Category: Spam

Hotmail accounts get compromised!!

Paul8 Replies

I received an email on a list and wanted to warn people:
[ad]

Dear friend,
i would like to introduce a good company who trades mainly in electornic products. Now the company is under sales promotion, all the products are sold nearly at its cost. They provide the best service to customers,they provide you with original products of good quality,and what is more,the price is a surprising happiness to you! It is realy a good chance for shopping.just grasp the opportunity,Now or never!
The web address: http://www.nekcn.com

Seems this is being sent from Hotmail accounts. There are a number of ways someone could be getting a hold of your email address. According to Microsoft forums this seems to delete your email contacts and also send out this in the same time. This seems to be a new spam campaign for this one company. I would guess someone bought advertising from this company and the advertiser is doing some really unmoral things.

There are several ways someone hotmail account could be sending out these emails. It could be a [intlink id=”2650″ type=”post”]phishing attempt like they did with Twitte[/intlink]r. They could of done a dictionary attack on each account to find the password, that I why [intlink id=”2646″ type=”post”]I suggest having a password generator[/intlink]. It could of been a virus, and if that is the case you would need to [intlink id=”2205″ type=”page”]check your system out for the virus[/intlink]. I would guess it is the first two, because I am unsure of if you can have pop3 account or not. I don’t use Hotmail but people seem to be using it.

If you recieve this email, I’d email the account responsible to let them know that they have sent this.  I would also like to know if it was a virus or how they account got compromised.   Remember only you can prevent from getting a virus, nothing else works better than yourself.

New spam Campaign — Casino Anyone?

Paul

Looks like there is a new Campaign going on with regards to having VIP access.

geocitiesspam

So I go to the site:

geocitiesspam1

[ad#cricket-right-ez]

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

  • This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]

  • It also Changes your Autoexec.bat file.  (Not good)

  • Changes access flags on several different program (not good either)

  • It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.

  • It looks like it connects to the servers every time you boot up!! (Not good either)

I don’t know what it is trying to do but everything I see about this file makes me think this is trying to avoid virus detection.  I ran Kasperky and Avast file check, it came up clean.   I think what happens is you download the virus after you install this software.  I wouldn’t download this or install it, even though it advertise you 800% free that has to be scam or just a flat lie to get you to install software.  Everything about this program doesn’t make me want to to install this software, although it doesn’t seem to be a virus.  It however does make me want to delete the file.  Remember to use[intlink id=”2205″ type=”page”] Anti-virus and Firewalls[/intlink], that is your first line of defense.

I hate Snopes Spam

Paul

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.
[ad#ad2-right]

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

  • Is it completely True?

  • Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)

  • Does it Say to Forward? (if so it is probably not wise)

  • is it from a Friend (If so you might want to remind the friend nicely that it isn’t nice to send spam)

If you follow some of these suggestions you’ll be making the Internet a far better place for everyone.  Remember if you don’t know, it’s time to learn.  if you do know, it is time to teach.  These are the fundamental aspects of using the internet the right way.  Also if it is a fake virus warning you should tell them to get a Free Anti-virus and Firewall to better protect them.  Also  remind them that if they keep their system updated then they shouldn’t be too worried.  Remember only you can prevent a Computer Virus and it’s up to you keep your system up to date.

Rogue Fake Codecs on the Rise

Paul

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

[ad#ad2-right]As you can see this makes you have very little security with your system.  I talk about Identity theft, and why you should always worry about your identity.   This however will make your passwords less secure and maybe even compromise you system to the point of having a data breach.   You need to be careful when you come by this, some fake codecs have been know to be scareware.  In which, the fake codecs installs a Trojan to tell you have a virus and try to make you buy a fake program to get rid of the Virus.  In one of my recent posts about Codecs and Facebook, I talked about the K-Lite Mega Codec Pack and how that will prevent you from installing these sociable links from friends and family.  The nice thing about this pack is it install all the really good codecs that you might come across on the web.  If you have this installed and there’s a website that says you need a special codec, you’d know that it is either a fake codec or the author who made the video doesn’t standardize.   In which case you will be more willing to leave that site without installing that codec.

If you follow these steps and also consider installing an Anti-virus and Firewall, you will be in a much better shape then when you first started out. Remember only you can prevent from getting a virus. You should also consider doing the registry edit that will prevent Autorun. As you can tell these new variants also are spread through USB and other removable media. This is the other way these programs are using to infect other systems.