" />

Tech Geek and More

Technology Explained for All

Sponsor Ad IDrive Remote Backup

Tag Archives: Fake email malware

Alert: Another Fake Email install Rogue Software (From Panda Labs Blog)

     One of the biggest reasons why TechGeekandMore started came from how many customers I had (and still have) to visit every week to either clean Viruses of PC or (even worse) recover as many files as possible and then reinstall Windows.  I wanted a way a to try and alert and educate my customers about how …..

- No African Prince was going give you millions

- Emails that say that they are from a friend or family with that weird looking attachment could actually be fake

- Hot College Girl……well this one just really doesn’t have much beyond “Don’t do it”.

ETC ETC ETC…….

     In those lines a new email starting this week, that has only 1 goal, to trick you into downloading and installing some really nasty software (more of the fake antivirus software).  This new email says that “You have received a postcard”……

The following information comes from PANDALABS blog ( http://pandalabs.pandasecurity.com/the-thousand-faced-rogue/ (http://pandalabs NULL.pandasecurity NULL.com/the-thousand-faced-rogue/))

******************************************************************************************************************

The Thousand-Faced Rogue

Mar 5

  • Posted on 03/5/10 by Olaiz (http://pandalabs NULL.pandasecurity NULL.com/author/olaiz/)

We want to inform you of a new flood of email messages that seem to contain a postcard but are actually distributing malware. Concretely, we’ve seen several thousands in a few hours.

It’s not the first time we see emails like this in circulation, as subjects like “You’ve received a postcard” are very recurrent.

The message is like the following:

postcardzip_en

The message seems to have been sent by a member of your family through a legal website to download and send postcards, so that users don’t suspect. In order to view the postcard, you have to open the attached file. It’s a file compressed with zip and if you run it, a rogueware program will be installed in your computer, which is different depending on the message and the operating system you have.

The following are some of the names of the fake antivirus that can be installed in your computer if you run this file:

% Antispyware 2010

Antivirus % 2010

% Guardian 2010

% Guardian

% Defender 2010

% Antivirus

% Antivirus 2010

% Antivirus Pro

% Antivirus Pro 2010

% Internet Security

% Internet Security 2010

where % stands for the operating system of the computer in which it is going to be installed. Some examples: XPAntispyware2010, Vista Guardian, Win 7 Antivirus Pro.

Let’s take as an example Antivirus XP 2010 and see the actions it carries out once it has been installed in the computer.

As every rogueware, it starts scanning the system to check if the computer is infected.

Once finished, it displays a list with the malware that has detected in your computer to make you believe that you’ve got a problem and that this program will offer you the solution:

AntivirusXP2010

However, all the malware it has detected makes reference to unexisting files, so the only threat you have is the own rogue.

Additionally, it prevents the execution of programs whose window title makes reference to the following programs:

Internet Explorer

Firefox

Several security suites.

When you try to run any of these, a message is displayed informing you that these programs are infected and recommending you to install the fake antivirus to solve the problem.

The following image belongs to the message that is displayed when Firefox is run:

Firefox_infected

It also contains code to uninstall different security solutions. This way, the computer would be unprotected and the real antivirus programs could not detect it.

Alert: Another attempt to trick you into installing Fake/Rogue Anti-Virus software

microsoft The bad guys are at it again, attempting to trick users to install another version of fake/rogue Anti-virus software.  This time they are going back to a classic format, email.  Emails are now circulating that claim to be from the “Microsoft Windows Computer Safety Team” and look very legitimate, I have seen a couple in my own email.  The emails (example below) claim that Conflicker is back and is infecting pc’s and that Microsoft received a notification from your internet provider and is sending you a “fix” to clean your machine.  The “fix” is actually Antivirus Pro 2010, one of the many scareware files that Tech Geek and More has talked about in the past (http://techgeekandmore.wordpress.com/category/spyware/ (http://techgeekandmore NULL.com/category/spyware/)). 

     Please be aware that Microsoft (or any other software company) does not just randomly send out emails asking you to install things or asking for your information.  Microsoft uses its many software pages like Bing.com or MSN.com (http://www NULL.msn NULL.com/) or Microsoft.com if it wanted to pass along an official notice, and it uses Windows update service (http://windowsupdate NULL.microsoft NULL.com) (Windows Update.Microsoft.com (http://windowsupdate NULL.microsoft NULL.com) for users of XP or earlier, built into Windows for Vista and Win7 users) for its downloads.  It would never just randomly send you a file to install.  

*******Example of Letter not from Microsoft************

“Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your  prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

**********************************************

     I have highlighted (In Bold) some of the clues in the email that should tell you that this is a fake
Date: 18/10/2009 – This is not U.S. Standard

Microsoft has been advised by your Internet provider that your network is infected – When Microsoft is advised by its partners or even by technology geeks in the general public who find ways that a Microsoft Product can be exploited, they issue press releases thru the media or thru there own web pages (as noted above) and all fixes are issues there Microsoft sites for all users of the affected Microsoft Product.

We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus. – Again Microsoft would never do this as this would be the most counter productive measure, most people have more than 1 email address and many don’t use the email provided by the internet provider (How many of you use @Comcast or @Fios email versus @Hotmail or @Gmail), how do you think Microsoft would actually know what emails to use.

Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division – At least in my email conversations with Microsoft, the name of the person sending me the email appears in the signature.  Additionally, if you do a search online for the “Microsoft Windows Computer Safety Division”, you will find that Microsoft does not have a division by that name. 

        (Soapbox) The bottom line, is that its up to you the user to USE YOUR BRAIN when your online.  When you go out, you make sure you lock your door, set your home alarm, set your car alarm, pay attention to your surroundings when you go to a public place, you don’t just leave your wallet or purse on a table or counter in a restaurant or store (or at least I hope you don’t).  In cyberspace just because you are not physically there, doesn’t mean that you don’t need to take the same precautions than what you do in real life. (End of Soapbox)

Google Ads
View in: Mobile | Standard