Time to add another fake e-mail to the long list of social engineering e-mail scams. This one looks like this.
Subject 4912-3337 Apple AppStore Confirmation
Sender Apple Up-To-Date Add contact
Apple Store
Call 1-800-MY-APPLE
#4368-66525
Order Details
You can also contact Apple Store Customer Service or visit online for more information.
Visit the Apple Online Store to purchase Apple hardware, software, and third-party accessories.
Copyright 2010 Apple Inc. All rights reserved.
This one wants you to click on the order details link, which I have removed, but if you look at the “Order Details” link more closely, you will see that it doesn’t go to the apple store but links to some place called goofbomb. I don’t feel like testing out my anti-virus or risk getting a 0-day virus or some malware, let’s just assume it’s a bad place. So keep your eyes out for this and other e-mails that claim you have purchased something, or missed a delivery, and gives you a link to your “order” or has an attachment for you to open. Quite a few of these going around these days.
Surf Safe
Last night I saw a banner ad for a “new” version of Risk. I use to play Risk, the board game, many years ago and thought this looks like fun. So I downloaded and installed it. With in a couple of minutes, ESET NOD32 was blocking downloads from a site I wasn’t at. Next time I went to use google to search for something, my search results were being redirected. Looks like it installed some malware on my computer. Most likely it’s some sort of XSS cross scripting exploit.
Read the rest of this entry »
Filed Under (malware, virus) by chris on 12-16-2009
Just got an e-mail that says it’s from e-cards@hallmark.com with the subject: You have received A Hallmark E-Card! It had an attachment called Postcard.zip which was identified by my antivirus, I use NOD32 by E-Set
__________ ESET NOD32 Antivirus warning, version of virus signature database 4693 (20091216) __________
Warning, ESET NOD32 Antivirus found the following threats in the message:
Postcard.zip – probably a variant of Win32/Merond.AA worm – deleted
Postcard.zip > ZIP > document.chm .exe – probably a variant of Win32/Merond.AA worm – was a part of the deleted object
This came from one of my works TV affiliates mailing list. So I am guessing it is one that goes through your address book and sends itself to everyone on there.
Figured this was also a good time to remind people to be careful with any “e-cards” they get. Watch out for infected attachments, as was the case with this one, and watch for links that send you to websites designed to infect you or steal your identity / information.
