment for details.

I’m going to venture an informed guess here and say that, should you receive a message like this one, whatever else you do, you really, really should not open that attachment. Whatever is in it, you don’t want it.

Chile Earthquake Scams: yet another preemptive strike.

I don’t think you’d need to be a rocket surgeon to guess that Chile Earthquake Scams are already well underway. I once posed the hypothetical, “How long does it take a crook to turn something into a scam, four minutes?”

Turns out I wasn’t giving the con artists enough credit. My new estimate is 30 seconds.

The same rules apply here as when dealing with possible Haiti Earthquake Scams. Be extremely wary of unsolicited charity donations. The best way to help is to contact your favorite organization first and turn down all other requests.

There is a short article on the topic at Scambusters that identifies a couple additional threats beyond fake charities, and both involve malware.

Basically, if a stranger sends you alleged photos of the earthquake damage, do not open these attachments because they are infected with a virus. In fact, don’t even open the message at all. There is plenty of footage coming in through official news sources.

Also, beware of fake news stories that come up in search engines. These can lead to websites that are infected with malware as well. According to the Scambusters article, these sites were up within hours of the earthquake. Just go directly to your favorite news source’s website and get your information from there. Many will even have a list of trustworthy resources if you want to donate to relief efforts.

Virus Alert: “Your internet access is going to get suspended.” (ICS Monitoring Team)

This email has been around for at least a couple years. Full text:

From: ICS Monitoring Team
Sent: Tuesday, February 09, 2010 2:48 AM
To: [email address]
Subject: Your internet access is going to get suspended

Attachment: report.zip

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

If you get this message, or anything similar, delete it immediately, and whatever you do, don’t open that attachment. It’s a virus.

I don’t know exactly what sort of malware is attached, but if I had to guess, I would assume it contained some form software that could be used to remotely gain control of your computer. These “zombie computers” can then be used as part of a “botnet” to commit other crimes. In fact, a search for “ICS Monitoring Team” returned at least one link that appeared to be software that would allow you to remotely control other computers on a network.

They were really going for the jugular with this one, weren’t they? The fact is, a lot of people download copyrighted material, so they’ve got a lot of potential victims. Your first reaction upon reading something like this would probably be a small jolt of panic, whether you’ve been downloading stuff or not. The social engineering angle here is as brilliant as the grammar and spelling are execrable. “Consorcium?” Really?

Whatever you’ve been getting up to online, this message isn’t related to it. It’s just another attempt to infect computers with some kind of bad juju. I’m not saying you should keep ripping off copyright holders. Sometimes those BitTorrents are infected with stuff, too. And remember that one kid the entire music industry practically wanted to execute nine or ten years ago? People run into trouble that way.

However, if you do get caught, most likely your Internet service provider will just shut you down with very little explanation beyond “terms of service violations.” Some third party isn’t going to be given that power, at least not in the run-of-the-mill instances.

Fraudulent Facebook email contains malware attachment.

There’s a new fake email message making its way around the web the last few months. This time, it targets Facebook users.

The messages all have something to do with your Facebook password, using subject lines such as “Password Reset Confirmation Email.” They contain an attachment that is supposed to be your new password, but is actually a pretty nasty Trojan horse program that opens your computer up to a variety of attacks. One of these programs is known as Bredolab, and it’s just bad news all around. Below is the text of an example message from “The Facebook Team:”

Hey,
Because of the measures taken to provide safety to our clients your password has been changed. You can find your new password in attached document.

Thanks

The Facebook Team

There are other fake Facebook messages that try to lure victims with a “New Login System” message and contain a disguised link. In this case, it seems to be a pretty standard password-stealing attempt, but given the amount of malware that can be spread and the fraud that can be committed with a hacked Facebook account, it could lead to much worse problems than someone just messing with your Facebook page.

Facebook is never going to send you an email message with your password as an attachment. In fact, they’re never going to send you an attachment at all. If you get one of these messages, hold your cursor over the link (DO NOT CLICK) and you’ll see that the message actually takes you to a non-Facebook website (most likely hosted overseas).

Furthermore, Facebook isn’t going to “confirm” your request for a password reset unless you’ve actually requested it, and any links contained in these messages will be hosted at Facebook.com, not a website with just an IP address (numbers separated by periods, as in “123.45.678.90”), and not a website hosted overseas.

Once again, a new threat just goes to reinforce the old rules of thumb: never open an attachment in an email message you weren’t expecting, and never click on links in an unsolicited email message without verifying first that the message is legitimate.

What is the deal with Facebook and Twitter lately? It seems like they’ve both been targets of an awful lot of phishing, fraud and malware activity these past few months.

Both sites have astounding numbers of users—I recently heard that if Facebook was a country, it would be the fourth most populous in the world, just behind the U.S.—so I imagine it has to do with the sheer numbers involved. When you’ve got over 300 million potential victims, even a 0.1% success rate (1 in 1,000) is a pretty large number of people.