Virus threats, E-mail and phishing scams !!

Original post date: 3/4/07 at 9:07 am (on an other forum)

With the new year in full swing, I wanted to give you all a head's up on some of the most recent virus threats that have been lingering around. Now, if you have an antivirus program installed on your computer, you should be just fine. You are probably not at risk with any of these, but it never hurts to know the information that lies behind them. If you agree, continue reading!

The first one is called SpyLax and it is a virus that hinders a computer from detecting threats. It was discovered on January 10, 2007 (just this last Wednesday). The next goes by the title of W32.Mytob.RD@mm. This one is a mass mailing worm that takes advantage of computers that are protected with weak passwords. This was also found on January 10, 2007. Another found on the same date is W32.Kakavex. This threat acts as a file inspector, but instead spreads itself through executable files. It is also known to steal credit card information. The next one is called CurePCSolution and it was detected on January 9, 2007. This one also limits the detection of threats on a computer.

Trojan.Schoeberl.E is a Trojan horse that automatically lowers a computer's security settings, among other things. This was also found on January 9, 2007. On the same date, W32.Fujacks!gen was discovered. It falls into the same family as the W32.Fujacks threats. The next three go under the name of Bloodhound.Exploit (115, 116 and 117) and they were all found on January 9, 2007 as well. These are all triggered by opening certain HTML files, e-mails or XLS files.

Those are just a few of the latest threats that have come to the attention of antivirus companies in the last few days. They all have been taken care of for the most part, but if you want more information on any of them, you can find that by searching for their names in any search engine. Now, go stay safe!

Original posting date 3/4/07 at 9:08 am

The Storm Worm

News Alert: 230 Dead As Storm Batters Europe

Or, at least, that’s what one of the latest subject lines of a new worm that, according to F-Secure, is battering the shores of the Internet. I have received mixed reports on the actual widespread damage that this is actually causing, but it is a threat nonetheless and it’s my job to keep you all informed.

The Storm Worm, Small.DAM and W32/Nuwar worm are using current news topics as the "hook" in e-mail subject lines to lure unsuspecting users into opening the .exe payload attachments. Subject lines, such as one of the following, have all been used:

* “A Killer at 11”
* “He's free at 21"
* "British Muslims Genocide"
* "Naked Teens Attack Home Director"
* "U.S. Secretary of State Condoleezza Rice Has Kicked German Chancellor Angela Merkel"
* “Castro is Dead”

Attached to these enticing e-mails are executable files with titles that seem to further the facade with promises, such as a “Live Video,” “Full Clip" or "Full Story.” You get the point and hopefully, you know these attachments are the viruses. The virus opens a back door, allowing remote access to your system for unwanted and unknown uses.

The worm also installs a rootkit, which if you're not familiar, is a type of virus that installs to the kernel of the operating system and hides certain files so they can go on working undisturbed and un-noticed. The infected machine also becomes a zombie in a botnet network of infected PCs that work together for a common purpose. In most botnets, the PCs communicate with one central server, which if located and dismantled, will render the botnet useless.

In the case of the Storm Worm, the bot network is more peer to peer in nature with no centralized server. This creates new problems in stopping the network, if discovered, because if some of the machines are disabled, the network can cut its losses and continue with the mission. Another unique characteristic of the Storm Worm’s networking is the subset of IP addresses that it has. In order to cover its trail, the infected PCs do not contain a list of all the IP addresses of the PCs in its botnet, but rather, a limited number of 30 to 35 or so. This keeps the botnet, if discovered, from revealing too much about the other machines and the network in general so that the rest of the undiscovered network is safe.

In addition to this, the botnet also is a very motivated updater. In some cases, receiving more than an update an hour. Geesh! That could be a problem for antivirus companies to try and come up with virus signatures.

Well, so far, this seems like a threat. It's almost like an uber virus. It has a solution to all of our conventional practices that can stop such a threat. I don’t think this is entirely true though. There is one huge oversight that the creators of the Storm Worm, in my opinion, have failed to notice and this is the reason some security experts are saying the home users, not the corporate world, will see more damage from this viral attack. The reason is simple. It is an executable file attached to an unsolicited e-mail from an unknown source, which means what?

It means, under no circumstance, should it ever be opened. This is the oldest trick in the virus book and you all should know better. In addition to this, most ISPs and Webmail providers are going to scrutinize an executable attachment sent in an e-mail.

This means it always comes back to fundamentals. Don’t open attachments that you don’t expect and you should be safe. If you do, for some reason, download them, scan them before opening them with your installed antivirus program and you should be good to go.

If you do see something interesting in the subject line and are intrigued to the point of insanity, open up a Web browser and do a search for the topic and read it outside of your e-mail.

If you do find that you have been infected, the best thing to do at this point is to go to your antivirus vendor's Web site and look up the threat. You may be able to do an online scanner or some other procedure to remove the virus from your system.

That's all I have for you today. Until next week, stay away from those attachments!

Original Posting date: 3/4/07 at 9:09 am

date: 31-01-2007

Faulty Word Attachments

Microsoft is at the bad end of yet another Zero-Day flaw, bringing the total to five unpatched vulnerabilities in almost 60 days. Security companies of Symantec and Secuna have reported the security hole that could allow attackers control of your system by simply opening an infected MS Word document. The vulnerability has even earned itself a "highly critical" rating, which is the highest level a security threat can get. In other words, this is serious.

The flaw is actively being exposed by attackers who are feverishly attempting to infect as many PCs as possible by sending out spam e-mails that contain infected Word documents. If this specially crafted Word document is opened by a user, it will introduce a Trojan called Trojan.Mdropper.W to the system. It will then install silently in the background, allowing remote control of the infected system.

The attacks are not limited to e-mail attachments either. A user can also be infected by visiting a Web site that opens one of these infected Word documents, resulting in the same remote code execution.

I guess the one good thing that you could say about this particular vulnerability is the fact that this particular vulnerability only affects Word 2000. Also, the attacks are actually easy to stop. Since the virus takes advantage of a bug in MS Word, all you have to do is stop opening Word documents from unknown sources or unexpectedly from known sources. You can’t be infected if you don’t open the document. And that's all I have for you today.

Until next week, stay safe out there!

Originally posted on 3/4/07 at 9:09 am

February Security Advisory

The Storm Worm is back and this time, it’s an all out war. A couple of weeks back, I wrote an article describing some new Trojans that carried a subject line regarding a huge storm battering the shores of Europe. The Worm was unique in a few ways that made it extremely difficult, if not impossible, to track down or shut down.

The new Storm Worm or Peacomm, as it is called, is a different animal, as far as the avenue of attack. But, other than that, it's business as usual. Instead of catchy, hard to ignore e-mails, the new attack takes advantage of some of the more popular instant messengers out there. Google Talk, AIM and the Yahoo! Messenger are being targeted, in particular. This evolution of the Storm Worm is very subtle in its attempts to capture unsuspecting systems. Now, it doesn’t broadcast its content via spam, but instead, it injects a message along with a URL into another already open chat window. It inserts something like a message with a smileycon and a URL. This could then intrigue and ensnare any curious individual or someone who may be engaged in a text message and might not think twice about interacting with it.

As with its predecessor, the thing that really makes this virus stand out is the way in which it handles its prey. An infected machine will become a zombie in a botnet where the successful attacker can then do what they want with your machine. The botnet is built using the P2P technology, which has no central server. It’s like the PCs that are infected are part of the botnet and they all act collectively as one. If one unit is taken out, the network simply cuts its losses and carries on with the mission. This lack of static central control also creates huge obstacles for forces attempting to stop these types of attacks.

If you are someone who likes to use their instant messenger, then I would take some extra precautions until this threat is under control. For instance, most antivirus solutions today have settings that pertain directly to instant messengers. Familiarize yourself with this component and how it works. I would also highly suggest not linking out to any URLs that come from your instant messenger, especially if they seem to come out of nowhere. If you do need/want to open a link from your instant messenger, make sure the other person you're talking to did actually send the attachment.

Valentine’s Day Spam

Well, you should know it’s coming. It’s a holiday and this is the stuff hackers love. To them, any reason is a good reason to send out viruses. Security companies of Sophos and Panda have shown interest in this particular crop of spam appearing, using the romantic holiday as its invitation. There are some new threats out there that have received some pretty high security ratings from both of these security companies. Nuwar.D and Nurech.A are two such worms making some waves. These, at the moment, are the prevailing holiday threats, with subject lines that read like a box of candy hearts. They say things like “We’ll be together until the end” and “I love you.” Both worms carry attachments that are in the .exe format and they should be easy to spot. Also, it goes without saying, please stay away from any e-mails you don’t expect with attachments, regardless of how much you want to be loved. I guess I could say love is a battlefield, but I won’t! : )

Microsoft Patch Tuesday

I also wanted to remind everyone about the Microsoft patch on Tuesday, which was yesterday. So, you may want to run an automatic update if you didn’t notice your Windows updating on its own. You should also be able to use the Security Baseline Analyzer to see where your system stands, as far as needing to be updated.

stay safe out there!

Originally posted on 5/4/07 at 3:22 am

MatrixHasYou

Even though you may not want to, I'm sure you can guess by the title that this tip is going to be about a type of Trojan virus that is making its rounds these days. This Trojan actually made its debut in December of 2006, but it's still causing a lot of problems, so I thought I would inform you all about it today. The full name of this one is Win32.Trojan.MatrixHasYou and it is found specifically in the Ad-Aware SE adware removal program.

By definition, the MatrixHasYou Trojan is a set of downloaders, mail spam bots, rootkits, fake alerts and desktop hijackers. So, if you're having any trouble with your computer freezing up or if certain things are multiplying themselves, you may be under the attack of the MatrixHasYou virus. Also, keep in mind that this one does come with the risk of downloading other malware, such as Pesttrap.

To get rid of this, be sure to run your Ad-Aware scans and always update your definitions when you do so. Updates are always readily available for Ad-Aware SE and those should help take care of it. Now, if you're still having trouble with this after you do all of that, there is some information online that may help you in getting this threat off your computer. Just search for it by name with your favorite search engine and that should answer all of your questions. I just wanted to give you some basic information about it first so you could prepare yourself. Hope you find this helpful!

Originally posted on 18/4/07 at 2:28 am

Riding Out the Storm

Well, it’s been a couple of months now and the Storm Worm that took over the Internet like a hurricane is back, sending wave after wave of attacks on unsuspecting end users.

Wave one was a hailstorm of e-mails sent out that referenced “Love“ or something romantic in the subject line, in order to entice users into opening the e-mail. The sheer numbers of the spam mail tripled to be the second highest e-mail threat in 12 months, with about six million e-mails sent out after the dust had settled. This particular e-mail threat is a little on the lame side and in most cases, could be scuffed off as an obvious ploy to get a reader to open the message. This is just phase one of the attack though, which in many security experts' opinion, could help set up the second wave of the attack by giving it a false sense of validity.

Wave two consisted of sending out e-mails with “Virus Alert!” or something similar in the subject line. The e-mail also contained a zip file attachment that claims it is the fix or update that will get the virus you have on your system off. So, basically, the e-mail is trying to convince the reader that they are already infected and this attachment is the only way to get rid of it. In the body of the e-mail, there is a password. This is used to apparently unlock the “fix,” allowing you to open and install it. Of course, if you do open the zip file, chances are, if you weren’t infected before, you are now.

If you remember the Storm Trojan, it is a nasty and clever customer that pioneered new methods of infecting a user's PC. It came with well thought out strategies to stay concealed as well. Now, technology is in place to cover its tracks on the local machine, thanks to the installation of a rootkit, which has the ability to cloak all of the virus’ activity. The Storm Trojan also has the ability to turn off your local security measures, which further masks itself and the activities that it's maliciously conducting on the infected machine. After the initial infection, the virus will attempt to connect to a P2P network to update itself and to upload any information it has aggregated by going through the user's hard disk drive(s). Of course, the Storm Trojan also scans your hard drive for any e-mail addresses it can send itself to, in order to propagate. And last, but definitely not least, there's the fact that your infected PC is now a zombie machine and part of a bot network, just waiting for orders.

Between the mass mailing of this and another e-mail message using the Storm Worm with subject lines, such as "Missile [sic] Strike: The USA Kills More Than [sic] 20,000 Iranian Citizens," "USA Declares War on Iran" and "USA Just Have Started World War III," this has been the most active week in 12 months for e-mail born attacks. This comes after I have said in more than one of my recent security articles that we are seeing a serious decline of these types of attacks. Well, I guess it was the calm before the storm. Thank goodness the taste of my shoes doesn’t bother me too much!

Well, with the attack occurring over last weekend and early this week, the attack is a couple of days old now and anti-security companies have, for the most part, come out with the necessary updates to protect your system. (Keep in mind that they only work if you update your antivirus software). That, along with the fact that no matter what an e-mail subject line says, our readers should know to never open e-mails that seem strange, especially if they're from someone you don't know or if they have an attachment. Bet you didn’t see that coming, did you?!

So, remember to update, update and update some more. And please, don’t open unknown e-mails, especially any with attachments. If you follow those rules, you should be just fine.

Originally posted on 18/7/07 at 9:50 am

New Virus: "Robot"

Yes, unfortunately it's true. Another virus has been discovered and it is quickly working its way around the Internet these days. The name of the virus is "Robot" and it looks as if this one has perfected the use of trickery. The virus comes in through an e-mail, with the scammers conning you into thinking they're going to help you, but they actually infect you instead. Keep reading for more details on this!

The e-mail you might see says something about a robot detecting abnormal activity from your IP address when you're sending out e-mails. It then goes on to say that this is probably happening because of another virus and they offer you a patch to install. The patch will supposedly remove the virus files and stop any further "bad" e-mails from going out. They then tell you that if you don't get the patch, your account will be blocked and you won't be able to send any e-mails at all.

Once you install the patch, a Trojan then installs itself into your Windows system folder under the name of "windev-72b5-203e.sys." The Trojan virus has also been found under other names, including Trojan.Packed.13, W32/Nuwar@MM, Worm:Win32/Nuwar.JT and Mal/Dorf-A. Now, as you can see, this scam is perfect, because when most people are told they're infected with a virus, they do whatever they can to get rid of it. That is, despite the fact they may be hurting themselves even more in the end. So, the bottom line is, if you see anything like this pop up in your e-mail, don't do anything with it. Just ignore it, delete it and keep on moving. Stay safe, my friends!

~ Erin

Originally posted on 26/7/07 at 10:12 am

Possible Mac Worm

Last week, some mania broke out in regards to the Apple Mac OS X operating system. So, what's all the hype about, you ask? Well, according to some online news articles, it's possible that there is a new worm looming around Apple's pride and joy. Now, if you're a Mac user, don't panic just yet. Nothing is set in stone at the present time, but it's always a good idea to keep your eyes and ears open. Keep reading for a few more details on this!

It's said that there may be a vulnerability within the "mDNSResponder" unit, which is a component of one of Apple's network services. Apple had patched this problem back in May of 2007, but some are claiming that it's still open for attack. Now, I know you're probably wondering where all of this information came from. Evidently, someone posted this information on an online blog and ever since, Apple has been trying to figure out the real story behind it.

It seems as if someone is posing as someone else to get the word out about this vulnerability. All of the information given doesn't quite fit together, so there are a lot of people trying to figure out the truth. So, like I said, if you're a Mac user, don't stress out too much about this, because it might not even be true. It sounds like it could all just be a scam and in the end, we all may find out that there really isn't anything wrong with the Mac operating system. I will keep you all posted on this, but until then, if you're cautious of your surroundings when using your Mac computer, you'll be just fine!

~ Erin

Originally posted on 9/8/07 at 9:23 am

New Trojan hitting Hotmail and Yahoo

Q:
Do you have any information about a new Trojan hitting Hotmail and Yahoo!? I heard a snippet about it the other day, but I would like to know more about it. If you know anything, please share it with us!

A:
Well, unfortunately, you heard right. As of July 6, 2007, it seems as if various Hotmail and Yahoo! accounts have been hijacked to send out spam messages. And we're not talking about just a few spam e-mails here. They have been sending out thousands upon thousands since the beginning of all this. Also, just in case you're wondering, all of this information is coming from the security firm of BitDefender. Alright, now that you know the basics of the situation, let's look into this a little more.

The reason all of this is happening is because Hotmail and Yahoo! have been hit by a new Trojan virus called Trojan.Spammer.HotLan.A. Once the Trojan hits either a Hotmail or Yahoo! account, it starts to generate spam messages and sends them out. The Trojan is also able to generate new Webmail accounts automatically. And on top of all that, the malware has also found a way to get past the CAPTCHA tests that are used for anti-spam purposes.

This is basically what goes on. The Trojan accesses a Webmail account and then goes and finds encrypted spam messages to use. It then decrypts those messages so they can be sent out to any legitimate e-mail address it can find. So, as you can see, users can be hit unexpectedly and very quickly if they don't keep their eyes open. And that includes you if you have a Hotmail or Yahoo! account.

Now, in your Inbox, the e-mail you'll see is from a Web site that is trying to sell pharmacy products. This is something that can be tempting and it can seem very legit, so it's easy for the Trojan to confirm your e-mail address and then get ahold of even more by rooting through your contacts list.

As of now, according to the head of the BitDefender antivirus lab, approximately 500 new accounts are being created every hour. But as a whole, over 15,000 Hotmail and Yahoo! accounts have been used. Therefore, it's really hard to determine how many spam e-mails have gone out, because the Trojan is able to multiply them without any trouble.

Please remember that I'm not trying to frighten you with this information. It is my job to keep you informed and that's what I always intend to do. I know this news is pretty scary for any of you who are using Hotmail or Yahoo!, but please don't panic too much. Just keep your eyes open for suspicious e-mails and delete any unusual e-mails as quickly as you can. Once you delete them from your Inbox, make sure they are deleted from your Trash folder as well. Also, be sure to run your antivirus, spyware, etc. scans on a regular basis. If there's anything going on within your system in terms of a Trojan, your security programs will be able to catch it.

Again, don't panic. Just be cautious and use some common sense when you're checking your e-mail each day. If you do that, you're going to be just fine. And by that time, the pros will probably have an easy fix for this and they'll put a stop to it anyway. There's always hope in tomorrow!

~ Erin

Originally posted on 9/8/07 at 9:37 am

Trojan Horse - AVG USERS

Trojan Flooder

If you're like me, when you see the word "Trojan," you probably panic. Am I right? Of course, a Trojan is pretty much only associated with a virus (or at least some sort of threat) in today's computer world. They are basically completely destructive programs that disguise themselves as very helpful and useful programs. But, in all actuality, they contain hidden code which allows them to do harmful things to one's computer.

In the past month, a new Trojan has made its way onto the scene. It is called the Trojan Flooder.AKE and it has been found to mostly affect AVG users. There are a couple of symptoms with this that you can look out for. First of all, an alert box will pop up on your screen, telling you about a new threat found on your computer and that you should "heal it now." If you do that, your computer will restart, but that same message will still be there. Your computer will then be stuck in a loop of "flooding."

As I said earlier, this mainly only affects AVG users, so if you use AVG for your antivirus program, be on the look out for this. It may pop up on your screen at any time, so just ignore it and you should be just fine. Always stay safe!

Originally posted on 9/8/07 at 9:38 am

Re: Trojan Horse - AVG USERS

Q:
Now that you've told us about the Trojan Flooder threat, is there any way to fix it?

A:
There sure is and I'm glad you asked. It was only yesterday that I shared the news with all of you about the Trojan Flooder.AKE risk (see yesterday's quick tip) and already, several of you have e-mailed me, asking me how you can fix it. I had planned on following up with this information, but now I know there is a great need for it, so I won't waste any more time!

Before I begin with that, I just want to fill in anyone else who has not heard about this yet. You can certainly go back and read yesterday's quick tip for the whole scoop, but just briefly, the Trojan Flooder is a threat that is affecting a lot of the AVG antivirus users. They are being tricked into "healing" their computer for the good, but are ending up with a harmful exploit on their computer instead.

If you are an AVG user and have come in contact with this Trojan, it is extremely important to fix it right away. So, here are a couple of suggestions that I was able to find for this. Hopefully, at least one of them will work for you.

1.) First, boot your computer in the Safe Mode form. To do this, turn your computer off and then restart it while pressing the F8 key continuously until the Safe Mode startup menu appears. From there, choose Windows in Safe Mode.

Next, you're going to uninstall your AVG service. Go to Start, Control Panel, Add/Remove Programs. Find its name and click the Remove button. When that's done, restart your computer and then reinstall the AVG program and do an immediate update on it. That should take care of the Trojan and all of its components. If not, try the second suggestion below.

2.) Again, boot up your computer in the Safe Mode form. (Follow the same directions listed above to do this). Once there, choose Windows in Safe Mode.

From there, go and find the folder of C: \ WINDOWS\system32\drivers\. (Double click on the My Computer icon on your desktop, double click the C: drive and continue from there). Next, you'll need to find a couple of files. Change them as follows:

Change AVGCLEAN.SYS to AVGCLEAN.SY_ and change AVGRSXP.SYS to AVGRSXP.SY_. This will help keep the winlogon.exe file in place like it should be.

Now, the next part involves using the Registry Editor. There is always a risk with working in the Registry. If you make a mistake, it could alter other parts of your computer, so if you're not 100 percent sure you know what you're doing, please find someone who does. It's very important!

When you're ready, go to Start, Run, type in "regedit" and click OK. Once there, find the registry key of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgClean. Now, go and remove the "__delete" value from the right window pane. Then restart your computer back in the normal Windows mode.

You should also make sure you update your AVG service to fulfill the latest virus base version. To do that, open the AVG program or the AVG Control Center. Then press F9 to get the current updates. Once you're all set with that, you have to go back and rename the same files you changed earlier. Find the C: \ WINDOWS\system32\drivers\ folder again and change the following files.

Change AVGCLEAN.SY_ back to AVGCLEAN.SYS and change AVGRSXP.SY_ back to AVGRSXP.SYS.

Once you have that done, you need to restart your computer again and then just make sure the AVG Resident shield loads again. This will keep you the safest. Well, there you go. Hopefully one of those suggestions will work for you and you can be rid of the Trojan Flooder for good. You can't beat that!

Originally posted on 22/8/07 at 12:16 pm

The Storm Rolls On

As you may recall, awhile back, we ran a couple security articles on a Trojan virus called the "Storm Worm." If you remember anything about those articles, you know that particular piece of malware ended up scaring a lot of people and unfortunately, I'm here today to tell you that it looks as if the Storm is back. And as if that weren't enough, this time, it has been named the most deadliest e-mail virus of all time. For all the important information on this, please keep reading!

To begin, I'm going to refer you back to one of the previous articles we did on the Storm. Click here to read it. As you can see, the Storm used to draw in its victims with e-mail subjects that dealt with the government, etc. Now, it's pulling people in with greeting card messages. Yes, that's right, the postcard e-mail scam you've been hearing so much about is now being classified along with the Storm Worm virus. All of this started toward the end of June 2007 and it has been on a steady roll ever since.

A couple other e-mail scams have been placed into the Storm category as well, but the postcard scam is the worse by far. It has also been said that the volume of spam coming from this virus won't slow down any time soon. Unfortunately, the percentage of this kind of spam e-mail will more than likely continue to increase between now and the end of the year. Now, I know we've told you before, but please, if you receive any kind of spam e-mail like this, do not open it. Just delete it as fast as you can. There's no use keeping it around. Stay safe, my friends!

~ Erin

Originally posted on: 19/11/07 at 11:00 am

Hard Drive Trojan

If you spend a lot of time on WorldStart's message board or if you read a lot of online articles, you have probably already heard about this, but just in case some of you haven't, I wanted to fill you in. This was brought to my attention by one of our message board users, "jholland1964," and after doing some more research on it, I found several other news pieces on it as well. This whole thing was discovered about a week ago (November 11, 2007) and even though I'm a little behind on getting this story to you, here's the full scoop!

Over last weekend, approximately 1,800 new external hard drives were found to have been pre-installed with Trojan horse malwares. The two infections found go by the names of "autorun.inf" and "ghost.pif." These external hard drives were both the 300 GB and 500 GB sizes and they were originally made for a company called Maxtor in Thailand. When the hard drives are in use, all of the information on the disk is forwarded to two different Web sites in China: ww.nice8.org and ww.we168.org. The hackers can then take the information off the drive and use it however they please.

From what I've read, it looks like a company in China has been pin-pointed as the leader of this attack, but there have even been implications that the Chinese government is behind the Trojans. There have been reports of this same type of thing for Maxtor disks sold in the Netherlands as well. Now, I know this is only happening in China and a few other select countries, but that doesn't mean it could happen to you too. If you're in the market to buy a new external hard drive, just make sure you're purchasing it from a reputable source. Also, before you start using it, it's a good idea to reformat the drive and make sure it's clear of any "bad stuff." If you do that, you will be just fine. Let's just hope this whole malware issue gets cleared up sooner than later. Stay safe out there!

~ Erin

Originally posted on 5/12/07 at 6:03 am

Another E-mail Virus

I just came across a new e-mail virus that is starting to spread itself around the Web. It comes as an e-mail from the Department of Justice. Keep reading for all the details!

This e-mail virus is similar to other attacks from earlier this year that claimed to be coming from the Better Business Bureau and the IRS. It comes as a very official looking e-mail, stating that people are involved in a Department of Justice investigation and the details of the inquiry are attached in a file. If the file is downloaded, it immediately infects your computer with a Trojan horse virus. Here is a screenshot of what the infected e-mail looks like:



Currently, no antivirus companies have a patch to protect anyone from this attack. If you receive an e-mail like this, it should be deleted immediately. If you do that, you'll be just fine. Until next time, stay safe out there!

~ Gary

Originally posted on: 9/1/08 10:36 am

Wireless Worm

I know I have written before about the importance of securing your wireless network. It's definitely necessary to make sure your computers are safe from intruders. Without having a secure wireless network, your computers are wide open for others to gain access to and do whatever they want with your data. I know all of that is a little scary, but today, I have a completely new issue that will definitely convince you to lock down your wireless router.

Think about this for a minute. How many times have you looked at the list of available wireless networks in range of your computer? If I look at the list here at WorldStart, I can see three of them right off the bat. That means that right now, if I had the password, I could connect to three different wireless connections.

Now, I'm sure some of you are thinking, “big deal!” Well, that's what I thought until I read a report the other day about the possibility of a worm that can spread through wireless routers. Researchers at Indiana University did a study on the possibility of a wireless router worm. This worm could spread by first infecting one wireless router and then connecting to all other wireless routers in range and infecting them. Those routers would then, in turn, do the same thing until all the wireless routers in range were infected.

Based on a study of New York City, a worm of this type could easily reach 20,000 routers within just a few days.

The only thing that can stop a worm of this type from spreading is having a strong password on your wireless router. If the worm cannot guess the password, it cannot access your router and will not spread. This is just another reason to make sure you have changed the default passwords on your wireless router.

Now, I'm not going to leave you hanging. Here's how to change the password on your wireless router:

1.) First, you need to find the address of your router. In Windows XP, go to Start, Control Panel. From there, click on Network Connections. Next, double click on your Wireless Network Connection and then go to the Support tab. Write down the Default Gateway address (it should start with 192.168) .

2.) Next, you need to log in to your router. To do so, open your Web browser and in the address bar, type the Default Gateway address you wrote down. Then press Enter on your keyboard. That should bring you to a log in screen. Type in the username and password for your router. (If you don't know the username and password, you may need to check your router's manual).

3.) Lastly, you need to change your router's password. Every router is a little different, but you should be able to find an Administrator area on the screen. In that area, you will see a place to change the password for your router. Make sure your password is something you will remember, but also something that will not be guessed easily. It should not be a word, but rather capital letters, lowercase letters and numbers all mixed together.

After changing your password, click OK and you'll be all set. Doing this will definitely help to keep the worms out. Until next time, stay safe out there, my friends!

~ Gary

P.S. - Do you have a computer or network security question? If so, send it to gary@worldstart.com and you may just find an answer for it in the next newsletter. I will not be able to answer every single question I receive, but I will choose a few to feature in future editions!

Q:
I haven't heard you talk about the Storm Worm lately. Is there anything new going on with it?

A:
Oooh, great question! And your timing is perfect, because I actually just received word the other day that a new issue has developed concerning the Storm Worm attack. Now, before I go any further, I want to refresh everyone's memory on what the Storm Worm is. Basically, it's a Trojan virus that's been circulating the Web since approximately January 2007. The virus comes through as a malicious e-mail and just wreaks all kinds of havoc!

The Storm Worm started out with such subject lines as "A Killer at 11" and "Castro is Dead." It then moved on to lines like "USA Declares War on Iran" and then finished with subjects such as "You've received a postcard from a family member" or "You've received a greeting." Many of you are probably familiar with the "Postcard Scam," because we have written several articles about that in the last few months, but you may not know it's part of the Storm Worm as well. And now, here we are in February 2008 and it looks as if the Storm has hit again, just in time for Valentine's Day. Keep reading for all the details!

The Storm Worm always seems to creep back up during a holiday and since Valentine's Day is right around the corner, it's time to start watching your e-mail very closely once again. According to Snopes.com, there are several subject lines coming through this time. I'll list a few of them for you, but if you want to see the entire list, go here. Here are some of the more common subject lines used for the Valentine's Day Storm Worm:

* A Kiss So Gentle
* A Rose for My Love
* Come Dance With Me
* Dream of You
* Eternal Love
* Heavenly Love
* I Love You With All I Am
* Inside My Heart
* Our Love Will Last
* Sending You All My Love
* The Time for Love
* Why I Love You
* You're My Dream

So, basically, if you receive an e-mail with a subject line that has anything to do with love, romance or relating to Valentine's Day in any way, don't open it! It's as plain and simple as that. Now, I know a lot of you rely on your e-mail spam filters to sort through your junk mail, but with this one, you really need to keep an eye on your Inbox as well. It seems as if some of the spam filters are having trouble blocking the malicious messages. Snopes said this is happening because the e-mails are being generated by computers that are already infected, which means there are an umpteen number of sources the e-mails could be coming from. In short, your spam filter may be able to block these e-mails, but pay close attention to your Inbox as well, just to be certain.

The Storm Worm e-mails are easily identified by the subject line, but you can also tell them apart by the actual body of the e-mail. Each e-mail contains a short message and a link. The link always uses an IP address instead of a domain name, so if you pay attention, it should look a little funny to you. It will look something like this: http://198.0.0.1 , which is not a normal link. Also, just so you're sure, if you open the e-mail, your computer won't be harmed, but if you click on the link, that's when you're in trouble!

The best thing to do is delete the e-mail as soon as you see it. If it looks suspicious to you, don't even waste your time opening it. And by all means, do not click on the link! It's also a good idea to run your virus scans on a regular basis (if you're not doing so already). Yes, it's unfortunate that the Storm Worm is still looming around the Web, but if you're cautious and use some common sense, it won't be able to bother you. Be safe!

~ Erin

Beware of the Silent Banker

Yesterday, Steve sent me an e-mail about a nasty little Trojan virus that steals information from your computer when you attempt to log in to your banking Web site. So, if you do any kind of online banking, you should keep an eye out for this one. The Trojan has been named SilentBanker and seeing how it works, that is a very good name for it. This little bug works by changing your log on information in a fashion that will pass your data (and money) on to the attacker. It will change the log on screen for your bank just slightly and you will be asked to re-enter your password.

The little box asking you to re-enter your information is the Trojan's own code and it will redirect your information to the hacker's chosen location. Here is a screenshot taken from the Symantec Web site that shows what all of this looks like.

If your original log in screen looks like this:


The Trojan will make it look like this:


I know those are in another language, but you get the idea. The Trojan has added the bottom box that asks for your password again.

The worst thing about this Trojan is that it will still work even if your banking site is a secure site. That's possible because the attack happens in between your computer and the bank's Web site. According to Symantec, this bug is set up to attack 400 different banking sites in several different countries. At this time, the Trojan is labeled at a low threat level, but I thought it would be a good idea to bring it to everyone's attention today, simply because of the damage it can cause.

If you feel like you may be infected with this Trojan or you want to ensure that you're not, Symantec has detailed removal instructions that are available on their Web site. The directions can be found here.

Note: Steps 2 and 3 are written for Norton Antivirus users only. If you don't use Norton Antivirus, just skip past those two steps, update the antivirus software you do use and then run a full system scan. Until next time, stay safe out there, my friends!

~ Gary

BellSouth E-mail Scam

Is BellSouth your ISP? Or more importantly, do you use BellSouth for your e-mail service? If so, you definitely need to listen to this. Another new phishing scam is already in progress and this time, it's targeting BellSouth users via their e-mail accounts. As you can probably figure out, this is the perfect set up for the scammers and with you being a trusting BellSouth user, they can easily get the information they want out of you. To learn more about this, keep reading!

If you're caught by this scam, you will receive an e-mail that is supposedly from BellSouth (from the e-mail address of support@bellsouth.net, to be exact), asking you to verify your account with them. When you click on the link, you're then asked to send a copy of your credit card to another link within the e-mail. They then go on to tell you they need this information in order to update your account. And here's an even bigger kicker: the scammers also tell you they need this information so that they can keep you protected from other scams and identity theft. How clever!

The e-mail looks very legit and it's put together in a nice fashion, so it's easy to fall for. I mean, why wouldn't you trust your ISP with something like this? Well, either way you look at it, don't give in! It's a fraudulent e-mail and you will only cause yourself more problems if you give them the information they want. Know that BellSouth will never ask you for that kind of information through an e-mail. If there's a problem with your account, they will call you personally. So, what can you do about this? Well, delete the e-mail for starters. And then just keep your eyes peeled for unusual e-mails like this. Sometimes your own common sense can save you from a world of trouble. Stay safe, my friends!

~ Erin

FYI: New E-mail Scam

Have you heard about the new e-mail scam going around? Or maybe you've even been an innocent bystander in the middle of it all. Whatever your case may be, I'm here to bring you up to speed on its details today. Announced on April 23, 2007, the new scam basically just involves a survey and the Wal-Mart logo. Yep, that's right. Spammers are using the Wal-Mart logo to get people to fill out a survey that ends in nothing but bad.

If you receive the e-mail, it will say something like "Congratulations! You have been chosen by Wal-Mart's online department to take part in our quick and easy 5 question survey." The e-mail also goes on to promise that you will be paid $175 just for answering their questions. Now, if you're on the ball, you can probably guess where this goes next. Once you're done taking the survey, you must give out your personal information in order to receive the money. They will ask for either a credit card or a debit card that they can transfer the money to. Of course, they throw in a nice assurance note that lets you know your information is in good hands and so on and so on.

All I can say is, "Don't believe it!" We've been over this time and time again and this scam is no different. No matter how legit it may sound, don't fall for it. Also, if you think something fishy might be up, you can always contact the company in jeopardy (Wal-Mart in this case) and ask them if this is something they're doing. They will always tell you their policies and I guarantee, most big companies like Wal-Mart do not contact consumers by e-mail. Of course, the Wal-Mart logo will look real and the e-mail will sound enticing, but before you know it, your information will be stolen. So, please just delete the e-mail immediately. You owe it to yourself to stay safe!

Hitman E-mail Scam

Before I go any further with this tip, I want to warn you that this subject is pretty sensitive, but I thought it was something you all should definitely know about. Another e-mail scam is starting to make its rounds on the Internet and it's probably one of the scariest I've ever heard about. Please keep reading for the rest of the details. You don't want to miss this!

First of all, this scam is going by the name of "Hitman Scam" and basically, if you are contacted, you will receive an e-mail from the scammer saying they've been hired to put a "hit" out on you. They will then tell you that they can stop the whole thing if you pay them a certain amount of money. The e-mail you receive goes into this long schpeal about how they were hired and why you're the one being targeted. They then talk about how much money is involved and so on. The amounts I've seen so far have been anywhere between $50,000 and $150,000.

Now, while the e-mail may sound very legit, don't fall for it! It's all a scam. There is no such hitman, there's no plot set in place, nothing. Everyone who gets the e-mail is told the same exact thing, which makes the whole thing phony in itself. The only thing at risk is your bank account if you give in to it. I know this may sound a little far fetched, but it has been verified by Snopes and I have read about it in online news articles and I've heard about it on the radio. This scam originated back in 2006, but it seems to be resurfacing again. So, please keep an eye out for this type of thing in your Inbox and keep yourself safe. Just delete the e-mail and you'll be just fine. Trust me on this one!

~ Erin

Postcard E-mail Scam

If you're like me (and everyone else who has e-mailed me about this), you've been getting some strange e-mails in your Inbox lately. Am I right? Well, those e-mails are part of a new scam that is going around these days. It's going by the name of the "Postcard Scam," but there are various versions of it that may have found its way to your e-mail Inbox. Let's take a look at it and see what all it entails, shall we?!

If you receive one of these e-mails in your Inbox, the subject will say something like "You've received a postcard from a family member" or something similar to that. There have also been some that say something about an e-card, a greeting or even one specifying a special holiday (like the Fourth of July, for example). The senders of this scam have also varied. These spam e-mails have come from Hallmark, Greetings123, eCards, GreetingCards.com and more.

If you open the e-mail, it will tell you that you've been sent a postcard and there will be a link you can click on to go and preview it. But, if you click on that link, you're putting yourself at risk for a potential virus or malware infestation. Once you click on the link, the scammers know your address is a real one and they can start sending you malicious material at any time. So, although these e-mails look tempting, don't click on that link! Be extra careful not to fall for this trick. Like I always say, if the e-mail looks suspicious, just delete it as fast as you can. It's better to be safe than sorry, don't you think?!

~ Erin

Jury Duty Scam

Yes, that's right. Another scam has been making its rounds and once again, it's my job to inform you all about it! Chances are, you've probably received an e-mail about a new scam, entitled "Jury Duty," and you're probably wondering if it's true or not. Well, I'm here to tell you that it is. I was actually given this information by a loyal reader, so here's a huge thanks to them! Okay, here's the scoop. The scam actually starts out with a phone call from the scammer. They tell you they work for the local court and that you have failed to show up for your jury duty assignment. The scammer then goes on to tell you that a warrant has been issued for your arrest.

Of course, by this time, you are in panic and when they ask you for your information to verify everything, you give it to them right away. This information includes your social security number, your birth date and quite possibly, your credit card number. You know, everything the scammer needs to commit identity theft. It's an easy way to catch you off guard and when you're upset, you're more likely to give out your personal information. It's a win-win situation for the scammer.

The FBI has stated that this scam has already occurred in Michigan, Ohio, Texas, Arizona, Illinois, Pennsylvania, Minnesota, Oregon and Washington state. They are also reminding you that court workers will never call and ask you for your personal information over the phone. They usually deal with everything through the regular mail. If you're careful not to give out any of your information over the phone, you will be just fine. Like I always say, just use some common sense and these scam artists will not be able to get away with this any longer. Always protect yourself first!

~ Erin

Pump and Dump Scams

First of all, I should probably clarify what I mean by Pump and Dump (also known as P-n-D) or Hype and Dump Manipulation, as the government calls it. It’s the process of creating fake hype or buzz around a particular stock in an effort to generate interest in prospective buyers. This can be done in a number of ways, one of which is becoming quite popular lately in the form of spam.

This P-n-D technique isn’t a new phenomenon on the Web, but in the past year, this scam has really come into its own. According to Sophos security company, the percentage of P-n-D spam e-mail has jumped from less than one percent of all spam being sent out in 2005 to a whopping 15 percent in 2006 (no word on 2007 yet).

The P-n-D scams usually involve sending out e-mails. You know, as I stated earlier, “pump” up the stock by urging buyers to make a move on some incredible stock offer before it’s too late. The scam usually employs some sort of information that looks credible, stating things like impending development or an invention of some revolutionary new product or procedure. The scam really tries to get the reader to make a move on the stock as fast as possible, in order to jump the profit of the individual shares up for existing owners as well. Once the entity responsible for the scam hits their goal price per stock, they sell, reaping the fraudulence earnings for their own and leaving behind a wake of confusion and financial destruction.

It is almost impossible to determine exactly who is behind any particular P-n-D scam, not to mention locating where the attack may be originating from. It may be the owners of the fledgling company, some affiliate of the company or simply an attacker who decided to choose the company for some particular reason. The P-n-D e-mails are sent out to millions of warehouse e-mail addresses, while the attacker sits and watches the stock. If the price per share hits a projected goal, they sell their shares right away.

There are some things you may want to keep an eye out for. For example, I have posted a list of known domains in which these types of attacks have originated before:

* Trader's Daily Report
* Smart Money Equities
* Tip Top Equities
* Capital-gains.net
* Horizontal-spread.com
* FuturesBuzz.com
* DeepDiscountFutures.com
* Trade10.com
* HedgeCo.net
* OTCPicks.com
* 1stOptionsBroker.co.uk
* AnotherWinningTrade.com
* MaximumuASP.com
* FXstreet.com
* www.sjrb.ca (this one had no name)

Another key to spotting a P-n-D e-mail is seeing the same message coming from different addresses and with different subject lines. Other sure tell signs are things like gibberish or misspelled words in the beginning or end of the e-mail, which are known tactics of spammers to elude e-mail filters. All of this, in addition to, of course, the overwhelmingly good information/news in the body of the e-mail, is meant to entice the reader into quickly purchasing shares of the stock.

If you do find some P-n-D e-mails in your Inbox, the best thing to do is delete them. It’s that simple to stay clear of the whole mess. If you find yourself playing in the Microcapstock market, I suggest finding reliable sources in which to get your information from. Think of it as a different type of phishing scam where the number one rule in protecting yourself is never give account information out in response to an e-mail, regardless of who it is from. The same applies here. Don’t make any sort of stock purchase based off of some random e-mail, no matter who it claims to be from. That’s all it takes. Simply resist your curiosity, because it may get you in trouble. Also, remember, if it sounds too good to be true, it probably is.

If you do receive one of the P-n-D e-mails, you can notify the:

Securities Exchange Commission (SEC): http://www.sec.gov/

Federal Trade Commission: http://www.ftc.gov/

Until next week, stay safe out there!

~ Chad Stelnicki

Q:
I saw something online the other day about a rebate scam. Do you know anything about that? If so, please share the details. Thanks!

A:
Excellent question! This is something that has been plastered all over the Web since about the last week in January (2008) and it's something every computer user should be aware of. So, what do you say we stop wasting time and get right down to it? Here we go!

I'm sure most of you are aware that the United States Congress has been working on an economic stimulus package that will issue Americans tax rebate checks. And unfortunately, once the word about that spread, hackers started to take full advantage. At the end of January, the IRS (Internal Revenue Service) began sending out warnings about rebate scams. They said that identity thieves are already working on using the tax rebates as a way to get personal and financial information out of people.

As of right now, it seems as if their biggest tactic is to call people on the telephone and tell them they won't receive their rebate until they provide their banking information for a direct deposit. Now, I don't know about you, but just hearing that makes me think of a scam! You should always remember that tax agencies will never call you and ask for your information over the phone. That's just not how they work. Also, no legislation has been passed that would even allow that to happen. So, if you ever receive a phone call like that, do not give out any of your information. If you do, you'll just be another scam victim.

The IRS said the threats are coming via e-mail as well. The e-mail looks like it's coming from a tax agency and it asks you to fill out a form that is supposedly needed to receive your rebate. Of course, the form asks for all of your personal information and if you fill it out, it will be put into the wrong hands. Another version of the e-mail scam involves a notification that a person's rebate will be audited. It then asks you to click on a link to fill out the forms needed for the process, which of course, require all of your personal and bank account information.

This scam is even going as far as e-mailing businesses and accountants, telling them to download information about tax law changes. Once they do that, malware is put onto their computer that gives the hacker remote access to the computer's hard drive. And that could put several peoples' information at risk. There's also another version of the telephone scam where the caller claims to be an IRS agent. They go on to tell you that you have not yet cashed your rebate check and you must confirm your bank account number before you can do so. Wow, that's all a little crazy, don't you think?!

Now, I personally have not run into any of these scams in my e-mail or by phone, but with the rebate checks being distributed soon, they could pick up pace rather quickly. So, I'm telling you now: do not click on any suspicious links you may get in your e-mail and do not give out any personal information over the phone unless you're 100 percent sure it's legit. If you receive a questionable e-mail, you can always contact the IRS through this e-mail address: phishing@irs.gov as well. And as always, if you simply use your common sense, you won't run into any problems. I promise!

~ Erin

Originally posted on: 18/7/07 at 10:27 am

Phone Phishing

There’s a new type of phishing scam on the horizon. It's one that mixes the traditional methods, such as sending bogus e-mails, with social engineering techniques. Don’t let it catch you off guard!

As you probably know by now, the term phishing refers to an attempt to gain personal information from end users by spoofing legitimate companies and financial institutions, such as PayPal or Ebay. In order to do this, an attacker sends a message (usually an e-mail) stating there is some sort of serious issue with your account and in order to take care of it, you need to log in with your account information at their site, which is of course, fake.

Once this is done, the attackers have the information they want, which puts the ball squarely in their court. This has been a very successful avenue for attackers in the past. They have been able to harvest various user's personal information with ease. Lately however, the public is getting a little wiser to these sorts of attacks and we aren't so easily fooled anymore.

The one thing about hackers is that they are resilient. You stop one method and they shortly figure out another. Well, the new method appears to be a hybrid phishing attack that blends technology and traditional methods combined with the misplaced security of speaking with someone on the phone.

This brings in phone phishing. Phone Phishing is becoming very popular, yielding a high success rate. The concept remains the same: fool someone into giving you personal information by impersonating another company, but the execution has a slight twist. There are a few different styles of phone phishing, with the most popular being when an attacker instructs the user to call a customer service number in order to rectify the bogus situation.

On the other end of the line, it could be a fake customer service representative or an automated message. It doesn’t matter. Either way, they are going to ask you to divulge personal information. This method has not been in use that long, but it is notably successful. People tend to feel more comfortable giving their information out over the phone instead of the Internet, especially when they feel they are safe.

There are variations of Phone Phishing, which I have summarized below:

* Some methods take advantage of the rich content with the smart phones that are out there today, which can send/receive instant messaging, as well as, e-mail. These are both more traditional methods of phishing that have proven to be highly successful in the past.

* There is a method of phone phishing that is identical to the method listed above, but instead of being directed to a phone number, you are instructed to go to a Web site, which is of course, fake and it then requests your personal information.

* A less traditional phishing scam (but still in the same family) is the method in which an attacker will use a police scanner to help capture cell phone calls. This is primarily for older analog phones that have little encryption on the audio transmission. With the newer digital phones, this isn’t an issue due to the encryption placed on the audio. With analog phones however, it is quite easy to steal audio from a transition and as a matter of fact, Newt Gingrich had a cell phone conversation tapped by someone using a common police scanner.

Fortunately, there is one easy way to defend yourself against any phishing scam. Just simply remember to never respond to communication that is requesting you to call, e-mail or go to a Web site and log in with your personal information. Instead, always go out to the site on your own and log into your account. If there are any issues with your account, you will see them there and you will be able to fix it. The same can go with a customer service number given to you via e-mail. Use the phone number from one of the company's Web sites or from your billing information, if you have it.

These steps will keep your information safe online and over the phone. Until next week, stay safe out there!

~ Chad