Year: 2009

New Facebook Phishing campaign!

Paul

According to Sans Internet Storm,  They have seen some signs of a new Phishing campaign like the[intlink id=”3419″ type=”post”] Look at this Phishing campaign[/intlink] that went through a few weeks ago.  At the time of writing that report they weren’t being resolved they now are being resolved making you look like you are logging into Facebook:

Phishing look a like!! Phishing look a like!!

[ad]Sites that are hosting these are in Belgium and are Redbuddy.be, Redfriend.be, and picoband.be.     If you recieve this with these urls you best thing you can do is just to delete them.   Some people have said it is using the term “look at this” I am unsure as to is or not but you can usually tell because of the the URL and if it isn’t Http://www.facebook.com or Https://www.facebook.com then you aren’t logging into Facebook but are logging into a fake site.

We’ve talked about [intlink id=”2644″ type=”post”]why criminals want to use your account and why they need to get your passwords[/intlink].  I know they want to take control of your account for one reason or another but that is where the Facebook users need to keep watch on the URLS being displayed when you log into Facebook.    If you did that then you are one step ahead of the nefarious criminals and can be at peace.  Just like the Look at this campaign if you did visit those sites and given out your password it is strongly recommended to reset your password.

Update #1 — More Domains have been created areps.at, greenbuddy.be, vispace.be, whiteflash.be, and bestspace .be . All these domains resolve to 211.95.78.98 And can be determined by going to Http://www.dns.be or http://www.dns.at  .   It looks like the server is hosted in China.  I wouldn’t be surprised if t here were even more domains going to be regestered that were in Belgium!!  On a Side note it seems all these have a malicious hidden iframe in them so “DON”T Visit them unless you know what your doing“.   I suspect that is how they are keep having people post to Facebook about these but that is only my theory!!  (Thanks Sans Internet Storm for all those updates)

Getting Twitter on your Cricket QA30 Hint Phone!!

Paul4 Replies

So you want to use [intlink id=”3222″ type=”post”]Twitter with Cricket Phones[/intlink]. I have found a few ways to post to Twitter with http://Identi.ca . I can post to twitter with emails going to Identi.ca.  They give you a unique email address that you can use to post and You can receive twitter like sms through them.  They do have an options for Cricket but again you would have to use email to post but you can receive through text messaging without a problem.

This Phone comes with it’s own Email application so you would just use the phone to do the emailing. I’ve not gotten this phone just yet because Cricket won’t let me test it out but I am going to assume that with this phone having email capabilities, you can get around the twitter problem very easily.  You can use Twittermail to send and receive through your email application.   You can receive replies to your email address almost instantly.

Unlike Identi.ca, you can only send to Twitter but can’t receive any updates on twitter.   You could however start using Identi.ca exclusively but that would be torture because most of your friends are using Twitter. I wish Cricket would let me test this phone out and find out other secrets for my users.

The Motorola Evoke QA4 has an Email application on it too but right now it is $279 and is on pre order.  I am expecting this to also be able to send and receive email just like the QA30 Hint from Cricket.  If anyone wants to submit a review on either phone just [intlink id=”995″ type=”page”]email me or contact me through other services[/intlink] and I’ll give your credit to the review.

*update*

Looks like Cricket Wireless is providing use with a twitter app call Twit Twit. I haven’t played with it but I find it is at least a nice gesture on their part. If anyone has played with this application, I would like to hear how well this does!!

Upgrading to Twitter Pro — ztrx.net Phishing attempt in the wild!!

Paul

I just got this alert from a friend of mine and I thought I would share it with you.  It looks like there is a new phishing attempt going on with websites try fool it’s users into going http://ztrx.net and From the looks of it. It looks like this:

twitterprophish1

[ad]The message some users got were:

Upgrade to Twitter Pro – Visit http://bit.ly/[CENSORED] to upgrade your account

It seems that if you get this message on your account you should report it to @Spam and let them know. If you happen to get given out your password it is strongly recommended that you reset your password to prevent any further unauthorize access to your accounts. You should change your password as soon as possible. This is the first attempt they have tried this this weekend so be on the look out for more phishing attempts.

New Spam Campaign for Cooltweeting.com

Paul6 Replies

I got an Email that shows that people are giving out there twitter accounts password for a Free Mac book air. I did a Search for cooltweeting.com and well you take a look.

twitterspam-cooltweetingcom2

The Site Cooltweeting.com looks to be a phishing for your information by wanting you to do this:

twitterspam-cooltweetingcom3

[ad]As you can see this looks pretty simple and some users would think this is true. I do wonder how I am going to receive email from them if they don’t have my email in the first place? You have to read the fine print on this one here I will make it bigger:

You agree to receive emails from trusted 3rd parties containing special offers and promotional emails.

Powered by BrandGivewayCentre.com. BrandGivewayCentre.com is an independent rewards program and not associated with any of the above listed merchants or brands. The above listed merchants or brands in no way endorse or sponsor BrandGivewayCentre.com’s offer and are not
liable for any alleged or actual claims related to this offer. The above listed trademarks and service marks are the marks of their respective owners. BrandGivewayCentre.com is solely responsible for all Gift fulfillment. In order to receive your gift you must: (1) Meet the eligibility requirements (2) complete the rewards bonus survey (3) complete the number of sponsor offers in the redemption instructions
(4) Follow redemption instructions.

As you can see you will have to complete a number of offers to get this macbook.   I also check out the  source page for this so called page and here is what I find:

twitterspam-cooltweetingcom4

Now we see  there is a a file on the server called “viraltweets.php” which we can’t access because it is a protected file and even though they say they don’t store this that doesn’t mean they don’t grab your email address and other personal information while they send this tweet out.   afterall if you read the fine print, you agree to recieve emails from third parties?  which begs the questions how do they get your email and other information?  They will get it through your twitter account.     As we know the from time to time it isn’t always a good idea to give out your twitter password because it can be easily abused.   This is definately just spam.  If you do use this page you will probably start getting even more email spam.   They obviously have a way to unsubscribe but that usually is used to just confirm you have an email address.    I will let you decide if it is worth a macbook or not but you’ll probably have to pay 2 times as much in offers just to get the macbook in the first place.

Personal Antivirus just scareware

Paul10 Replies

I was going through checking a site brought to my attention from a reader and I went there and yep he told me it might be [intlink id=”3114″ type=”post”]scareware[/intlink] and it was:

mailware-live-pro-scanv1-1

If you click “Cancel” or “Ok” you will still get to this page:

mailware-live-pro-scanv1-2

[ad]It is on the Malicious site : http://maleware-live-pro-scanv1.com.  You can also see it tries to scare you with the tactic of  knowing your IP address and where you are in the world, it’s called Geo-ip Location.   It tries to convince you have a virus, but in reality it is just trying to scam you out of money.   Although if you go to the site you will see that there is no company information.  That is the first clue this is a scam or scareware.

Personal Antivirus gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices.   This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by.   This software is fake ware, it tries to tell you have a virus and that they can get rid of it.   In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question.   Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

*[intlink id=”4403″ type=”post”]Personal Antivirus Scareware Site and How to Remove it[/intlink]*

Threat to System : Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware. Most of the time if you have one Trojan, you usually have more.  Personal Antivirus has been know to have some type of program installed on the system in question and should be removed.

I recommend :

[ad#SUPERAntiSpyware]

On a side not, if you are wondering why I think I know I am not infected with these virus for those who are probably asking that question is because I already have a [intlink id=”2205″ type=”page”]dependable free anti-virus[/intlink] software installed.  Don’t forget to visit the Forums for other ways to watch for spyware or scareware.   I will always recommend buying antivirus software from vendors you know and not ones that are fly by the night scams.