There are a lot of fake Pay Pal e-mails going around but I don’t think I’ve mentioned them before so I am now.

The practice of trying to trick someone into giving out their personal information, such as bank account, social security number, even your name and address, is called phishing. The goal of phishing is identity theft.

I received this e-mail last night. First lets, take a look at the e-mail itself and then I will point out some items of interest and common techniques used by phishers. And finally, what you can do to help in the fight against phishers.
Read the rest of this entry »

It’s been a busy 48 hours for the e-mail virus ruffians. I suspect with Mother’s Day approaching it will only get worse. Keep an eye out for fake Mother’s Day e-cards and the like. The following examples were all received in the last 48 hours.

The first one I have a feeling might trick a few people. It claims to be from the iTunes Store..

From: iTunes Store [certificate@itunes.com]
Subject: Thank you for buying iTunes Gift Certificate!

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00 You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

The payload is in the attachment iTunes_certificate_497.zip which contains the file iTunes_certificate_497.exe
ESET NOD32 identifies this as Win32/Oficla.GT trojan

Next up, are 3 variations of the, we missed you and couldn’t deliver something scam.

From: DHL Support Kimberly Parsons [delivery@dhl-usa.com]
Subject: DHL delivery problem Nr22755.

Hello!

We were not able to deliver the postal package sent on the 8th of March in time because the addressee’s address is not correct.
Please print out the invoice copy attached and collect the package at our department.

DHL Customer Services.

From: DHL Manager Javier Stratton [courier@dhl-usa.com]
Subject: DHL delivery problem Nr00684.

Dear customer!

We were not able to deliver the postal package which was sent on the 21st of February in time because the addressee’s address is wrong.
Please print out the invoice copy attached and collect the package at our office.

DHL Express Services.

From: Service Manager Chandra Morales [manager@ups.com]
Subject: UPS Delivery Problem NR 52979.

Dear customer!

We failed to deliver postal package which was sent on the 15th of February in time because the recipient’s address is erroneous.
Please print out the invoice copy attached and collect the package at our department.

DHL Customer Services.

The attachments for these were:
DHL_invoice_6817.zip which is Win32/Oficla.GQ trojan
DHL_invoice_2817.zip which also is Win32/Oficla.GQ trojan
UPS_invoice_5978.zip – which is a variant of Win32/Injector.BNG trojan

Remember to keep an eye out for fake Mother’s day scams too.

A co-worker and friend of mine were talking the other day about the growth of the internet. He has not been a long time fan of the internet. When I first went to work there in 2005 he let me know that he had no interest in owning a computer. He used the internet for getting the current weather forecasts in the morning for the weather segment of his radio shows. He also used it a little for e-mail, but that was about it. A couple years later I was trying to convince him he should get a computer for his home. Once again he told me he had zero interest in owning a computer. Last year he finally got a computer for his home, which he has at his desk in the living room. While I was at his house we were watching something, and we had a question about something we were watching. We were wondering when a movie came out or something like that and he jumped on IMDB and we had the answer.
This got us talking about how remarkable it was that in this day and age we could find the answer to any question, no mater how obscure it was, almost instantly. When I reminded him how he told me a few years earlier, he had zero interest in computers or the internet, he couldn’t believe he even said that.
He was asking me some questions about the internet because he knew I had been on it for a long time. I got on the internet for the first time back in 1993 or 1994. I told him how I remembered seeing a statistic back then that there were 5 million e-mail addresses and about a year or so later that had jumped 30 million. At the time I was blown away by this statistic.
When I got my first computer I was 13 and in 8th grade. It was a used Apple ][+. I loved it and spent many hours everyday after school and in the evening exploring what I could do with it. None of my friends shared my interest or enthusiasm for computers. About a year or so later I got a 300 baud modem and entered the world of BBS’s and spent even more hours staring at my Amdek Color-1 monitor, which by the way still works and is in front of me now hooked up to a wifi security camera. And I still could never get my friends interested in computers. Of course that has all changed and I am now talking to most of them daily on Facebook. But I digress.
Back to my story. My friend, Bob, asked me how many people were on the internet now or how many people had internet access. To which I had to answer I had no idea. There was no way I could estimate or even guess at this point. Tonight I came across a site which has some pretty good statistics about this. So if you are also curious about this you can go to Internet World Stats and get a pretty good overview of it. And one other site I find interesting is the real time statistics at Akamai

Time to add another fake e-mail to the long list of social engineering e-mail scams. This one looks like this.

Subject 4912-3337 Apple AppStore Confirmation
Sender Apple Up-To-Date Add contact

Apple Store
Call 1-800-MY-APPLE

#4368-66525
Order Details

You can also contact Apple Store Customer Service or visit online for more information.

Visit the Apple Online Store to purchase Apple hardware, software, and third-party accessories.
Copyright 2010 Apple Inc. All rights reserved.

This one wants you to click on the order details link, which I have removed, but if you look at the “Order Details” link more closely, you will see that it doesn’t go to the apple store but links to some place called goofbomb. I don’t feel like testing out my anti-virus or risk getting a 0-day virus or some malware, let’s just assume it’s a bad place. So keep your eyes out for this and other e-mails that claim you have purchased something, or missed a delivery, and gives you a link to your “order” or has an attachment for you to open. Quite a few of these going around these days.

Surf Safe

The traffic I was getting last year was 1000-2000 visits a day. This had me pretty excited and I was trying to make sure I added new content at least a couple times a week. Then about a month or so ago, my traffic really dropped off, at some point it was down to 200-300 visits a day. This killed my enthusiasm and as you can see, I haven’t posted much. I know I should probably post more if I want more traffic.

Well I just looked at my page stats and I see I’m getting close to the 1000 again. So when I get home tonight I’m going to post at least one new article. It’s one I have been saving or I should say it’s an answer to a previous problem I had been working on and talked about here. The search results redirection malware that I was trying to remove. I found something that got rid of it! Anyways, I don’t want to say too much right now or else I won’t have anything to write about now will I.

Sorry for slacking off. Two years or so ago I wasn’t even getting 100 page views a day, much less 100 visitors. When my traffic started climbing every month by like 50%, I guess I got spoiled. And when it peaked in December, I should have been ready for the decline. It was just nice to know that people were actually reading what I put on here. And now that I see that’s happening again, I’ll get back to work. Thanks for stopping by

-Chris / PC CyberTek

Here’s another little fix that I performed on one of my computers that I thought I would share. When I play videos on sites like Youtube, while in full screen mode, the video itself would often freeze after playing for a minute or two. The audio would continue to play correctly and if I would escape from full screen mode back to a normal video playing in the webpage, the video would begin to play correctly again.

It seems that using hardware video acceleration was the culprit. Once I disabled it, everything worked fine. This is easy to do. Just right mouse click on the video that is playing. Then a window should open that says Adobe Flash Player Settings. Select settings and then uncheck the box that says enable hardware settings. If you don’t have that option, you may need to click on the icon at the bottom right of that window. It looks like a monitor with a paintbrush. And that’s it. Your videos should now play in full screen mode without the video freezing.

Last night I saw a banner ad for a “new” version of Risk. I use to play Risk, the board game, many years ago and thought this looks like fun. So I downloaded and installed it. With in a couple of minutes, ESET NOD32 was blocking downloads from a site I wasn’t at. Next time I went to use google to search for something, my search results were being redirected. Looks like it installed some malware on my computer. Most likely it’s some sort of XSS cross scripting exploit.
Read the rest of this entry »

Just a quick warning about a couple of e-mails that had a virus attachment. They are both pretending to be from U.S. Shipping companies.

First we have this one from “UPS”

From: UPS Manager Romeo Law [delivery@ups.com]

Subject:  UPS Delivery Problem NR 08488.

Dear customer!

We failed to deliver the package sent on the 6th of January in time because the recipient’s address is incorrect.

Please print out the invoice copy attached and collect the package at our office.

United Parcel Service of America.

Dear customer!
We failed to deliver the package sent on the 6th of January in time
Read the rest of this entry »

If you follow this blog, you know that I did an article on the first stable release of Namp http://www.pccybertek.com/2010/01/nmap-5-20-released yesterday. Now that it has been out for a week, Fydor has already released another update, Namp 5.21 which is also a stable
release and not a beta. It’s mainly just a bug fix release. So I have updated the download section here with a link to the 5.21 release, which is on the right column about 3/4 of the way down the page. My download link is directly to the file on the insecure.org website or you can go to the Nmap download page yourself.

But I don’t want to just tell you about the update, I’d like to offer you some more since you took the time to stop by here. So here is a link to Iron Geek’s Baisc Nmap Tutorial video. And if already know the basics and would like to move on to some more advanced lesson, here is Iron Geek’s Nmap Video Tutorial 2: Port Scan Boogaloo Happy port knocking.

Some how this one slipped by me because it was published by Adobe on the 19th.

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided above.

This update resolves a buffer overflow vulnerability that could potentially lead to code execution (CVE-2009-4002).

This update resolves multiple integer overflow vulnerabilities that could potentially lead to code execution (CVE-2009-4003).

Download Adobe Shockwave Player version 11.5.6.606  here

You can find out which version you have by going here Test Adobe Shockwave Player