latest internet scams
Last Update: August 4th, 2010
"My best photo ever!" Trojan horse spammed out
via e-mail
Sophos has
warned of a Trojan horse that has been spammed out
to e-mail addresses disguised as a digital
photograph. The Troj/Dloadr-AKX Trojan horse has a
subject line with one of the following text: "My
best photos!"; "the best pictures of us. Just take a
look, i'm excited!"; "Wanna see?"; or "You've asked
for pictures. See this." The attached file is
photos.zip.
Inside the ZIP
file is another file called DSC00342.jpg .exe. The
executable file is a Trojan horse designed to
download further malicious code from the Internet,
but disguises itself as a JPG graphic by using a
double extension and inserting multiple spaces into
the filename.
Spammed Trojan claims Bush/Blair Middle East oil
cover-up
Sophos has warned of a Trojan horse that has
been spammed out to e-mail addresses disguised
as a message claiming that George W. Bush and
Tony Blair are conspiring with oil companies to
push up petrol prices. Other disguises being
used by the hackers to distribute the Trojan
horse include news reports that Osama Bin Laden
has been killed or Michael Jackson has committed
suicide, CCTV photos of an alleged university
rapist, and requests for a photograph to be
approved for a magazine. The Troj/Stinx-W Trojan
horse has been spammed out in e-mail messages,
which can have a variety of subject lines
including "Petrol Price Conspiracy," "Campus
Student Raped," or "Bush and Blair Conspire.
Always remember that "Free" Software such as
Screen Savers or Games are rarely free. The
creator usually expects to get paid by someone
Warning on search engine safety: some net
searches are leading users to websites that
expose them to spam, spyware and other dangerous
downloads, reveals a report.
According to the research the most dangerous
words to search for are "free screensavers".
The report found that 64% of the sites found
using this phrase were flagged as causing
problems for users.
Dangerous game
It is well known that visiting sites offering
porn, gambling and free MP3s leaves users at
serious risk of falling victim to spyware and
adware. However, the research by Ben Edelman and
Hannah Rosenbaum reveals that those carrying out
searches for innocuous subjects are at risk too.
The report looked at the websites returned for
1,394 popular keywords searches found via
Google, Yahoo, MSN, AOL and Ask.
The results returned for each search term were
then analysed using the Site Advisor security
tool. Once installed this piece of software
warns users when they browse websites known to
be dangerous.
The most benign of the pages that Site Advisor
flags up try to change browser settings (to
redirect people to ad sites) and the most
dangerous deluge users with spam or bundle
adware and spyware in with downloads.
In one case signing up with one site led to a
test e-mail address getting more than 300 spam
messages per week.
Toxic E-Christmas Card
At
this holiday time we tend to be more open and trusting.
Unfortunately, the bad guys are well aware of this and are trying to
take advantage with a Trojan program disguised as an electronic
Christmas card. The description follows: .
Akonix Systems Inc. has issued an alert for a worm posing as a
holiday greeting card to lure users into launching a harmful
executable.
Akonix identified the worm as W32/Aimdes.E and warned that the worm
is executed once the IM user clicks on a link purporting to be a
greeting card. Upon execution, this memory-resident worm propagates
and sends the following message to other users listed on the
infected user's buddy list:
"The
user has sent you a Greeting Card, to open it visit:
g{BLOCKED}aol.com/index.pd?source=christmastheme?my_christmas_card.com"
Once
the link is clicked, the worm automatically installs itself on the
affected system and opens random ports to receive instructions from
a remote attacker. Aimdes.E also comes with a built-in IRC (Internet
Relay Chat) client engine that connects the machine to an IRC
channel to wait for several commands from a malicious user. This
routine then compromises system security.
'bird flu' email hijacks your computer
Hackers use bird flu emails to hijack computers. Computer hackers
are exploiting fears about avian flu by releasing a computer virus
attached to an email that appears to contain avian flu information.
According to Panda Software, the virus Naiva. A masquerades as a
word document with e-mail subject lines such as "Outbreak in
North America" and "What is avian influenza (bird flu)?"
When the file is opened, the virus modifies, creates, and delete
files. The virus also installs a program that allows hackers to gain
remote control of infected computers. The virus spreads through
e-mails, Internet downloads, and file transfers.
Phishing Attack Targets Yahoo Photos Users
A new phishing attack targeting Yahoo
Photos users arrives as an email or instant message that appears to
come from someone they know, asking them to look at vacation or
birthday party photos. A link in the message sends them to a phony
site that collects login details, then forwards them to the real
Yahoo Photos web site.
postcard scam
Well, these days you can't even open a
virtual card without thinking twice! There is a new Internet scam:
"You've got a postcard" email.
The subject is usually "You've
received a greeting from a family member!", "Your friend sent you a
postcard" , "You've got a postcard" or something similar.
The body usually says something like:
You have just
received a virtual postcard from a family member (friend,
coworker, or even some made-up name)!
You can pick up
your postcard at the following web address:
.http://www2.postcards.org/?a91-valets-cloud-313
-->> do not try to follow this
hyperlink!!!
(Your postcard
will be available for 60 days.)
Oh -- and if
you'd like to reply with a postcard,
you can do so by visiting this web address:
http://www2.postcards.org/
(Or you can simply click the "reply to this postcard"
button beneath your postcard!)
We hope you enjoy
your postcard, and if you do,
please take a moment to send a few yourself!
The email is
obviously NOT from postcards.org, and all the hyperlinks
are cloaked. Once you click on the link, you start downloading
.exe file that contains virus, trojans or other spyware.
Never ever follow
the hyperlink and open a postcard if you receive it from someone
you don't know, or from "your family member", "co-worker", and
even "your mother" without actual person's name!
katrina scam
Sadly, it was inevitable that scammers would try to take advantage
of charitable efforts to aid Katrina's victims.
September 01, Washington Post - Scammers hit Web in Hurricane
Katrina's
wake. Less than two days after the hurricane, Internet opportunists
are
already trying to cash in on public sympathy for Katrina's victims.
Within
the past 24 hours, several Websites have emerged, promising to
forward money
to relief workers. Bearing such names as Katrinahelp.com,
katrinadonations.com and katrinarelief.com, the sites ask for money
to be
sent through Paypal, but there is no way to verify who is getting
the money.
FBI spokesperson Paul Bresson said the agency was investigating
reports of
fraudsters using e-mail and Websites to impersonate legitimate
fundraising
and relief organizations.
Source:
www.washingtonpost.com
NEW SCHEME TO BUY STUFF WITH YOUR CREDIT
CARD
Anyone would fall for this one if you
didn't know about it!
A fraudulent order is placed via an e-merchant website,
requesting the products be shipped to the actual credit card billing
address. The actual cardholder with the compromised credit card
receives the order which they did not place.
Shortly thereafter, the
fraudsters send an e-mail, purportedly from the company who shipped
the product. The e-mail acknowledges the shipment and transaction on
the victim's credit card and apologizes for the mistake. The victim
is advised a delivery service company will pick up the order and the
victim's credit card will be refunded.
The subject arranges for
pickup of the products, but the charges remain on the victim's
credit card. The scheme works on e-merchants because the
verification process reviews accurate information on a credit card
with no known issues, such as lost/stolen, card is maximized, etc.
The transaction appears legitimate because the fraudsters use the
credit card verification value code (CVV) and the true billing
address.
The scheme works on credit card holders because 1) the
e-mail is a spoof of a trusted company, 2) the order looks
legitimate because it contains accurate details to include product
shipped billing address, credit card number, and 3) the ruse of a
mix-up in orders reassures the victim that the situation will be
corrected.
The source of compromise for the affected credit cards is currently
not known. However, any credit card information whether compromised
by phishing,
intrusion, or other means could be utilized in this manner.
jury duty scam
Identity theft scammers,
pretending to work for local courts, are calling
potential victims with the news that they have
failed to report for jury duty and that a warrant
has been issued for their arrest. They then ask
victims for personal confidential information,
including Social Security numbers, birth dates and
credit card numbers for verification purposes. This
is exactly the information scammers need to commit
identity theft.
The jury duty scam is only about three weeks old and
has already been reported in nine states: Arizona,
Illinois, Michigan, Minnesota, Ohio, Oregon,
Pennsylvania, Texas and Washington.
In reality, court workers do not call potential
jurors and ask for their Social Security numbers,
credit card numbers and other personal information.
Most courts use snail mail exclusively for jury
matters.
"Whereas it's easy to avoid many scams by simply
using common sense, it makes it much easier to
protect yourself if you know about other scams in
advance," said Dr. Audri G. Lanford, co-editor of
Internet ScamBusters
Double Whammy Phishing
Scam
According to the FBI. there is a Phishing scam that
can not only clean out your bank account but get you
in trouble law enforcement.
The scam works like this:
An On-Line Job Board
offers jobs as "Reshippers" of cash to foreign banks
for goods bought in the USA by their citizens. Your
job is to have the money deposited in your account,
take out your "Reshipper" fee, and send the money to
the bank they designate.
However, the money
deposited in your account is stolen from other
Phishing Victims so now you are an accessory to a
crime. In addition, they now have all your personal
banking information so you will be the next Phishing
victim.
Please don't fall for this scam and alert others who
might be job hunting about it!
CHEAP AIRFARES scam
New Internet scam lures victims
with cheap airline fares. A new kind of Internet scam entices
victims with a promise of low-cost airline tickets, in a fraud aimed
simply at stealing credit card numbers, an online security firm
warned.
Panda Software said the scheme may be effective because it
does not use e-mail but paid listings when a Web user conducts a
search with an Internet search engine such as Google. "The real aim
of these Internet pages is not to sell anything, but to get users to
enter their credit card details which will then fall into the hands
of cyber-crooks," Panda Software said. Panda said the sites, which
it did not identify, had been shut down, but warned that others may
crop up in their place.
The Websites ask customers to enter personal
details, including their credit card number. But once the details
have been entered, an error page is displayed telling the user that
the transaction has been unsuccessful, to prolong the illusion.
Panda advised Internet users to rely on established and trusted
websites and to investigate any new sites offering unusual bargains.
Latest phishing scam goes low tech
Security companies are warning of a new type of
phishing scam that uses decidedly low-tech methods
to harvest information. The scam has been started
with spam e-mails purporting to come from online
payment service company PayPal. The e-mail warns of
a hacking attack and urges customers to print out a
Website form with their banking details and fax it
in.
The form, which is hosted on a Polish Website,
asks for e-mail addresses, credit card details and
PayPal passwords and asks the recipient to fax them
to a U.S. toll free number.
"It's possible that some
people who know that they need to be careful about
entering their confidential information on a bogus
Website may think that completing and faxing back
such a form is somehow safer," said Graham Cluley,
senior technology consultant at IT security firm
Sophos.
free credit report site scam
Imposter sites plague free credit report site. A Website created by
federal mandate last year to help consumers spot identity theft is
opening up new avenues for fraud, according to a privacy watchdog
group. The site, AnnualCreditReport.com, offers consumers free
copies of their own credit reports. It was launched in December by
Equifax, Experian and TransUnion, the three major credit reporting
agencies in the United States, in accordance with the Fair and
Accurate Credit Transactions Act of 2003.
The federal law aims to
quell growing concerns over privacy and disclosure of sensitive
financial data. However, the online service has quickly fallen prey
to imposter sites, which are designed to lure traffic from a
legitimate Website by adopting a similar domain name. Imposters
targeting the AnnualCreditReport.com site now number 112, according
World Privacy Forum, a nonprofit based in San Diego that's studying
the problem.
Another 120 registered domains that aren't currently active employ
the words annual credit report in some combination or are close
misspellings of the official site, the group said. The privacy
advocate sounded an alarm bell on Thursday, July 14, in a report
that said the imposter sites "have been aggressively attempting to
deceive and misdirect consumers."
Source:
CNET.com
World Privacy Forum report
Next:
Phishing Scam
Alert