Tag Archive | "spam"

Obama Virus


Hackers and phishers are taking advantage of your need for election news by using President-elect Barack Obama’s name to get you to click on links and run programs that will infect your machine with malware.

The latest deception involves sending email with a link to President-elect Obama’s victory speech.  The link will take you to a website that requires you to  install the Adobe Flash plug-in.  Not true.  The plug-in is really a Trojan horse that installs malware on the machine. obama_biden_logo

Here is an excerpt of the the email that has been going around:

From: “President election results”
Subject: A new president, a new congress …
Barack Obama Elected 44th President of United States

Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech by clicking here

What does it do?

The Trojan’s main purpose is to steal passwords.  It runs in the background and looks for passwords, and can act as a keystroke logger.

Removal

You can remove the Trojan if you have your anti-virus software up to date.  In fact, if you do, your anti-virus will most likely stop you from getting infected, as it will identify the program as being a Trojan and prevent installation.  Don’t take any chances though.  Simply delete emails from sources you don’t know that ask you to click on links.

More Reading

McAfee Info
http://vil.nai.com/vil/content/v_153274.htm

Posted in Email, InternetComments (0)

Phishers are Using Bank Failures to Increase Scam Success


There has been a great deal of news of financial institution failures. Many banks have been swallowed up by larger institutions and mergers seem to be occurring almost on a weekly basis. Unfortunately, the troubled banking situation has opened up a door for Internet scams and phishing attacks.

Email that appears to be from a legitimate bank telling you that a merger has occurred. The merger involves your bank and this new bank and you are being asked to verify you account information. What to do?

Phishing Warning

Delete It

There is no need to keep an email like this. If your bank or your “new” bank needs to get a hold of you, they will send you a letter via snail mail. If it is important, they would not rely on email to communicate this important information. Just delete it.

Don’t Click Any Links in the Email

They may look like recognizable links to banks, but often times they are not, and will redirect you to a bogus page that looks like your banks home page. You will be asked to enter your username and password and when you do, the site re-directs you back to the bank’s real web page. But by then, it is too late. You’ve input your personal data, and now they can use it to tap into your account.

Visit the Bank Directly from Your Browser

If for some reason you haven’t deleted the email and you believe that you have received a legitimate correspondence, you should still avoid clicking on the link in the email. Instead visit the site by entering the bank’s homepage URL directly into your browser.  For instance, enter www.wamu.com in the URL field, and then navigate to the login page.  Make sure your login is secure by checking for the lock icon in your browser’s status bar.

Secure Login Lock

Secure Login Icon

Try Using OpenDNS

OpenDNS is a free service that you can easily setup to help you avoid phishing sites. They do a good job of tracking known phishing sites and will stop you from the site. Check out my post on OpenDNS for more on this great service.

We should all be cautious of email from banking institutions. Hopefully you aren’t getting to many of these because of the prevalence of good spam filters and services like OpenDNS.

Posted in Email, Web BrowsingComments (1)

UPS Virus


A Computer Virus Warning
Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.

virus_image If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody.  Simply opening the attachment will release the virus and infect your machine.

UPS has issued the following statement regarding the email.

Attention Virus Warning

 

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the

unauthorized actions of third parties.

Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.

Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.

Virus Removal

Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).

There are basically two steps to removal.

  • Stop/Suspend System Restore (WinXP)
  1. Click Start.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
  5. Click Apply.
  6. When you see the confirmation message, click Yes.
  7. Click OK.
  • Download your latest virus definition and run a full scan.

Here is the info from McAfee and Symantec

McAfee Info
http://vil.nai.com/vil/content/v_132901.htm

Symantec Info
http://www.symantec.com/security_response/writeup.jsp?docid=2008-071517-2718-99&tabid=3

Update:

9/1/2011- A new variant has surfaced with the subject of the email being “Your package has arrived”. There is no attachment, but instead a link to view the shipping invoice which contains malware.

7/24 – A new variant of this virus/trojan has been reported.  The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.

7/29 – Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket.  The attachment has the name: E-ticket_xxx.zip.

Photo Credit Nils Geylen

Posted in Anti-virus, Email, InternetComments (23)

Are Spammers Ruining Your Good Name?


A friend recently asked me a question about email messages.  He wanted to know why he was receiving notifications that his email was “undeliverable” to person “xyz” when he doesn’t even know “xyz” and insists he never sent the message.  So what happened?  Did his computer get hacked? Did he get a virus?  Probably not.  This is a symptom of a clever trick used by spammers.

Getting “undeliverable” messages from your email provider that reference people you don’t know can usually be explained in a couple of ways.

Someone who has your email address in their address book has been infected with a virus or malware.

Having been infected, their computer will run a program in the background to send out email to anyone and everyone @anywhere.com.  These machines are often called “zombies” because they are at the command of malware servers and are waiting for instructions to send out spam while running undetected on your computer.  These “zombied” computers choose a random address from the infected machine’s address book and use it as the spam messages’ “From:” address.   The virus or malware is basically making it look like all these messages were being sent by you.  When the messages can’t be delivered, either because the “To:” address was bogus, or the user’s mailbox is full, or whatever, the bounce messages go back to the “From:” address.

Spammers do this in hopes that an email from a “real”, valid address will get through the spam filters.  In reality it is the “domain name” that is fooling the spam filters.  An email address like you@well-known-company.com is more likely to evade the filters.  Really good spam filters will check the IP address the mail came from and determine whether the “From:” address domain name resides at that IP address (if you are interested about what IP addresses are, see my post entitled “What is DNS?” where I have give brief explanation).

Your email address was sold to a spammer and your name was randomly chooses as the “From:” address for the spam.

Spammers can get your “valid” email address in numerous ways (see my “9 Tips to Less Spam” post for more info on this). You are not being singled out or targeted.  It is simply the luck of the draw that your name was chosen.

Why do spammers use these methods?

Spammers like to send email, but don’t want anybody knowing who they are.  If we could easily find out who they were, we could complain to ISPs and other organizations to get the spamming operation shut down.  The dumb spammers don’t do enough to obscure the origination of their messages and indeed some have been caught and prosecuted.  But this is not the norm.  Spammers are becoming increasingly more sophisticated and have found clever ways of avoiding detection.

How do they not get caught?

They send mail from foreign countries where the US laws do not apply and local law looks the other way.  This is pretty self explanatory.  You can’t get caught if nobody cares.

They take advantage of flawed, or out of date computers or servers on the Internet.

An infected or compromised home computer is turned into a mail relay.  The messages come from random computers on the Internet and are more or less undetectable.  A few thousand emails from a few thousand machines does not necessarily raise suspicions.

Servers owned by companies and organizations that are out on the Internet for legitimate purposes can also be used maliciously.  Something called an “Open Mail Relay” is often used to distribute spam.  An “Open Mail Relay” is a server on the Internet that allows anybody to connect to send mail.  Most “Open Mail Relays” are the result of a misconfigured, un-patched or out-of-date server.  A majority of US based companies and ISPs take measures to ensure their internet servers are secure and so you will see less and less of these relays as time goes on.  If an “Open Relay” is found, with just a few automated commands, spammers can send thousands of mail messages.  By the time someone notices and shuts down the relay, thousands of mails could have been sent.  If this happens when your email address was chosen at random as the “From:” address, you more than likely would get a few “undeliverable” messages.

Bottom Line

If you find yourself getting a number of these messages, don’t worry. It happens to lots of us. Just delete the messages.  You don’t need to spend time tracking down the source or trying to notify people that you didn’t do it. The Internet is vast and you will most likely just be spinning your wheels. They will usually come in spurts and after a week or so, they will start to decline or go way entirely (at least for a little while).

Posted in Email, InternetComments (7)

9 Tips to Less Spam


What is Spam?

  • Spam is a giant nuisance.
  • Spam is a waste of time and energy as we try to delete it from our inboxes.
  • Spam is an unsolicited email sent to thousands, and sometimes millions of email boxes with the end goal of the email being some type of monetary gain for the spammer.
  • Spam works!

We get spam because it works. The reason spam works is really just a numbers game. A spam email campaign that targets 10 million email addresses, can lead to 100,000 to 500,000 or so clicks. Most spam is sent with the intent to that you click on a link in the email which will take you to a website where you can buy the product, see ads for the product, or be exposed to some sort of malware or spyware that will further exploit your computer.

Spam is also sent as a means to phish for information. Phishing emails attempt to look like they were sent from legitimate banking and financial institutions. You are often asked to enter your username, password, social security number, or account number which leads to misplaced funds or even identity theft.

What can we do about spam?

Be informed and smart about how we use email and where we display our email addresses. Here are some tips.

“Send This”, or “Email to a Friend”

When you read a blog post or news article, you can often find a link to email the post to a friend. Unless the site states that your email address will be kept private, don’t send the article. If you use this tool to send the article, they will have your email address along with your friend’s email address. If you really want to send your friend the article, then cut-and-paste the URL into a new email and send it that way.

“Opt-out”, “Unsubscribe”, or “Remove Me” links in Spam Messages

Unless you recognize the source of the email as being somewhere or some site where you previously gave an email address, don’t bother clicking on these links. Most spammers do what is called a “dictionary attack” on domains. They will send to everything and anything @yourdomain.com in the hopes they will get a hit on a real email address. If you use the unsubscribe link, they will know they’ve got a valid email address.

Enter to Win

enter to winYou’ve seen these boxes with an entry form nearby which encourage us to write down our personal information for a chance to win “something”. Read the fine print. If you give them your email address and sign the entry form, most likely you have given them permission to send you emails. Of course, if you win, maybe it’s worth it, but you probably won’t.

Webmail

Gmail or Yahoo mail services are great at filtering spam and are getting better as time goes on. If you don’t already have one of these accounts, get one or both and start forwarding your mail there (don’t do this for your corporate mail). The filters will catch most spam and keep it out of your inbox.

Plus Addressing

Use a junk webmail account for registrations, newsletters, and contact forms from sites your not sure about. If you use Gmail, they also have something called “plus addressing”. Say your email address is joeuser@gmail.com and you sign up for something that requires you to enter an email address. Instead of entering joeuser@gmail.com enter joeuser+registrationsite@gmail.com or joeuser+questionablesite@gmail.com. You will still get the email, but now you can setup a Gmail filter to move any messages sent to address joeuser+questionablesite@gmail.com to a special folder. This is also a good way to see if the site you registered on is selling the email address you gave them.

Opt-out During Sign-Up

opt out If you are registering for a site’s newsletter or other services, make sure to look for the checkbox to “opt-out” from other services. Most will try to send you “related” info from affiliates. Don’t fall for it.

Change the Address

If you want to participate in online forums, or have your email published on a site for some reason. Change the address slightly so that humans can understand what it is but bots that crawl websites for valid email addresses won’t find it. For example, don’t list jouser@gmail.com, list joeuser at gmail dot com, or joeuser@@gmail dot com. This will confuse the bots but the human reading this will understand how to reach you.

Website Contact

If you own a website, don’t put your email address on the site. Either use the “change the address” method above, or use a contact form to receive correspondence. A contact form is sometimes desired since the user doesn’t have to open their email program to send you a message.

Never Reply

Never reply to an email you think might be spam. The spammers will win if you do this. They have an address that is valid and that they can sell.

What are some of the techniques you use to fight spam? Do you have any suggestions? By the way, if you “email this” post to a friend, I promise to keep your email addresses private.

Posted in Email, InternetComments (15)


Related Sites