The latest deception involves sending email with a link to President-elect Obama’s victory speech. The link will take you to a website that requires you to install the Adobe Flash plug-in. Not true. The plug-in is really a Trojan horse that installs malware on the machine. 
Here is an excerpt of the the email that has been going around:
From: “President election results”
Subject: A new president, a new congress …
Barack Obama Elected 44th President of United StatesBarack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech by clicking here
What does it do?
The Trojan’s main purpose is to steal passwords. It runs in the background and looks for passwords, and can act as a keystroke logger.
Removal
You can remove the Trojan if you have your anti-virus software up to date. In fact, if you do, your anti-virus will most likely stop you from getting infected, as it will identify the program as being a Trojan and prevent installation. Don’t take any chances though. Simply delete emails from sources you don’t know that ask you to click on links.
More Reading
McAfee Info
http://vil.nai.com/vil/content/v_153274.htm
Related Articles
]]>Email that appears to be from a legitimate bank telling you that a merger has occurred. The merger involves your bank and this new bank and you are being asked to verify you account information. What to do?
Delete It
There is no need to keep an email like this. If your bank or your “new” bank needs to get a hold of you, they will send you a letter via snail mail. If it is important, they would not rely on email to communicate this important information. Just delete it.
Don’t Click Any Links in the Email
They may look like recognizable links to banks, but often times they are not, and will redirect you to a bogus page that looks like your banks home page. You will be asked to enter your username and password and when you do, the site re-directs you back to the bank’s real web page. But by then, it is too late. You’ve input your personal data, and now they can use it to tap into your account.
Visit the Bank Directly from Your Browser
If for some reason you haven’t deleted the email and you believe that you have received a legitimate correspondence, you should still avoid clicking on the link in the email. Instead visit the site by entering the bank’s homepage URL directly into your browser. For instance, enter www.wamu.com in the URL field, and then navigate to the login page. Make sure your login is secure by checking for the lock icon in your browser’s status bar.
Secure Login Icon
Try Using OpenDNS
OpenDNS is a free service that you can easily setup to help you avoid phishing sites. They do a good job of tracking known phishing sites and will stop you from the site. Check out my post on OpenDNS for more on this great service.
We should all be cautious of email from banking institutions. Hopefully you aren’t getting to many of these because of the prevalence of good spam filters and services like OpenDNS.
Related Articles
]]>Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.
If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody. Simply opening the attachment will release the virus and infect your machine.
UPS has issued the following statement regarding the email.
Attention Virus Warning
We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the
unauthorized actions of third parties.
Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.
Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.
Virus Removal
Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).
There are basically two steps to removal.
- Stop/Suspend System Restore (WinXP)
- Click Start.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
- If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
- Click Apply.
- When you see the confirmation message, click Yes.
- Click OK.
- Download your latest virus definition and run a full scan.
Here is the info from McAfee and Symantec
McAfee Info
http://vil.nai.com/vil/content/v_132901.htm
Symantec Info
http://www.symantec.com/security_response/writeup.jsp?docid=2008-071517-2718-99&tabid=3
Update:
7/24 – A new variant of this virus/trojan has been reported. The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.
7/29 – Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket. The attachment has the name: E-ticket_xxx.zip.
Photo Credit Nils Geylen
Related Articles
]]>Getting “undeliverable” messages from your email provider that reference people you don’t know can usually be explained in a couple of ways.
Someone who has your email address in their address book has been infected with a virus or malware.
Having been infected, their computer will run a program in the background to send out email to anyone and everyone @anywhere.com. These machines are often called “zombies” because they are at the command of malware servers and are waiting for instructions to send out spam while running undetected on your computer. These “zombied” computers choose a random address from the infected machine’s address book and use it as the spam messages’ “From:” address. The virus or malware is basically making it look like all these messages were being sent by you. When the messages can’t be delivered, either because the “To:” address was bogus, or the user’s mailbox is full, or whatever, the bounce messages go back to the “From:” address.
Spammers do this in hopes that an email from a “real”, valid address will get through the spam filters. In reality it is the “domain name” that is fooling the spam filters. An email address like you@well-known-company.com is more likely to evade the filters. Really good spam filters will check the IP address the mail came from and determine whether the “From:” address domain name resides at that IP address (if you are interested about what IP addresses are, see my post entitled “What is DNS?” where I have give brief explanation).
Your email address was sold to a spammer and your name was randomly chooses as the “From:” address for the spam.
Spammers can get your “valid” email address in numerous ways (see my “9 Tips to Less Spam” post for more info on this). You are not being singled out or targeted. It is simply the luck of the draw that your name was chosen.
Why do spammers use these methods?
Spammers like to send email, but don’t want anybody knowing who they are. If we could easily find out who they were, we could complain to ISPs and other organizations to get the spamming operation shut down. The dumb spammers don’t do enough to obscure the origination of their messages and indeed some have been caught and prosecuted. But this is not the norm. Spammers are becoming increasingly more sophisticated and have found clever ways of avoiding detection.
How do they not get caught?
They send mail from foreign countries where the US laws do not apply and local law looks the other way. This is pretty self explanatory. You can’t get caught if nobody cares.
They take advantage of flawed, or out of date computers or servers on the Internet.
An infected or compromised home computer is turned into a mail relay. The messages come from random computers on the Internet and are more or less undetectable. A few thousand emails from a few thousand machines does not necessarily raise suspicions.
Servers owned by companies and organizations that are out on the Internet for legitimate purposes can also be used maliciously. Something called an “Open Mail Relay” is often used to distribute spam. An “Open Mail Relay” is a server on the Internet that allows anybody to connect to send mail. Most “Open Mail Relays” are the result of a misconfigured, un-patched or out-of-date server. A majority of US based companies and ISPs take measures to ensure their internet servers are secure and so you will see less and less of these relays as time goes on. If an “Open Relay” is found, with just a few automated commands, spammers can send thousands of mail messages. By the time someone notices and shuts down the relay, thousands of mails could have been sent. If this happens when your email address was chosen at random as the “From:” address, you more than likely would get a few “undeliverable” messages.
Bottom Line
If you find yourself getting a number of these messages, don’t worry. It happens to lots of us. Just delete the messages. You don’t need to spend time tracking down the source or trying to notify people that you didn’t do it. The Internet is vast and you will most likely just be spinning your wheels. They will usually come in spurts and after a week or so, they will start to decline or go way entirely (at least for a little while).
Related Articles
]]>Emails and stories like these grab our attention because they seem believable and can get us emotional. They get us either angry, shocked, sad, or concerned. Most of the time though, these stories turn out to be false.
Urban Legends
If you have any doubt about whether these emails have any truth to them, you absolutely have to run the story by a debunking / hoax checking site because that email or story may just be and urban legend.
Snopes.com and UrbanLegends.about.com
Both Snopes.com and UrbanLegends.about.com have compiled a comprehensive list of the most common urban legends and Internet hoaxes. It only takes a moment to go to either site and do a quick search on the topic. You can even use Google or Yahoo to do the search. Try typing “site:snopes.com jay leno” into your search box (the “site:snopes.com” portion of the search will restrict the results to only pages found at snopes.com) and check out the results.
You would be surprised at how many of the chain letters we receive are actually listed on these sites. They will also go into a little detail about where and when the legend started, and if it was partially based on fact, and whether or not the story is true, a little bit true, or just plane fake. I am a little partial to Snopes.com because they have a nice color-coded breakdown by the legend’s truth factor.
Do yourself a favor before you forward on one of these messages and check one of these sites before you hit “send”. Don’t get worked up over a tearjerker or infuriating story, only to find out that it was bogus.
Fun Factor
Not only are these sites useful for checking on the status of the emails you get, but also can be quite fun to browse. Check out the section on Movies at Snopes.com or UrbanLegends.about.com’s Celebrities section. Both sites have plenty of content to keep you entertained.
Here is a screen shot of just a few of the categories that are available to puruse.
More Links
Here are a few more links to you make want to check out.
If you’ve found other good urban legend sites, I would love to get their URLs. Leave a link in the comments and I’ll be sure to add it.
Related Articles
]]>Open Wi-Fi
In a previous post, I discussed some of the mistakes that should be avoided when setting up your home’s wireless router (read Are You Making These Mistakes with Your Home Wi-Fi). One such mistake is leaving your access point “open”. Since public Wi-Fi access is usually “open” and you usually don’t have a choice about how to connect to a public access point, you should take precautions when surfing sites that may contain personal information.
Since communications between your laptop and the public access points are made over the air in an unencrypted manner, your email can be read by anybody who is savvy enough to start a free network sniffing program that is freely available for downloaded on the Internet. How much more careful about what your read at one of these hotspots would you be if you knew it was possible for someone to see the data that was being sent to our browser? How much personal information do you store in your email account?
HTTPS Browser Connections
There is something simple and easy you can do to ensure that you’re reading email securely. You can browse to your Gmail account without fear of prying eyes or network hackers. Simply use the HTTPS protocol when accessing your web email. HTTPS encrypts the data from your computer all the way back to the server you are browsing. Since the data is encrypted, even if someone is sniffing the network, they will not be able to determine what you are reading. The data simple looks like a bunch of random bits with no meaning.
Gmail and Yahoo
Both Gmail and Yahoo mail automatically redirect your browser to their “https” versions for login. This means that when you send your username and password to authenticate, it will be encrypted and secure. You can see this when browsing to mail.google.com or mail.yahoo.com. Go ahead and try it. Type “http://mail.yahoo.com” or “http://mail.google.com” in your browser’s address bar and see where you end up. You’ll notice that your browser now reflects the new address which begins with “https://”. Your browser is now using the HTTPS protocol to communicate with the login server.
A Gmail Advantage
The login process is only the beginning. Yes, your login information is secure, but unless you specifically tell the browser to use the “https://” address, your security encryption ends at the login for Gmail users. Browsing to http://mail.google.com will encrypt the login information only, but browsing to “https://mail.google.com” will not only encrypt your login, but your entire session as well. All the information sent to and from your computer to Google mail will be protected along with your username and password. This is one advance Gmail has over Yahoo mail. Yahoo mail will not encrypt the entire session even though you specify “https://” in the address bar.
A Secure HTTPS Session
Notice the “lock” icon in your browsers status bar. It is usually located somewhere near the bottom right of your browser window. If the lock icon is present, it means that your session with the web server is encrypted. Gmail uses will see the lock for the entire session (if they have browsed to the “https://” version of the page), but Yahoo users only see it at the login screen.
Other Web Email
Most mail programs provided by your ISP or hosting service do include web email. Try to access your web mail via the HTTPS address and see what happens.
Bottom Line
Be careful when browsing at public Wi-Fi hot spots. Try to use the HTTPS protocol for web mail because it can protect your privacy and security. At this point, it looks like Google has the advantage over Yahoo in this department. Don’t forget to bookmark https://mail.google.com and https://mail.yahoo.com to ensure you always use the secure pages when possible.
Related Articles
]]>- Spam is a giant nuisance.
- Spam is a waste of time and energy as we try to delete it from our inboxes.
- Spam is an unsolicited email sent to thousands, and sometimes millions of email boxes with the end goal of the email being some type of monetary gain for the spammer.
- Spam works!
We get spam because it works. The reason spam works is really just a numbers game. A spam email campaign that targets 10 million email addresses, can lead to 100,000 to 500,000 or so clicks. Most spam is sent with the intent to that you click on a link in the email which will take you to a website where you can buy the product, see ads for the product, or be exposed to some sort of malware or spyware that will further exploit your computer.
Spam is also sent as a means to phish for information. Phishing emails attempt to look like they were sent from legitimate banking and financial institutions. You are often asked to enter your username, password, social security number, or account number which leads to misplaced funds or even identity theft.
What can we do about spam?
Be informed and smart about how we use email and where we display our email addresses. Here are some tips.
“Send This”, or “Email to a Friend”
When you read a blog post or news article, you can often find a link to email the post to a friend. Unless the site states that your email address will be kept private, don’t send the article. If you use this tool to send the article, they will have your email address along with your friend’s email address. If you really want to send your friend the article, then cut-and-paste the URL into a new email and send it that way.
“Opt-out”, “Unsubscribe”, or “Remove Me” links in Spam Messages
Unless you recognize the source of the email as being somewhere or some site where you previously gave an email address, don’t bother clicking on these links. Most spammers do what is called a “dictionary attack” on domains. They will send to everything and anything @yourdomain.com in the hopes they will get a hit on a real email address. If you use the unsubscribe link, they will know they’ve got a valid email address.
Enter to Win
You’ve seen these boxes with an entry form nearby which encourage us to write down our personal information for a chance to win “something”. Read the fine print. If you give them your email address and sign the entry form, most likely you have given them permission to send you emails. Of course, if you win, maybe it’s worth it, but you probably won’t.
Webmail
Gmail or Yahoo mail services are great at filtering spam and are getting better as time goes on. If you don’t already have one of these accounts, get one or both and start forwarding your mail there (don’t do this for your corporate mail). The filters will catch most spam and keep it out of your inbox.
Plus Addressing
Use a junk webmail account for registrations, newsletters, and contact forms from sites your not sure about. If you use Gmail, they also have something called “plus addressing”. Say your email address is joeuser@gmail.com and you sign up for something that requires you to enter an email address. Instead of entering joeuser@gmail.com enter joeuser+registrationsite@gmail.com or joeuser+questionablesite@gmail.com. You will still get the email, but now you can setup a Gmail filter to move any messages sent to address joeuser+questionablesite@gmail.com to a special folder. This is also a good way to see if the site you registered on is selling the email address you gave them.
Opt-out During Sign-Up
If you are registering for a site’s newsletter or other services, make sure to look for the checkbox to “opt-out” from other services. Most will try to send you “related” info from affiliates. Don’t fall for it.
Change the Address
If you want to participate in online forums, or have your email published on a site for some reason. Change the address slightly so that humans can understand what it is but bots that crawl websites for valid email addresses won’t find it. For example, don’t list jouser@gmail.com, list joeuser at gmail dot com, or joeuser@@gmail dot com. This will confuse the bots but the human reading this will understand how to reach you.
Website Contact
If you own a website, don’t put your email address on the site. Either use the “change the address” method above, or use a contact form to receive correspondence. A contact form is sometimes desired since the user doesn’t have to open their email program to send you a message.
Never Reply
Never reply to an email you think might be spam. The spammers will win if you do this. They have an address that is valid and that they can sell.
What are some of the techniques you use to fight spam? Do you have any suggestions? By the way, if you “email this” post to a friend, I promise to keep your email addresses private.