Category Archives: cybercrime

Facebook Admin E-mail

3
Posted by chris on Friday, April 15, 2011 – 11:34 AM
Filed under cybercrime, e-mail, Facebook, malware

Just in case you still think one day you may get a useful attachment in your e-mail, you should know it won’t be coming from someone claiming to be a Facebook Administrator. Here’s a scam e-mail I got this morning..

from: Administration of Facebook [official-no.893@facebook.com]
subject: Facebook Support. Personal data has been changed! No81864
attachment: Facebook_Password_INM.152.zip (99k)

body:

Security service of FaceBook.

Your password is not secure!
To secure your account the password has been changed automatically!
Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Your Facebook

He was astonished at the ease with which he twisted Deane upon his back and put the handcuffs about his wrists.The work was no sooner done than he understood. A rag was tied about Deanes head, and it was stained with blood. The mans arms and body were limp. He looked at Billy with dulled eyes, and as he slowly realized what had happened a groan broke from his lips. In an instant Billy was on his knees beside him. He had seen Deane twice before, over at Churchill, but this was the first time that he had ever looked closely into his face. It was a face worn by hardship and mental torture. The cheeks were thinned, and the steel-gray eyes that looked up into Billys were reddened by weeks and months of fighting against storm. It was the face, not of a criminal, but of a man whom Billy would have trusted– blonde-mustached, fearless, and filled with that clean-cut strength which associates itself with fairness and open fighting.

That’s kind of weird, isn’t it. I mean do they think this little piece of a story will make you lose all control and run the attached virus file? Maybe the author is looking for a book deal and wants to steal a publishers identification. Either way, do not open the attachment, it contains a virus/trojan. At the time of this writing, 25 of 42 antivirus programs detect it, according to VirusTotal

One final thought. Facebook has come under major attack lately. By now you should know better than to ever open an attachment from anyone you don’t expect to get one from. I would also go a step farther, and not click on any links that come in e-mails claiming to be from Facebook. Just go directly to Facebook, either by typing in the address yourself, or using a bookmark YOU created yourself.
Stay Safe

Fake Xvid Update Serving Up Malware

7
Posted by chris on Sunday, April 10, 2011 – 10:52 PM
Filed under adware, cybercrime, malware, scams, video, virus
Tagged as , , , , ,

I’m going to make this short and sweet to get the word out there. I will delve further into what actual malware is being served and what the effects are at a further date.

The following image was taken from a screen shot I made. It shows the fake video player that shows a rotating “waiting” graphic and pretends that it can’t load the video because it needs to be updated.

I knew this was a threat because I’m also a video editor and I keep all my codecs up to date. However, I thought I would pursue this further so I could see what file was going to be installed. Then I could run analysis on it and report my findings here. But I was running ESET NOD32 and it recognized this page was a threat and also blocked whatever this page tried top send me. You can see the results below.

Fake xvid page block

So just don’t update your video player through any website that claims your video player needs to be update to view an online video. I would imagine there will be variations of this soon. Like fake Quicktime Player or Windows Media Player updates. I will grab a copy of the file this site is trying to distribute, for further analysis, later and post my findings here. That’s going to take some time and I have seen this fake xvid update a couple times now and decided I should spread the word sooner rather than later.

Phishing & Fake PayPal e-mails

13
Posted by chris on Sunday, May 9, 2010 – 12:23 AM
Filed under cybercrime, e-mail, phishing, scams, security
Tagged as , , , ,

There are a lot of fake Pay Pal e-mails going around but I don’t think I’ve mentioned them before so I am now.

The practice of trying to trick someone into giving out their personal information, such as bank account, social security number, even your name and address, is called phishing. The goal of phishing is identity theft.

I received this e-mail last night. First lets, take a look at the e-mail itself and then I will point out some items of interest and common techniques used by phishers. And finally, what you can do to help in the fight against phishers.
Read More »

Malware Removal Sites, Software and Thoughts

6
Posted by chris on Sunday, February 7, 2010 – 1:50 AM
Filed under adware, cybercrime, free software, malware
Tagged as , ,

Last night I saw a banner ad for a “new” version of Risk. I use to play Risk, the board game, many years ago and thought this looks like fun. So I downloaded and installed it. With in a couple of minutes, ESET NOD32 was blocking downloads from a site I wasn’t at. Next time I went to use google to search for something, my search results were being redirected. Looks like it installed some malware on my computer. Most likely it’s some sort of XSS cross scripting exploit.
Read More »

Spyware Protect 2009 is a Virus

2
Posted by chris on Saturday, June 13, 2009 – 7:52 PM
Filed under botnets, conficker, cybercrime, free software, malware, phishing, scams, software, virus
Tagged as , , ,

ConfickerFakeAV I’m sure you have all seen this before. Your surfing along, when all of a sudden, you get a pop-up that alerts you that your computer is infected! YIKES! What to do!??! Ah, you can just download a “free” program that will fix it for you. I’d hope you already know, this is a scam. It’s one of two things. You can either download a legit program that will scan your computer, tell you how badly infected it is and you can purchase a full version of the program to remove all your “infections.” Just in case your not really infected, these programs will increase your infection count by adding your cookies to the list. Pretty good way to jack up the numbers, but I wouldn’t call cookies an infection. And I sure don’t have to buy any program to remove them. The other thing that could happen, and probably will is, you will download a program that will then install it’s own addware. Turns out they have a name for this stuff now, and that name is Scareware.

Turns out many people are still falling for this scam. I had to clean my parents computer up, from one of these. Try doing it over VNC, and you may have your patience tested like I did. Anyways, the old folks aren’t the only ones falling for this, and now their is a new variation. Spware Protect 2009, is the new breed of scareware. Not only does it con you by getting you to install it, it actually does damage to get you to “purchase” it for $49.99 and install a trojan downloader. Meanwhile it increases the pop ups telling you how infected your computer is. So you order the program with your credit card and guess what, you just gave them your credit card number, no hacking needed. A local electronics store, with the initials RS, got hit by it and from what I could get out of them, sounds like the whole corp has been infected through their network.

Since I first found out about this last week, I’ve found out that it’s now also being installed by the conficker virus. At first I was thinking, wouldn’t people be suspicious if there was a new piece of software, on their computer? I sure as hell would. Then I started thinking about it, in a corporate situation. Some poor schmuck, in accounting or where ever, could think it was installed by their IT Dept. So the keylogger installed would run until the computer crashed. The one good thing is, the domain that was selling Spyware Protect 2009 is gone. Keep an eye out for variations with new names and the same or slightly modified interface.

-Your friendly neighborhood PC Cybertek

Trustworthy Conficker Resources

0
Posted by chris on Tuesday, March 31, 2009 – 12:35 PM
Filed under blog support, botnets, conficker, cybercrime, fix, free software, patch, security, software, spam, video games, virus, Windows
Tagged as , ,

With all the media hype about conficker, I thought you might like a good collection of trustworthy resources. Beware of websites that have recently registered as “conficker help.” In fact, just avoid them all together. There’s also reports of malicious software masquerading as detection and cleaning tools for Conficker-infected computers, as well as spam offering the same.

computer-virusThere’s no need to try and figure out what’s safe or real and what has more sinister plans in mind. The good folks at dshield.org have been keeping an updated list of third party information on conficker. Here you can find plenty of free conficker detection and removal tools, general information and the microsoft patch. That should help keep you updated, safe and informed.

I’ve also found out about one other real neat way of detecting it, but it’s for more advanced users, so I’m going to make a seperate post about it.

Conficker Help and Resources

0
Posted by chris on Tuesday, March 31, 2009 – 10:39 AM
Filed under 0day, botnets, cybercrime, security

I’m going to post some helpful info about conficker in a bit. I’m at work right now and can’t. Will do it at lunch… Some real good and timely resources. Be sure to check back

Who Is In Your Router

0
Posted by chris on Monday, March 30, 2009 – 12:45 PM
Filed under cybercrime, hacking, networking, security, vidcasts

An interesting post today, on the Internet Storm Center, reminds us to look over our router logs. Also, disable remote administration of the router, unless it’s absolutely necessary.

You can see what happens when someone guesses an easy password and gets into a router, and the lsessons learned, here.

NZ Botnet Teen Faces Extradition

0
Posted by chris on Monday, December 10, 2007 – 9:54 PM
Filed under botnets, cybercrime, FBI, international, virus


New details have been released about the New Zealand teen who is one of the most recent, and youngest, snared by the FBI in an operation dubbed Bot Roast II. Multiple arrests and convictions have come from this FBI sting.

Owen Walker, an 18 year old from Whitianga, New Zealand, is suspected of creating malicious software that took control of over a million computers. The FBI also believes AKILL, Walker’s online handle or nick name, is “the ringleader of an elite international botnet coding group” and has caused “more than $25 million in economic loss”. If evidence is found that warrants charges, Walker could be charged either in New Zealand or extradited and charged in the United States.

So far eight others, here in the U.S., have been charged in relation to the FBI’s investigation of Walker’s software. Three of them have been sentenced with jail terms of 12 to 47 months.

Botnets are comprised of computers which have been infected with malicious software. These computers are also known as “zombies” and can be used to for various illegal activities. Some “zombies” are used for phishing scams, identify theft, spam, network attacks, and scanning for vulnerable computers and websites which they can then install the botnet software on. People who contol these botnets are known as bot herders. Some bot herders have control of millions of computers. Currently it is estimated that there are approximately 150 million botnet infected computers.