Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Facebook Password Reset Confirmation! Your Support.

E-mail Attachment Delivers Virus – Old Tricks Die Hard

I got another e-mail from “Facebook support”. This one tells me that my password has been reset, and my new password is contained in the attached Zip file.
[update: I just got two more. This time from “Facebook Networks”, and “Facebook Messages”.]

“Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.”

Facebook_zip

According to Sophos, the malware inside the .zip is: Malware: Mal/TibsPk-A

Virus Spyware

“About this threat:

Mal/TibsPk-A is a malicious program that contains highly obfuscated code that has been encrypted and compressed. This program typically arrives in the form of a hoax email with an accompanying file attachment.

This program tends to:

Short version: open it and you’re thoroughly hosed.
Sophos continues..

“Fake package delivery or password reset messages trick users

This week, Mal/TibsPk-A arrived as an email attachment in a variety of ways. A typical email containing this malware can be one of the following formats:

Subject: Facebook Password Reset Confirmation! Customer Support.
Attached file: Facebook_password_<random characters>.zip
Subject: DHL Office. Please get your parcel
Attached file: DHL_Label_<random characters>.zip
Subject: Amazon Shop! Your order has been paid! Parcel NR.5014.
Attached file: Postal_label_&ltrandom characters>.zip”

two more attacks same day

two more attacks - same day

I cannot stress enough to you, Dear Reader, that cybercrime is a bigger industry than the illegal drug trade, and they are stealing billions every year. Why not? All it takes is one wrong click!

Don’t be a victim. Exercise “paranoid common sense” when online. This is just one “for instance”.. sent to tens, maybe hundreds, of thousands of e-mail addresses (I never have signed up for Facebook).
Oh, .. and visiting here regularly can help.

Unrelated: Do you like free software? Own a laptop? See my current software license giveaway: Software License Giveaway Drawing. Entering is easy.

Copyright 2007-2010 © Tech Paul. All Rights Reserved. jaanix post to jaanix.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

March 24, 2010 Posted by | cyber crime, hackers, Internet, Internet scam, News, security, spam and junk mail | , , , , , , , , , , , , , , , | Leave a comment

I’m Really Looking For New Friends

There is a *new* phishing method being employed on chat clients such as Skype. The cyber-criminals really, really, really want you to click on the links they send, so…
SkypePhish2

They spam messages posing as young men and women who are “really just looking for new friends”.
It is similar to a “make a new Buddy” request, so don’t be fooled.

This is really just a ‘sex’ twist on the ‘fear’-based social engineering ploy I warned you about here, Skype- “Windows Requires Immediate Attention!”

I am too tired of this game to backtrack this hyperlink, so I can’t tell you if responding to this chat will try to install spyware on your machine, try to sell you a “rogue anti-malware program”, or both..
I will simply say — once again — never click the link.

I got six of these this weekend.. Wow! I’m popular, all of a sudden.

[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, “Please report users who send these messages to abuse@skype.net – that will help us to block them where appropriate.”]

Today’s free link: You are probably familiar with anonymous e-mail addresses, used when filling out forms on Websites (so you can gain access) to protect your privacy and cut down on junk mail. It is becoming more and more common for your ISP to provide you with some [I always just use nunnof@your.biz].
Internet Security blogger Bill Mullins posted a nice article this same type of service, except it is ‘temporary’ private telephone numbers (and he reviews two of them) here, Free Anonymous Phone Numbers for Online Safety

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

September 29, 2008 Posted by | advice, anti-spyware, computers, cyber crime, e-mail, hackers, how to, IM, Internet, Internet scam, kids and the Internet, News, Phishing, phraud, security, spam and junk mail, tech, VoIP | , , , , , , , | 3 Comments

Another advantage of credit cards..

LONDON (Reuters) – Prices charged by cybercriminals selling hacked bank and credit card details have fallen sharply as the volume of data on offer has soared, forcing them to look elsewhere to boost profit margins, a new report says.*

Yes, folks, you read that right. If you want to buy a stolen credit card and PIN, now’s the time because the price has never been better. A Platinum card — guaranteed to be “fresh” and work when you use it — can be had for $20.

This is because hackers have been so successful at planting Trojans on your machines, poisoning websites, and getting people to provide their identities through phishing (spam) e-mails, and using their botnets, that they simply have too much product.

We aren’t just losing the war on cyber-crime, we’re not even fighting one.

So.. since stolen credit cards are now a dime-a-dozen, what is the “shadow economy” organized cyber-criminal to peddle? “New types of stolen data are now commanding a premium, such as patient healthcare information that can be used for insurance fraud or to illicitly acquire and sell medicines.

Other premium data includes business information, company personnel files and intercepted commercial emails.”

Yikes.

These kinds of news stories, and reports, never seem to make make the front page or headline the news. Billions are being stolen from us, every year, the problem is growing, and we don’t seem to care.

And the media doesn’t like finding the “guilty party” in this kind of story because the truly guilty are us.
* From a security perspective, the Internet is completely broken and needs to be scrapped and rebuilt. Nobody knows how to “fix” the old structure. The headline, Tech Experts Are Baffled isn’t very reassuring to the public, and that might lead to the dreaded “consumer confidence” failure.

* We –the common everyday Internet surfer– can’t be bothered with securing our machines, or even learning enough of that “tech stuff” to realize our PC’s are not convenient toys.
“Why get a new Vista or Mac computer? My Windows 98 machine lets me get on the Internet and play BlackJack..” How many times have I heard that???
Some experts say that 75% of all the computers are infected with malware. Wonder why?
What does this story’s headline look like?

* We –the common everyday Internet surfer– KEEP clicking on e-mails that promise us free iPods, or tell us that there’s 750,000 Pounds Sterling waiting for us to simply pick it up.
What does this story’s headline look like?

Awww, I’m getting depressed, angry, and.. frustrated. We deserve to have our identities stolen, and we can’t blame the smart people for taking it from us when it’s this easy.

Yes, a lot of this is not our fault. The Tech Industry continues to sell us crappy products, and would rather be first to market than to check the security of their technology. I wrote about this here, How the Tech Industry is Failing You.

* To read the whole news story which triggered today’s rant, click here.

To visit Finjan (one of the article’s sources) and look at their quarterly analysis of the state of Web security and cyber-crime, click here.

I apologize. I didn’t mean to bring you down. But if you think you can take more, why not read about how the credit card companies are putting unsecured transmitters into your cards now, so a criminal can pick your pocket wirelessly! Credit Card 2.0.

Don’t you just love the folly of Man?

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

July 15, 2008 Posted by | advice, Apple, computers, cyber crime, Internet, Internet scam, iPhone, PC, security, tech, Vista, Web 2.0 | , , , , , , , , , , , , | 2 Comments

Keeping kids safe on the Internet, cont.

Today is one of those “good news, bad news” kind of days, and the headlines bring me back to a topic I have discussed before– keeping your kids safe(r) on the Web. I wrote a four-part series of articles on (preventative) security steps you can take, and since that has been a while ago now, I would like to take a moment and refer you back to them: to read them, click here.

Loyal friends of this site know that I have an emphasis on computer security, that I take the subject seriously, and that I intensely dislike digital Evil Doers. And so, my readers will not be surprised to learn that I cheered when I saw this headline: “Child porn hacker sentenced to 110 years in prison”.
110 years. That’s a long time.

This particular fella, who got caught, is an example of why it is so important for people to truly and fully comprehend that the Internet IS a dangerous place… and why taking the time and making the effort to put some security measures in place is so important. Can you tell? It’s kind of a passion of mine.

This creep, Ivory Dickerson, of N. Carolina, sent phishing emails or instant messages to female teens trying to trick them into opening a malicious file. If the victims clicked on the file, a trojan was downloaded to their machine, which gave Dickerson and his accomplice remote access to the victims’ PCs. They then attempted to persuade and force the victim to send him erotic images of themselves. If the victims did not comply, Dickerson threatened to hurt their family members or post nude images of them on the web.
He is said to have hacked “more than 100” computers. (To read the Prosecutor’s public statement, click here.)
He was caught because some victims told Law Enforcement that their My Space profiles had been hacked. But since one of the counts was possession of child pornography.. he must have had ‘success’ with some of his targets.

So that’s the good news: they caught one of these… (be nice Paul. This is a public forum.) bad guys, and he didn’t just get a slap on the wrist. (As opposed, say, to this ex-Judge.) But the bad news is, of course, that these guys are out there. And they use the Internet to prey on your kids (The Web is not their only method; I’m not saying that. It’s just one of their vile methods).
If you are a parent, it seems to me that it would be a very good idea to get educated about how these creeps work (the articles mentioned above are a decent resource and have links to other help), about what your kids are doing (and saying) when they are online, and install the software that will help you be proactive. Then, talk with your kids. Your child may be “tech-savvy”, but are they “predator-savvy”?

Is your machine protected? I hope so, because — this from the More Bad News Dept, — F-Secure has reported that malware detections (reported infections: naturally, a lower number than actual infections) have doubled in the last year. These deliberate attacks on our machines are only going to get worse, and it is too early to tell if Vista’s better protection is going to help stem the tide.

Some good news is I am here (six days a week and advertisement-free) doing my best to bring you the tips and how-to’s for a better computing experience. I invite you, as always, to peruse my archived titles and to send me your comments.

That was a little depressing, so..
Today’s free link: I am the type of guy who thinks that Calvin and Hobbes was simply the best comic strip ever (though…Dilbert is a “must read”) and nothing can put a smile on my face faster than a look back at those wonderful frames. If you would like to look at some, check out Digital Calvin and Hobbes.

Copyright 2007 © Tech Paul. All rights reserved.

Share this post :

December 6, 2007 Posted by | advice, computers, how to, kids and the Internet, PC, security, tech, Windows | , , | 1 Comment