Alert: Fake Facebook Email – Its another trick to get you to download a virus.

Another “old friend” seems to be making an email visit again. People have started getting the following email claiming that “The Facebook team” has reset your password and that you have to click on the download to get your information….

***********************************************************************************************************

Facebook Password Reset Confirmation NR.2033
From: The Facebook Team | Date:
17/03/2010 8:09 AM | Email
To: xxxxxxx@xxxxxx.com
Attachments: Facebook_password_2264.zip (62 KB) (62 KB)
Hey xxxxxx ,
Because of the measures taken to provide safety to our clients, your
password has been changed.
You can find your new password in attached <document.
Thanks,
The Facebook Team.

***********************************************************************************************************

Considering how many calls and messages I’ve gotten today about infected machines, I’m know people are falling for it. So lets start with a simple lesson : FACEBOOK DOES NOT RANDOMLY CHANGE USERS PASSWORDS AND IT DOES NOT SEND YOU VIA EMAIL YOUR UPDATED INFORMATION IN AN ATTACHMENT. SO DONT OPEN THIS EMAIL IF YOU GET IT. OK with that being said, here are some tips while using Facebook (Directly from the Facebook Blog http://www.facebook.com/security?ref=blog#!/security?v=app_7146470109&ref=mf (http://www NULL.facebook NULL.com/security?ref=blog#!/security?v=app_7146470109&ref=mf) )

When we talk about security, we’re talking about scams, viruses, and hacks that could infect your computer or take over your Facebook account and result in a lot of annoyance for you and your friends.
Security isn’t just an issue on Facebook, but all over the web, which is why it’s important to be aware online, and to learn how to protect your accounts and your computer.
Here are some ways to be smart and aware on Facebook and across the Internet:

Use different passwords for your various online accounts. If you use the same password everywhere, and it’s stolen, you could lose access to all of your accounts at once.

Be wary of where you enter your password. Just because a page on the Internet looks like Facebook or another site you use, it doesn’t mean that it is. Check the address bar in your browser, and learn to tell the difference between a good URL and a bad one. If you ever have doubts about the legitimacy of a link, simply type the website’s URL (for example, http://www.facebook.com) into the address bar.

Don’t share your passwords with anyone. Don’t do it. Most reputable online services will never ask for your password through any form of communication.

Don’t click on links or open attachments in suspicious emails. If the email looks weird, don’t trust it, and delete it from your inbox immediately.

Use a complex password that can’t be easily guessed. Avoid common words, and make sure your password is at least eight characters long and includes capital and lower case letters, numbers, and symbols.

Be suspicious of any email or message that contains an urgent request or asks you to update your information or provide new information.

Be suspicious of emails or messages that contain misspellings or use bad grammar, especially if they’re from someone who is usually a good writer.

Make sure you have an up-to-date web browser equipped with an anti-phishing blacklist. Some examples are Internet Explorer 8.0 and Firefox 3.0.10.

Make sure you have up-to-date comprehensive security software on your computer that includes anti-virus, anti-spyware, anti-phishing, and a firewall.

Make sure you’ve set your operating system to update automatically.

Make sure you’ve listed a security question and answer for your online accounts. This will come in handy if you ever lose access and need to prove who you are. You can do this on Facebook from the Account Settings (https://register NULL.facebook NULL.com/editaccount NULL.php) page. You should also add a mobile phone number from this page (http://www NULL.facebook NULL.com/mobile/?settings), which will help if we ever need to send you a text message to confirm your identity.

Remember that you choose what you share and with whom you share it. Think before you post, especially if the information is sensitive or personal in nature. You can learn more about how to control your information on Facebook, including how to choose an audience for each and every post you make, in our Privacy Guide (http://www NULL.facebook NULL.com/privacy/explanation NULL.php)

In addition here are some known threats that you can find while using Facebook (Also directly from the Facebook Blog http://www.facebook.com/security?ref=blog#!/security?v=app_4949752878&ref=mf (http://www NULL.facebook NULL.com/security?ref=blog#!/security?v=app_4949752878&ref=mf) )

Spammy Wall Posts, Inbox Messages, and Chat Messages
When criminals gain access to a Facebook account, they usually post spammy comments on friends’ Walls, or send spammy messages through Inbox or Chat. These messages ask you to click on a link and often try to entice you by claiming there’s a new photo or video of you somewhere on the Internet that you need to check out. The link then takes you to a phishing (http://en NULL.wikipedia NULL.org/wiki/Phishing) site that asks you to enter your login information, or a malware (http://en NULL.wikipedia NULL.org/wiki/Malware) site that prompts you to download malicious software.
Don’t click on strange links in posts or messages, even if they’re from friends. If it seems weird for an old friend to write on your Wall or send you a message, it’s possible that the person’s account has been taken over by a spammer. Be particularly cautious of posts or messages that contain misspellings or use bad grammar.
Money Transfer Scams
Scammers sometimes post status updates, or send Inbox or Chat messages, from a friend’s account claiming that the friend is in some difficult situation and in need of money. These messages ask you to help by wiring funds through a money transfer service.
Never send money without first verifying the story through some other means, such as by talking to the person over the phone. If a friend’s account has been taken over, contact us (http://www NULL.facebook NULL.com/help/?faq=14257) so that we can block access. If you’ve sent money, report it to the money transfer service, and, if you’re in the United States, the Federal Trade Commission (http://www NULL.ftc NULL.gov/bcp/edu/pubs/consumer/alerts/alt034 NULL.shtm) or the Federal Bureau of Investigation (http://www NULL.ic3 NULL.gov/default NULL.aspx). You’ll find more tips and a complete transcript of a real conversation with a scammer here (http://www NULL.facebook NULL.com/note NULL.php?note_id=96651525765).
Fake Notification Emails
Spammers and scammers sometimes send phony emails that have been made to look like they’re from Facebook or another reputable website. These emails can be very convincing, and the “From:” field can even be spoofed to include “Facebook” or “The Facebook Team.”
If an email looks strange, don’t click on any of the links in it, and delete it from your inbox immediately. Be especially wary of emails that ask you to update your account, tell you to open an attachment, or warn you to act quickly before something happens.
Chain Letters and Messages from Phony Facebook Employees
You might occasionally see a status update or message making some claim about Facebook and urging you to take an action. Examples include:

Facebook is becoming overpopulated.

Facebook is going to start charging money.

Certain users have special access to profile information.

Facebook is selling your data.

Sometimes, these come from people claiming to be Facebook employees who then ask you to provide your password or other personal information.
If a status update or message doesn’t look right, don’t believe it. Disregard it, and tell your friends that it’s phony. If someone pretending to be a Facebook employee asks you for your password, don’t give it out, and report the person immediately by clicking the report link either on the message or the person’s profile.
For more information about Facebook site governance and privacy, check out these documents:
Facebook Principles (http://www NULL.facebook NULL.com/principles NULL.php)
Statement of Rights and Responsibilities (http://www NULL.facebook NULL.com/terms NULL.php)
Privacy Policy (http://www NULL.facebook NULL.com/policy NULL.php)
Suspicious Applications
Facebook has strict policies (http://developers NULL.facebook NULL.com/policy) for developers to help make sure that applications don’t misuse your data. While most applications play by the rules, you may occasionally come across one that doesn’t quite look right.
Use caution when interacting with applications. If you think an application is violating our policies, report it to us through the link on the application’s About page. You may also want to block the application by clicking the “Block” link on its About page.

Now that you have seen the information directly from Facebook let me add one more thing. I will acknowledge that having to chase down and fix computers for people who fall into the traps above (as well as other know internet virus/malware/rogueware traps) is job security. Seriously this is not the type of job security I had in mind.

Alert: Another Fake Email install Rogue Software (From Panda Labs Blog)

One of the biggest reasons why TechGeekandMore started came from how many customers I had (and still have) to visit every week to either clean Viruses of PC or (even worse) recover as many files as possible and then reinstall Windows. I wanted a way a to try and alert and educate my customers about how …..

- No African Prince was going give you millions

- Emails that say that they are from a friend or family with that weird looking attachment could actually be fake

- Hot College Girl……well this one just really doesn’t have much beyond “Don’t do it”.

ETC ETC ETC…….

In those lines a new email starting this week, that has only 1 goal, to trick you into downloading and installing some really nasty software (more of the fake antivirus software). This new email says that “You have received a postcard”……

The following information comes from PANDALABS blog ( http://pandalabs.pandasecurity.com/the-thousand-faced-rogue/ (http://pandalabs NULL.pandasecurity NULL.com/the-thousand-faced-rogue/))

******************************************************************************************************************

The Thousand-Faced Rogue

Mar 5

Posted on 03/5/10 by Olaiz (http://pandalabs NULL.pandasecurity NULL.com/author/olaiz/)

We want to inform you of a new flood of email messages that seem to contain a postcard but are actually distributing malware. Concretely, we’ve seen several thousands in a few hours.

It’s not the first time we see emails like this in circulation, as subjects like “You’ve received a postcard” are very recurrent.

The message is like the following:

postcardzip_en

The message seems to have been sent by a member of your family through a legal website to download and send postcards, so that users don’t suspect. In order to view the postcard, you have to open the attached file. It’s a file compressed with zip and if you run it, a rogueware program will be installed in your computer, which is different depending on the message and the operating system you have.

The following are some of the names of the fake antivirus that can be installed in your computer if you run this file:

% Antispyware 2010

Antivirus % 2010

% Guardian 2010

% Guardian

% Defender 2010

% Antivirus

% Antivirus 2010

% Antivirus Pro

% Antivirus Pro 2010

% Internet Security

% Internet Security 2010

where % stands for the operating system of the computer in which it is going to be installed. Some examples: XPAntispyware2010, Vista Guardian, Win 7 Antivirus Pro.

Let’s take as an example Antivirus XP 2010 and see the actions it carries out once it has been installed in the computer.

As every rogueware, it starts scanning the system to check if the computer is infected.

Once finished, it displays a list with the malware that has detected in your computer to make you believe that you’ve got a problem and that this program will offer you the solution:

AntivirusXP2010

However, all the malware it has detected makes reference to unexisting files, so the only threat you have is the own rogue.

Additionally, it prevents the execution of programs whose window title makes reference to the following programs:

Internet Explorer

Firefox

Several security suites.

When you try to run any of these, a message is displayed informing you that these programs are infected and recommending you to install the fake antivirus to solve the problem.

The following image belongs to the message that is displayed when Firefox is run:

Firefox_infected

It also contains code to uninstall different security solutions. This way, the computer would be unprotected and the real antivirus programs could not detect it.

Alert: BlackHat SEO attack targeting Google Nexus One (Updated) (From Panda Labs Blog)

From the Panda Labs Blog (BlackHat SEO attack targeting Google Nexus One (Updated) (http://pandalabs NULL.pandasecurity NULL.com/blackhat-seo-attack-targeting-google-nexus-one/))

A few days ago Google presented their brand new phone, called Nexus One:

And some days later we find out that if a user searchs for “buy Nexus One” he will obtain around 4,000 malicious links:

When clicking on any of these links, you will see some of the typical fake antivirus sites:

It will try to infect your computer with a rogueware called LivePcCare. Be careful while searching, and use at least some free web filtering tools (http://www NULL.mywot NULL.com/). (Like Web of Trust)

Update: 5 out of the 6 first results are malicious, including the 1st and the 2nd one.

Update 2: Now the same crew is using the Haiti earthquake

How to: What to do if you get a virus or malware via a pop up message

There have been many posts on TechGeekandMore concerning viruses, spyware, malware, and scareware. If you wonder why, its because as a tech, the number one question and the number one support call that I will take involves pc’s that have already been infected (because the user didn’t know any better) and what to do to clean up the pc.

Sometimes the infection isn’t really bad and a simple scan and delete will clean things up, other times, its a matter of recover/save what you can from the pc and format/reinstall everything (and yes that could mean saying goodbye to important documents or a long downtime). On top of everything else keep in mind that hiring someone like me to clean up your pc could cost $100 / HR or more, and in some cases it may be more cost effective to buy a new pc.

So where do we start, we start at a couple of common things that are DO’s and DONT

1) If your on any website and see a messages like the following

DO NOT CLICK ON YES OR OK, it is a trick used by the writer of the virus or malware (known as social engineering) to get you to install the malware or virus. Since the message will probably pop up as part of the page your on, you may just think that its a natural part of Windows and agree to it, at least that’s what the bad guy hopes you will believe.

Additionally, when online, DO READ WHAT THE POP MESSAGES SAY AND DONT JUST CLICK ON THEM TO GET THEM OUT OF YOUR WAY. ADDITIONALLY DONT BELIEVE EVERYTHING THAT POPS UP (I know this is a hard concept for most). The following are just some of the MILLIONS of possible messages that you could see

Now lets talk about how these happen, they can happen because the website your visiting has been infected by a virus. These days its not just pc’s that get infected it can also be websites both minor and major (Scareware Pop-Ups Target Google, New York Times (http://www NULL.waco NULL.bbb NULL.org/article/scareware-pop-ups-target-google-new-york-times-13118)), so DONT think that because the only sites you visit are major sites (Google, NY Times, Twitter, Facebook, etc) that your entirely safe. You MUST always stay alert.

What if you machine is under attack from a Virus or Malware

Take immediate action as soon as the message or popup comes up. The majority of viruses and malware is written in such a way that not only will your machine get infected, but the infection will go out to the internet (completely automatically) and download additional files and infections to reinforce itself. So the longer you take to address the issue the harder (and probably more expensive) it will be to clean your machine. Image your self getting the flu, you take care of yourself and in a few days your body recovers and everything is normal again. However, if you get the flu and ignore it and just let it continue without doing anything about it, you could get sick enough to end up in a hospital or even dead. (Sorry to make it so over dramatic, but really that’s what it boils down to).

As soon as you receive a one of these type of scareware/malware/virus pop up windows, you need to use the task manager to close whatever program your using to get to the internet (You should NEVER try and close the program with the ok or cancel button on the program as all the buttons no matter what they say will download unwanted files on to your pc). You can access the task manager 1 of 2 ways

Task Manager via Ctrl Alt Del key

Hold down ctrl, alt, and delete at the same time.

If your on WindowsXP you will see this box. Just select task manager.

If your on Windows Vista or 7, then you will see this window. Select Start Task Manager from here.

Task Manager via Right Click

Use an empty space on the task menu (that’s the bar on the bottom where you see your programs) right click, you will see Task Manager as a choice. Select Task Manager from there.

Once you have opened the Task Manager, you will see the following window.

From the applications tab you will see all programs that are currently running. You should highlight any program that is connected to the internet (Internet Explorer, Firefox, Chrome, etc and Anything email) and select End Task. You will be prompted with

and select End Now. Continue doing that until you remove everything that is connected to the internet.

Once you have closed the Window – what next?

This may take a little time, but its best to check you pc and make sure nothing stayed on it that shouldn’t be there. There are 4 things you need to do at this point.

Step#1 -

If you use Internet Explorer

Go to Tools –> Internet Options –> select delete in the browser history section and delete all

If your using Firefox

Go to Tools –> Options –> Privacy and select clear your recent history and remove individual cookies ( you may need to change the setting to remember history to get to the settings)

If you use any other browser look for the area to remove, cache, temp or cookies and remove all.

***Also make sure you empty your recycling bin.***

Step# 2-

If you don’t already have a copy on your pc, download Super Antispyware (LINK: http://superantispyware.com/ (http://superantispyware NULL.com/)) and install Super Antispyware. **There is a Free and Pro edition, all you will need is the free edition.**

- During the install you will see the following screens. Make sure you say YES to “Would you like Super Antispyware to check for the latest updates….” then select the default or recommended setting for the remaining screens. On the screen asking for email address you do NOT have to enter anything, you can just select the next button.

Once installed you will see the following screen, just make sure that the definition date (on the bottom right) is current (shouldn’t be more than a day or two old, if not click on check for updates) then select scan your computer (on top left)

You will then see

At which point, select all your hard drives and select “Perform complete scan” and hit next.

Once the scan completes,

You will see the list of items found. I would recommend that all shown items remain with checks and then select next.

The lastly once the clean up completes. You will be prompted to reboot. I recommend you close anything that is still open and select yes to reboot.

Step# 3

If you don’t already have Malwarebytes, download and install (LINK: http://www.malwarebytes.org/ (http://www NULL.malwarebytes NULL.org/)). **There is both a free and paid version, home users just need to get the free version.

– During the install you will see the following screens, you can select the default choices. Toward the end of the install you will see a choice for “Update Malwarebytes Anti-Malware” make sure you have a check next to that choice.

As soon as it is installed, you will see the following screen. Make sure to select “Perform full scan” and select all your drives and run your scan.

Once completed you will see a list of all items found. Select all and remove. Then reboot pc.

Step# 4

Lastly, whatever Anti-virus you have, make sure you update it to the latest updates or signature file (depending on which one you have) and run a full scan of all your drives. If it finds anything select removal and then reboot.

If you don’t have an Anti-Virus program or yours is expired, TGM recommends Microsoft Security Essentials which is free. (LINK: http://www.microsoft.com/Security_Essentials/ (http://www NULL.microsoft NULL.com/Security_Essentials/) )

I know this was a long post, but the steps listed above would be exactly the steps I would take if you called me (and probably most other techs) to take care of your pc. Hopefully this information helps you stay informed and helps you save a headache and some money in the future.

Software: What every Windows pc user should have installed to secure their pc – Part 1 Anti-Virus

I know we keep taking about malware and viruses and they are big issues (I know this because I spend a large part of every week cleaning clients pc’s of infections). Today I want to cover what you should have installed and what steps you should take on a regular basis to maintain your pc, so that it runs as you would expect it to.

1st Thing – A good Anti-Virus program

You would be surprised how easy this one is, yet how often I find this rule being broken (As I’m being paid $100 bucks an hour to clean up a mess). Your anti-virus program should be current and should be updated regularly. There paid programs from Symantec, McAffe, or CA (as well as many others) and Free versions from Avast or Microsoft (as well as many others). If you get a new pc you probably will get an Anti-virus program loaded, but that program may only be licensed for 90 days or 6 months or 1 yr, which means it will only update for that time frame and unless you pay to continue using it, you will no longer be protected from new viruses (There are literally 100’s of new Viruses every week). You should also check your anti-virus program on a regular basis, by opening it, and looking to see if it says that your “definitions status” is up to date and that it shows you as protected (Example below is from Microsoft Security Essentials).

You also need to make sure that your anti-virus software does not say that your “At Risk” or “Not Protected” You wouldn’t believe how many clients tell me “I have ant-virus installed, I didn’t know I had to update it”. I have even seen clients who are running anti-virus but get infected and when you look the A/V definition files they are from 2005 (that was the worst one so far and I just saw that in Aug. 2009).

Now the question I’m sure at least a few of you are asking is what should you use. Well here is current recommendations.

Paid for Products –

Norton Anti-Virus “Gaming Edition” (http://www NULL.symantec NULL.com/norton/norton-antivirus-gaming-edition). I know what it says “Gaming Edition” but from what I have seen, its the version from Symantec that is least likely to slow your computer down while still protecting you.

NOD32 Anti-Virus 4 (http://www NULL.eset NULL.com/products/nod32 NULL.php). In reviews NOD32 always seems to be the one to catch the most viruses.

Both Symantec (http://www NULL.symantec NULL.com/norton/theme NULL.jsp?themeid=trialware_nav2010&depthpath=0&header=0&inid=us_hho_downloads_navtrial) and ESET (http://www NULL.eset NULL.com/download/free_trial_download_eav NULL.php) have “trial versions” that you can download and install on your machine for free (trials are 30 days) so that you can see how they work and make sure that the software works on your pc without any conflicts.

As you will see I’m listing Anti-Virus versions, if you look at either of the Symantec (http://www NULL.symantec NULL.com/norton/index NULL.jsp) or ESET (http://www NULL.eset NULL.com/) you will also see listings for “Internet security” or “Smart Security” suites. In my opinion, I always recommend against a suite package, because you will pay a lot more to get some features you will probably not use, suites are more likely to slow your machine down since they will try and do more than you need (In my opinion its like getting a dead bolt for your door for the Anti-Virus software vs… having an armed guard standing in front of your door for the suite. Unless you live in a war zone I don’t think you need the armed guard). Additionally, there is always a chance that if malware does get in, and you have an end all – be all suite that your suite could be disabled by the malware killing all your protection at once. So I don’t believe in putting all your eggs in one basket. In Part 2 – I will talk about additional software to protect from other malware that is not covered in the Anti-virus software.

Remember with paid products, you have to pay for the product and will have to pay on a yearly basis to renew the license so that you can continue to get updates for the product. So it isn’t a 1 and done situation.

Free Products –

The fact that there are free Anti-Virus products out there means that you really have no excuse not to be protected. The main difference between the paid for products above and the free products I’m about to list involves support. If you pay for the product you will get various support options from the maker of the software, in case you have a problem or need assistance. With free products that support is a lot more limited and if you need assistance you will most likely need to turn to a knowledgeable family member, friend or a tech like myself for assistance. (Who doesn’t know a teenager they can turn to at a moment like that)

Microsoft Security Essentials (http://www NULL.microsoft NULL.com/security_essentials/). Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Avast! (http://www NULL.avast NULL.com/eng/download-avast-home NULL.html)Offers a free version for protection of your pc.

Both the Microsoft and Avast! software help secure your pc against threats online. The Microsoft product only has a free version, while Avast! has both a free and paid for product. (Full disclosure: I currently choose to protect all my pc’s with Microsoft Security Essentials)

Procedures -

If you use any of these 4 products you will have a line of defense against infections that travel in cyberspace, however remember some important steps.

You should only have 1 software product that includes auto-protect installed on your pc (one of the ones I list above or one of your choosing if you pick something else). You should never install more than one that includes auto protect because it will become self-defeating in that when you have more than one software installed with auto-protect, they will each think that the other is a virus and basically work on blocking each other.
You need to make sure that your choice of anti-virus software has auto protect turned on and that it has current definition files for your software choice.
Once a week – you should run a full scan of your computer with the all files selection on your scan. What I normally do is one night a week I leave my computer on running a scan as I go to bed. The next morning I just verify the results and if the results show any infection I can address it at that time. A full scan can take up to a couple of hours depending on how many files and how big your hard drive is.

Lastly and most importantly, follow safe computing practices when you are online.

1. Don’t open email attachments or click on links from emails; even if the email is from someone you know because there is a good chance that attachment and email was not actually sent by the person or the person who sent you the email clicked on a link they shouldn’t have and that email was automatically triggered. (Alert: Hiya:) Email – Just another attempt to get you to click on a link that you REALLY SHOULD NOT! (http://techgeekandmore NULL.com/2009/11/04/alert-hiya-email-just-another-attempt-to-get-you-to-click-on-a-link-that-you-really-should-not/))

2. Don’t download files from places you aren’t absolutely sure are safe. Think of this as the Halloween rule. Your kids go trick or treating and when they get home what do you do, you check the candy so that you make sure its safe before they get to eat any. In cyberspace you need to make sure you know from where you download, don’t just assume that because its in cyberspace its safe.

3. Update all your software regularly. This one takes a little bit of work. However, you need to make sure that your operating system (Windows, Mac, or even Linux) gets updates installed when released. The majority of the time these days, updates involve fixes to the operating system that protect you from something a bad guy is doing. In addition to the operating system, there are other programs on your pc, that need updating regularly to make sure that the bad guys don’t use those to get into your pc. Programs like Adobe Acrobat, Adobe Flash, Adobe Shockwave, Real Player, Apple QuickTime, Microsoft Office (and others) all have updates released on a regular basis to correct issues that a bad guy can use to get in. When its a program that needs an update, image your house as your operating system, you lock your door, and your secure, however the other programs are your windows to your house, and well whoops you forget to lock your window. Guess what the bad guys can still get in. All these updates help make sure that your Doors and Windows (No pun intended to Microsoft products) all remain locked to cyber space.

**Coming up in part 2 – We will cover your 2nd layer of defense and what programs you will need for that.

Alert: Hiya:) Email – Just another attempt to get you to click on a link that you REALLY SHOULD NOT!

I’m not sure how many times I have said “Be careful with messages (Instant Message, Email, Facebook, etc) don’t trust them even if they say they are from someone you know”. The following email is supposed to be from a family member** of mine. I talked to them about the email and they didnt realize that when they received the email from someone they knew and clicked on the link in the email that the email had automatically forwarded itself, even making it look like the family member was the one sending it. (**I did ask for permission from this relative prior to using his email)

Malware writers have been using these social engineering tricks for years in an attempt to get people to drop there guard and click on email links or download attachments. In real life, we hear news stories of bad guys dressing up as city employee’s or law enforcement and then tricking home owners into letting them in, where the bad guys then proceed to steal from the home owner (Here is a release by the Chicago Police Department concerning crooks who use fake uniforms for access http://www.chicagopolice.org/MailingList/PressAttachment/YourCastle.pdf (http://www NULL.chicagopolice NULL.org/MailingList/PressAttachment/YourCastle NULL.pdf)). This email (and those like like it) can be considered the cyber equivalent of the fake cop or fake city worker.

In real life we understand that if you aren’t expecting the gas company or phone company and someone shows up at your door asking to check something in your home, that you question them, check there uniform, ID, see if they have a company vehicle, and even call the business that they are claiming to be from to make sure that the person at your door is actually from where they say they are. In cyber space, it seems because no one really understand how things work (TGM is working hard to change that), that most people just assume if it has someone’s name on it that they know that “it must be from them”. Well Nope and lets go over a few things in this email that clearly show it wasn’t from my relative –

“To:” – Its not addressed to me, since To: is blank even though it is supposed to be an email from someone I know to me.
“Was bored so planned to write you” – I know my relative and there are 2 points here.

1 – He knows English and knows how to write in complete sentences
2 – He would not say something like “Was bored so planned to write you”.

“i’m pretty sure your gonna smile after checking it…….:) ” – I know my family member, if they were going to send me a link or attachment would say something about it and try and explain what it is they are sending me, not just tell me hey check this out.

“It’s easy, secure and free / Try it now” – Again what am I trying. Would you go to a store and my a food product without a label to tell you what it is, simply on the idea that its a food product in a store, so it must be good? I dont think you would (would you?)

“Yours Truly” – This is supposed to be a family member, that a little formal dont you think?

Ok with that being said, again as always, in cyberspace act the same as you would if you were somewhere outside of your home in real life, pay attention to your surrounding, and for pete-sake if you run into someone on a street corner selling you Jack’s Magic Beans, dont buy them.

Alert: Email Claiming to be a Facebook Password Reset Confirmation is a Trojan

Another email is now circulating claiming its from Facebook and claiming that your Facebook password has been changed and that your new information is on an attachment in the email. The email looks something the following

Hey (Insert you name here),

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

The attachment is actually carrying an updated version of the Bredolab Virus. If you happen to open and download the attachment (which you shouldn’t do), then what will happen is the Bredolab will automatically download and install really bad programs from the internet. Bredolab is basically the trigger that opens the door to your pc, so that other files can download and install themselves, files like rogue anti-spyware programs that continuously keep popping up telling you that you are infected, and other programs that all the bad guys to basically take over your pc. The easiest way to image this is imagining that someone breaks into your home to steal, and not only do they take your property but they also manage to take a key to your front door so that they can keep coming back anytime they like.

Bredolab is considered a Trojan horse and is smart enough to modify legitimate windows processes svchost.exe and explorer.exe plus have the ability to quit itself when it senses that something is scanning it, so that finding it can be made very difficult.

As always remember that even if you do change your password that Facebook (or any other site for that matter) would not send you account information in an email attachment.

Alert: Another attempt to trick you into installing Fake/Rogue Anti-Virus software

The bad guys are at it again, attempting to trick users to install another version of fake/rogue Anti-virus software. This time they are going back to a classic format, email. Emails are now circulating that claim to be from the “Microsoft Windows Computer Safety Team” and look very legitimate, I have seen a couple in my own email. The emails (example below) claim that Conflicker is back and is infecting pc’s and that Microsoft received a notification from your internet provider and is sending you a “fix” to clean your machine. The “fix” is actually Antivirus Pro 2010, one of the many scareware files that Tech Geek and More has talked about in the past (http://techgeekandmore.wordpress.com/category/spyware/ (http://techgeekandmore NULL.com/category/spyware/)).

Please be aware that Microsoft (or any other software company) does not just randomly send out emails asking you to install things or asking for your information. Microsoft uses its many software pages like Bing.com or MSN.com (http://www NULL.msn NULL.com/) or Microsoft.com if it wanted to pass along an official notice, and it uses Windows update service (http://windowsupdate NULL.microsoft NULL.com) (Windows Update.Microsoft.com (http://windowsupdate NULL.microsoft NULL.com) for users of XP or earlier, built into Windows for Vista and Win7 users) for its downloads. It would never just randomly send you a file to install.

*******Example of Letter not from Microsoft************

“Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

**********************************************

I have highlighted (In Bold) some of the clues in the email that should tell you that this is a fake
Date: 18/10/2009 – This is not U.S. Standard

Microsoft has been advised by your Internet provider that your network is infected – When Microsoft is advised by its partners or even by technology geeks in the general public who find ways that a Microsoft Product can be exploited, they issue press releases thru the media or thru there own web pages (as noted above) and all fixes are issues there Microsoft sites for all users of the affected Microsoft Product.

We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus. – Again Microsoft would never do this as this would be the most counter productive measure, most people have more than 1 email address and many don’t use the email provided by the internet provider (How many of you use @Comcast or @Fios email versus @Hotmail or @Gmail), how do you think Microsoft would actually know what emails to use.

Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division – At least in my email conversations with Microsoft, the name of the person sending me the email appears in the signature. Additionally, if you do a search online for the “Microsoft Windows Computer Safety Division”, you will find that Microsoft does not have a division by that name.

(Soapbox) The bottom line, is that its up to you the user to USE YOUR BRAIN when your online. When you go out, you make sure you lock your door, set your home alarm, set your car alarm, pay attention to your surroundings when you go to a public place, you don’t just leave your wallet or purse on a table or counter in a restaurant or store (or at least I hope you don’t). In cyberspace just because you are not physically there, doesn’t mean that you don’t need to take the same precautions than what you do in real life. (End of Soapbox)

Tech: From CNN – don't Click on that! Story about online privacy (Recommended Reading)

This is a little late of a post but I just saw it. CNN has a story on its technology page that talks about how cyber Criminals can get your identity. The story which can be found at Will your privacy be compromised online? (http://www NULL.cnn NULL.com/2009/TECH/09/28/online NULL.security NULL.tactics/index NULL.html) talks about how

“The 2010 Census is nearly under way, but don’t expect an e-mail from the U.S. Census Bureau asking you personal questions in its head count of America.”

“The Census Bureau stresses that it will not request personal information from you via e-mail, such as PIN codes, passwords, Social Security numbers, credit-card numbers or other financial account information.”

“To protect their privacy online, computer users need to stay informed about the criminals’ methods and to learn basic principles of caution.”

The full story is at http://www.cnn.com/2009/TECH/09/28/online.security.tactics/index.html (http://www NULL.cnn NULL.com/2009/TECH/09/28/online NULL.security NULL.tactics/index NULL.html)

UPDATE: Windows Live Credentials exposed – Microsoft Investigating.

Microsoft has a post concerning the Windows Live ID’s that were exposed in the past few days.

From the Windows Live Blog http://windowslivewire.spaces.live.com/blog/cns!2F7EB29B42641D59!41528.entry?wa=wsignin1.0&sa=363915619 (http://windowslivewire NULL.spaces NULL.live NULL.com/blog/cns!2F7EB29B42641D59!41528 NULL.entry?wa=wsignin1 NULL.0&sa=363915619)

*******************************************************

10/5/2009

Update: Phishing scheme affecting some Hotmail customers

As of 3pm PT: We want to provide a quick update, that as a result of our investigation we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.

If you believe your information was documented on the illegal list, please fill out the following form (https://support NULL.live NULL.com/eform NULL.aspx?productKey=wlidvalidation&ct=eformcs&scrx=1) to reclaim access to your account.

—

Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.” If you believe you’ve been a victim of a phishing scheme, it’s very important that you update your account information and change your password as soon as possible. More information on what to do is available on this page (http://windowslivehelp NULL.com/solutions/accounts/archive/2008/10/25/what-to-do-if-you-think-your-accounts-been-stolen NULL.aspx) at our support community.

Microsoft recommends customers use the following protective security measures:

Renew their passwords for Windows Live IDs every 90 days
For administrators, make sure you approve and authenticate only users that you know and can verify credentials
As phishing sites can also pose additional threats, please install and keep anti-virus software up to date

Answers to a few general questions about phishing scams

Q: What should you do if you fall victim to a phishing scam? How should you respond? What steps should you take?

A: If you think that you may have responded to a phishing scam with personal or financial information or entered this information into a fake website, you should take four key steps: (1) report the incident to the proper authorities, (2) change the passwords on all your online accounts, (3) review your credit reports and your bank and credit card statements, and (4) make sure you are using the latest technologies to help protect yourself from future scams.

For the first step:
- If you have given out your credit card information, contact your credit company right away. The sooner a company knows your account may have been compromised, the easier it will be for them to help protect you.
- Next, contact the company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received. Or call the organization’s toll-free number and speak to a customer service representative. For Microsoft, call the PC Safety hotline at:
  1-866-PCSAFETY.
- Then, report the incident to the proper authorities. Send an e-mail to spam@uce.gov (spam null@null uce NULL.gov) to report it to the Federal Trade Commission and to reportphishing@antiphishing.org (reportphishing null@null antiphishing NULL.org) to report it to the Anti-Phishing Working Group.
The second step is to change the passwords on all your online accounts. The reason for this is that a lot of people use the same password for multiple accounts. Start with passwords that are related to financial institutions or personal information. If you think someone has accessed your e-mail account, change your password immediately. If you’re using Hotmail, go to: http://account.live.com (http://account NULL.live NULL.com).
The third step is to review your bank and credit card statements and your credit report monthly for unexplained charges, inquiries or activity that you didn’t initiate.
Finally, make sure you use the latest products, such as anti-spam and anti-phishing capabilities in e-mail services, phishing filters in Web browsers and other services to help warn and protect you from online scams.

Q: How can I recognize an e-mail scam?

A: There are several signs you should look for to identify a phishing e-mail: (1) Does it ask you to send your personal information? (2) Is it poorly worded or does it have typos? (3) Does it contain convincing details about your personal information? (4) Does it use phrases like “verify your account” or “you’ve won the lottery?”

Any e-mail asking for your name, birth date, social security number, e-mail username, e-mail password, or any other type of personal information, no matter who the e-mail appears to be from, is almost certainly a scam. Microsoft and most other businesses do not send unsolicited e-mail requesting personal or financial information.
E-mails that are poorly worded, have typos, or have phrases such as "this is not a joke" or "forward this message to your friends" are generally scam e-mails.
Phishing mail often includes official-looking logos and other identifying information taken directly from legitimate Web sites, and it may include convincing details about your personal information that scammers found on your social networking pages.
A few phrases to look for if you think an e-mail message is a phishing scam are:
- "Verify your account."
- "If you don’t respond within 48 hours, your account will be closed."
- "You have won the lottery.”

Q: What should people do if they think they have received a phishing e-mail?

A: If you think you may have received a phishing e-mail, you should take three steps: (1) take some time to check up on it and do not click on a link or give out your personal information, (2) make sure you have created a strong password for your account and (3) report the phishing scam.

The most important thing to remember is do not click on the link or give out your personal information. It is possible for your computer to become infected with malicious software simply by visiting a phishing site – without you even realizing it. If you receive a questionable e-mail, take some time and check up on the information. Often sites like snopes.com list common e-mail scams. Go to that website of the company you r
eceived the e-mail from and contact their customer service reps via phone or online to verify the validity of the e-mail.
Another thing you should do is create a strong password for your e-mail account by using more than 7 characters and having a combination of upper and lower case characters, numbers, and special characters, like the @ or # symbols. It’s also a good idea to change your password on a regular basis. The next time you change your Hotmail password, you can check “make my password expire every 72 days” to remind you to change it.
Finally, help us identify new scams. If you use Hotmail and received a phishing e-mail, you can select the dropdown next to "Junk,” and select "Report phishing scam.” Whatever you do, do not reply back to the sender. You should also report phishing scams to the Anti-Phishing Working Group by e-mailing them at reportphishing@antiphishing.org (reportphishing null@null antiphishing NULL.org).

Q: How common is this scam?

A: The most recent version of Microsoft’s Security Intelligence Report (Volume 6) shows that more than 97 percent of e-mail messages sent over the Internet are unwanted: They have malicious attachments, are phishing attacks, or are spam.

Q: Is Microsoft taking any proactive steps to prevent this from happening?

A: To help protect people from phishing attacks, Microsoft is providing education and guidance to customers, collaborating with other technology leaders, businesses and governments and supporting law enforcement actions against phishers.

We provide guidance and information to customers about how to stay safe online at www.microsoft.com/protect (http://www NULL.microsoft NULL.com/protect) and work with others in the industry and governments to educate people on online threats and safety tips.
From a technology perspective, because so much phishing comes from spammers, our Hotmail spam filter, called SmartScreen, blocks over 4.5 billion unwanted e-mails per day by distinguishing between legitimate e-mail and spam.
The Microsoft Phishing Filter, which is free as part of Internet Explorer 7, Internet Explorer 8, Windows Vista and as an add-on for the Windows Live Search Toolbar, also helps protect people from phishing attacks by identifying suspicious or confirmed phishing sites and warning customers before they reach them.
Law enforcement also plays a big role here. Microsoft has supported 191 enforcement actions against phishers worldwide. These include civil lawsuits filed by Microsoft, as well as civil and criminal actions by international government and law enforcement agencies for which Microsoft made referrals and subsequently provided support.
Microsoft is a founding member of the Anti-Phishing Working Group, a cross-industry association focused on preventing phishing. Microsoft also actively participates in DigitalPhishNet, an alliance between law enforcement and industry leaders in a variety of sectors, including technology, banking, financial services, and online auctioneering. The group is focused on assisting law enforcement in apprehending and prosecuting those responsible for committing crimes against consumers through phishing.

Tech Geek and More

Technology Explained for All

Category Archives: Phishing Attacks