All Posts by Paul

Upgrading to Twitter Pro — ztrx.net Phishing attempt in the wild!!

Paul

I just got this alert from a friend of mine and I thought I would share it with you.  It looks like there is a new phishing attempt going on with websites try fool it’s users into going http://ztrx.net and From the looks of it. It looks like this:

twitterprophish1

[ad]The message some users got were:

Upgrade to Twitter Pro – Visit http://bit.ly/[CENSORED] to upgrade your account

It seems that if you get this message on your account you should report it to @Spam and let them know. If you happen to get given out your password it is strongly recommended that you reset your password to prevent any further unauthorize access to your accounts. You should change your password as soon as possible. This is the first attempt they have tried this this weekend so be on the look out for more phishing attempts.

New Spam Campaign for Cooltweeting.com

Paul6 Replies

I got an Email that shows that people are giving out there twitter accounts password for a Free Mac book air. I did a Search for cooltweeting.com and well you take a look.

twitterspam-cooltweetingcom2

The Site Cooltweeting.com looks to be a phishing for your information by wanting you to do this:

twitterspam-cooltweetingcom3

[ad]As you can see this looks pretty simple and some users would think this is true. I do wonder how I am going to receive email from them if they don’t have my email in the first place? You have to read the fine print on this one here I will make it bigger:

You agree to receive emails from trusted 3rd parties containing special offers and promotional emails.

Powered by BrandGivewayCentre.com. BrandGivewayCentre.com is an independent rewards program and not associated with any of the above listed merchants or brands. The above listed merchants or brands in no way endorse or sponsor BrandGivewayCentre.com’s offer and are not
liable for any alleged or actual claims related to this offer. The above listed trademarks and service marks are the marks of their respective owners. BrandGivewayCentre.com is solely responsible for all Gift fulfillment. In order to receive your gift you must: (1) Meet the eligibility requirements (2) complete the rewards bonus survey (3) complete the number of sponsor offers in the redemption instructions
(4) Follow redemption instructions.

As you can see you will have to complete a number of offers to get this macbook.   I also check out the  source page for this so called page and here is what I find:

twitterspam-cooltweetingcom4

Now we see  there is a a file on the server called “viraltweets.php” which we can’t access because it is a protected file and even though they say they don’t store this that doesn’t mean they don’t grab your email address and other personal information while they send this tweet out.   afterall if you read the fine print, you agree to recieve emails from third parties?  which begs the questions how do they get your email and other information?  They will get it through your twitter account.     As we know the from time to time it isn’t always a good idea to give out your twitter password because it can be easily abused.   This is definately just spam.  If you do use this page you will probably start getting even more email spam.   They obviously have a way to unsubscribe but that usually is used to just confirm you have an email address.    I will let you decide if it is worth a macbook or not but you’ll probably have to pay 2 times as much in offers just to get the macbook in the first place.

Personal Antivirus just scareware

Paul10 Replies

I was going through checking a site brought to my attention from a reader and I went there and yep he told me it might be [intlink id=”3114″ type=”post”]scareware[/intlink] and it was:

mailware-live-pro-scanv1-1

If you click “Cancel” or “Ok” you will still get to this page:

mailware-live-pro-scanv1-2

[ad]It is on the Malicious site : http://maleware-live-pro-scanv1.com.  You can also see it tries to scare you with the tactic of  knowing your IP address and where you are in the world, it’s called Geo-ip Location.   It tries to convince you have a virus, but in reality it is just trying to scam you out of money.   Although if you go to the site you will see that there is no company information.  That is the first clue this is a scam or scareware.

Personal Antivirus gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices.   This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by.   This software is fake ware, it tries to tell you have a virus and that they can get rid of it.   In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question.   Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

*[intlink id=”4403″ type=”post”]Personal Antivirus Scareware Site and How to Remove it[/intlink]*

Threat to System : Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware. Most of the time if you have one Trojan, you usually have more.  Personal Antivirus has been know to have some type of program installed on the system in question and should be removed.

I recommend :

[ad#SUPERAntiSpyware]

On a side not, if you are wondering why I think I know I am not infected with these virus for those who are probably asking that question is because I already have a [intlink id=”2205″ type=”page”]dependable free anti-virus[/intlink] software installed.  Don’t forget to visit the Forums for other ways to watch for spyware or scareware.   I will always recommend buying antivirus software from vendors you know and not ones that are fly by the night scams.

Facebook and Twitter Phishing going on today!

Paul

According to Techcrunch we have one phishing site ground around peoples inboxes on facebook with it say “Check areps.at”.  You go to the site and you will think your at the facebook login but your not.  I wouldn’t suggest going to any of these sites, it has been reported by Phishtank.

[ad]Some of the sites to avoid today are : “nutpic.at, bests.at, areps.at, kirgo.at” each site will make you think your at facebook but this is what most will call a [intlink id=”3419″ type=”post”]Phishing scam[/intlink].  Some other things to avoid are some Twitter phshing going on today as well.

According to Trend Micro there is one where the url looks like it is a twitter url but isn’t (tvviter[dot]com).  The site is what people would call a typosquatting site.   This makes people think they are on twitter but aren’t.   If you go to these to sites and have given out your passowrd, it is strongly recommended that your reset them:

Facebook password reset page

Twitter password Reset Page

If you would like to know more about what phsihing is please check out my blog for more information.  Don’t forget to check out the forums for more information on this or just to talk about anything on your mind.

*Some reports I am seeing is some of these sites might be trying to get you to install the [intlink id=”2249″ type=”post”]Koobface virus [/intlink]so please be careful, will update when I find out more.*

Spyware : Michelle Obama’s Ta’s Ta’s Video

Paul1 Reply

I love this one, I was reading the Sans Report about Michelle Obama Ta’s Ta’s on Video.  I wanted to investigate this a little further so I went searching around.  I found some comment spam links to a site I will not talk about the links directly.  The site however had a fake video on it :

michelleobamatoplessfake

It looks like if you hit Cancel or Details it keeps trying to tell you need to install an ActiveX Object.   It also makes the user think that there is only one option to use right now.   As you can tell  it makes you think you can’t cancel or get details but I did.  I tried to cancel and it kept on popping up trying to get you to install this active X installer.   AVG detects it as:

michelleobamatoplessfake1

[ad]This proves the fact that any Anti-virus software is better than nothing at all.   I also  have talked in the past about [intlink id=”2991″ type=”post”]fake codecs and how they are used maliciously[/intlink] to spread malware to people who aren’t up to the job.   I didn’t take long to find Phrases such as “Michelle Obama Topless” or “Michelle Obama Topless Video” to find spam comments linking to sites that are hosting these types of malware.  It seemed that in order to get out of the cycle with the Malware site, I had to do a CLT-ALT-DELETE and End the process of Internet Explorer process from Task manager.  It was an infinite loop and could not be closed any other way.  upon trying to go the link again it seems to be a random redirection every time you visit that site the next time I went there, I had a scare message pop up telling me:

michelleobamatoplessfake2

As you can tell this [intlink id=”3397″ type=”post”]pops up with scareware[/intlink] instead of the video and tries to tell you have a virus and you should run a free scan from the site of their choice.   This is an old tactic and still being used but funny if you look at that message one you know it is from a “Webpage” and two there are at least one grammar error?  Can you see it?

You’re best bet is not to go clicking on links that people have left in comments.   I am so glad I have moderation turned on and I have to approve each and every post someone comments on.   This is the only way I know how to prevent from being used in the spam campaign.  Remember it is time to update your [intlink id=”2205″ type=”page”]Anti-virus and Firewall [/intlink]if you don’t already have it.  Don’t forget to visit the Forums and help discuss this problem in detail.