Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Skype Malware Now Attacks Apple?

Chat Message Scares Reader Into Installing Malware

Surprise! Today I was reminded that criminals are once again using Skype to send phishing “chats” in an attempt to defraud you and trick you into installing a virus. So, I am – again – re-posting this article. It is the exact same ruse I first warned of in early 2008, but (again) the name has changed, as well as a few other details…. see if you can spot them.

Today a Skype chat window opened on my machine, and presented me with a dire warning from someone named “Software Update”, “Registry Scan Online®”, “OnlineUpdate.org”, “OnlineRegistry®” Today’s flavor (I think it was “Update Instructions”..).

It said that “WINDOWS SYSTEM REQUIRES IMMEDIATE ATTENTION” and, it provided me with a solution… a “repair utility”.

Please, folks, tell me you have spotted this for what it is. Please tell me that you knew –instantly– that this is a cybercrime attempt; that it is Phraud-ulent. (I mean.. there are clues aplenty!)

Please tell me that you know what will happen if the link provided in this message is clicked; and, please, please, please tell me you would never click the link.

This “hacker” criminal attack will reappear every so often (roughly every 90 30 days) with a slightly different name and URL… It is a classic scareware attack. They just send these chats to all the Skype users whose name starts with A.. then to the B’s, then C’s.. etc.

Just in case you aren’t sure:
*Software Update”, “Registry Scan Online ®”, Today’s flavor, doesn’t exist.
*http://www.onlinemonitor.info”, “http://www.registryscan.com”, Today’s flavor, is not registered in ARIN (the registry of Internet addresses).
* clicking the link will allow scripts to run, and/or take you to a poisoned Website which will install malware on your machine, or/and it may take you to a site that will sell you a rogue anti-spyware program (please read my article, Is that antispyware program really spyware?).

* Microsoft DOES NOT alert you via Instant Messaging. No legitimate company does. Period. Ever!
This is a classic example of a hacker’s attempt to get you to click their link.

All of this so they can rip you off. It’s these cyber-criminal’s full time job.

Please point your less-savvy friends and family to this article and educate them to the dangers of spam (unsolicited) messages and tell them– NEVER CLICK THE LINK. (Yes, I am shouting. 2010 is days away 2011 is here, and I still have to say this everyday.. Sigh.)

Note: while this article directly references the (VoIP client) Skype, you may see this type of thing in other Instant Messaging/Chat programs, and social networking communications.

[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, “Please report users who send these messages to abuse@skype.net – that will help us to block them where appropriate.”]

… Folks.. well, let me put it to you this way: if this concept is new to you, and comes as a surprise; if you never heard of such a thing .. that someone could make a window pop open, and tries to scare you into providing your credit card number, and will put viruses on your machine.. if you “googled it” because you were not sure if this “alert” was ‘legit’, I am going to do you a favor: I am going to suggest to you that you seriously reconsider the nature of the Internet. And suggest you subscribe to my email newsletter. (This stuff is so old now, and so well known, I almost don’t bother to post it. Where have you been?)

IRS phishing already???Please Update Your Details

These guys never quit, folks. ‘Cuz there’s a sucker born every minute. Please don’t be one: use some good, healthy “paranoid common sense” when online.

BTW — if something works on Windows, it ain’t gonna work on Apple (and visa versa). That’s a clue..!

Today’s recommended reading: A FREE Way to Monitor Your Kids Online Activity
If you are a parent who has children who use the computer to access the internet it is very important that you educate yourself and your child about the dangers of the internet. It is important to have strict guidelines in place on their computer usage and a method to supervise and monitor their online activities.

Today’s free downloads(s): I have assembled on my Website a collection of links to the best free anti-malware programs to help you prevent infection.. and clean up if you’ve been infected. To see them, click here.

Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

January 24, 2011 Posted by | computers | , , , , , , , , , , , , , , , , | 14 Comments

Facebook Password Reset Confirmation! Your Support.

E-mail Attachment Delivers Virus – Old Tricks Die Hard

I got another e-mail from “Facebook support”. This one tells me that my password has been reset, and my new password is contained in the attached Zip file.
[update: I just got two more. This time from “Facebook Networks”, and “Facebook Messages”.]

“Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.”

Facebook_zip

According to Sophos, the malware inside the .zip is: Malware: Mal/TibsPk-A

Virus Spyware

“About this threat:

Mal/TibsPk-A is a malicious program that contains highly obfuscated code that has been encrypted and compressed. This program typically arrives in the form of a hoax email with an accompanying file attachment.

This program tends to:

Short version: open it and you’re thoroughly hosed.
Sophos continues..

“Fake package delivery or password reset messages trick users

This week, Mal/TibsPk-A arrived as an email attachment in a variety of ways. A typical email containing this malware can be one of the following formats:

Subject: Facebook Password Reset Confirmation! Customer Support.
Attached file: Facebook_password_<random characters>.zip
Subject: DHL Office. Please get your parcel
Attached file: DHL_Label_<random characters>.zip
Subject: Amazon Shop! Your order has been paid! Parcel NR.5014.
Attached file: Postal_label_&ltrandom characters>.zip”

two more attacks same day

two more attacks - same day

I cannot stress enough to you, Dear Reader, that cybercrime is a bigger industry than the illegal drug trade, and they are stealing billions every year. Why not? All it takes is one wrong click!

Don’t be a victim. Exercise “paranoid common sense” when online. This is just one “for instance”.. sent to tens, maybe hundreds, of thousands of e-mail addresses (I never have signed up for Facebook).
Oh, .. and visiting here regularly can help.

Unrelated: Do you like free software? Own a laptop? See my current software license giveaway: Software License Giveaway Drawing. Entering is easy.

Copyright 2007-2010 © Tech Paul. All Rights Reserved. jaanix post to jaanix.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

March 24, 2010 Posted by | cyber crime, hackers, Internet, Internet scam, News, security, spam and junk mail | , , , , , , , , , , , , , , , | Leave a comment

Windows Does Not “Requires Immediate Attention”…*

Chat Message Scares Reader Into Installing Malware

Folks, criminals are once again using Skype to send phishing “chats” in an attempt to defraud you. So, I am re-posting this article. It is the exact same ruse I first warned of in early ’08, but the name has changed.
This attack will reappear every so often with a slightly different name and URL… It is a classic scareware attack.

Yesterday a Skype chat window opened on my machine, and presented me with a dire warning from someone named “Software Update” “Registry Scan Online®” Today’s flavor (I think it was “OnlineUpdate.org”..). It said that “WINDOWS REQUIRES IMMEDIATE ATTENTION” and, it provided me with a solution.  SkypeCon

(Click on image to see large version)

Please, folks, tell me you have spotted this for what it is. Please tell me that you knew –instantly– that this is a cybercrime attempt; that it is Phraud-ulent.

Please tell me that you know what will happen if the link provided in this message is clicked; and, please, please, please tell me you would never click the link.

Just in case you aren’t sure:
* “Software Update”, “Registry Scan Online ®”,  Today’s flavor, doesn’t exist.
* “www.onlinemonitor.info”, “www.registryscan.com”, Today’s flavor, is not registered in ARIN (the registry of Internet addresses).
* clicking the link will allow scripts to run, and/or take you to a poisoned Website which will install malware on your machine, or/and it may take you to a site that will sell you a rogue anti-spyware program
(please read my article, Is that antispyware program really spyware).

* Microsoft DOES NOT alert you via Instant Messaging. No legitimate company does. Period. Ever.
This is a classic example of a hacker’s attempt to get you to click their link.

All of this so they can rip you off. It’s these cyber-criminal’s full time job.

Please point your less-savvy friends and family to this article and educate them to the dangers of spam (unsolicited) messages and tell them– NEVER CLICK THE LINK. (Yes, I am shouting. 2010 is days away, and I still have to say this everyday.. Sigh.)
[Note: while this article directly references the VoIP client Skype, you may see this type of thing in other Instant Messaging/Chat programs, and social networking communications.]

[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, “Please report users who send these messages to abuse@skype.net – that will help us to block them where appropriate.”]

Today’s free downloads(s): I have assembled on my Website a collection of links to the best free anti-malware programs to help you prevent infection.. and clean up if you’ve been infected. To see them, click here.

December 28, 2009 Posted by | computers | , , , , , , | 2 Comments

An Infection Has Been Detected!

Online crime is bigger than the global drugs trade¹. The Internet shadow economy is worth over $105 billion. No country, no person, no business and no government is immune from cybercrime.

Currently there is an epidemic of fake anti-malware software on the Internet– which is collectively called “rogue anti-malware“ and/or “scareware“. Marketed under hundreds of different names, such as VirusRemover 2008 and Antivirus XP 2009, this type of rogue software scares people by giving false alarms, and then tries to deceive them into paying for removal of non-existing malware. [update: some of the newer ones are now encrypting your files, and requiring a ‘ransom’ for the key. Don’t pay. There is help online.]

This video shows what happens when a legitimate Website gets infected and redirected to one of these bogus anti-malware scams.
Yes, folks, legitimate websites are being ‘hacked’. (It’s called “poisoned”.)

Please watch, and see what these things looks like (how “real looking”). I repeat, there are thousands of these, being planted on tens-of-thousands of sites.

The people behind this scourge use many different ways to try to entice you to click – realistic looking pop-up windows appear, offers of “free trials” arrive in e-mail, and “free scan” buttons on legit-looking ‘fight malware’ websites.. the means are quite varied!

As this video shows, the user is tricked into (scared into, really) providing their credit card # to clean infections that weren’t there before they clicked and aren’t really there now.
* The ‘false positives’ are not “cleaned” BUT, more adware and spyware is installed.
* A good percentage of my calls at Aplus Computer Aid are folks needing help with getting rid of these rogues. Because these clever programs use the latest techniques to combat removal, and it can be quite tough — if not impossible — to truly remove them.. without formatting your hard-drive.
* For more, please read Is that anti-spyware program really spyware?
* One Website dedicated to combating this epidemic is Spyware Warrior. It has a pretty good list of known rogues, and much more detailed information. Another excellent resource is Bleeping Computer.
* I have written several How-To’s on protecting yourself from malware, and how to clean your machines as well. Click here to see those titles. But I really cannot advise you strongly enough – should you get one of these nasties – to enlist the aid of a Pro. I would tell you that even if I wasn’t one myself!

¹ From a recent MessageLabs whitepaper. (This eye-opening report provides a disturbing look into the ‘dark’ world of cyber-crime. This link is the online version.. you need to scroll a bit..)

Today’s free link(s): Spammers seeking “volunteers” to DDoS White House.
Cybercriminals have begun to capitalize on the vehement debate in the country over health care reform, sending spam targeted at opponents of President Obama.”

Also, it just so happens that Bill Mullins posted a close look at one these, named “Total Security 2009” on his site today. Please see, Total Security 2009 Scareware – Panda Security Takes a Look.

Today’s free download: WOT (Web Of Trust) is a free Internet security add-on for your browser. It’s community-based ratings can help keep you safer from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky Website. It’s easy and it’s free.

  • Ratings for over 22 million websites
  • Downloaded over 4 million times
  • The WOT browser addon is light and updates automatically
  • WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.
  • Settings can be customized to better protect your family (new “Parental Control” setting blocks access to Web sites with a poor child safety rating and no rating at all)
  • WOT Security Scorecard shows rating details and user comments

Orig post: 4/16/09

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

August 22, 2009 Posted by | computers | , , , , , , , , , , , , , , , , , | 2 Comments

Cybercriminals Target Clueless Vacationers

laptop_beach “This guy doesn’t know it, but he’s putty in the hands of cybercriminals. The newest trend in Internet fraud is “vacation hacking,” a sinister sort of tourist trap.

Cybercriminals are targeting travelers by creating phony Wi-Fi hot spots in airports, in hotels, and even aboard airliners.

Vacationers on their way to fun in the sun, or already there, think they’re using designated Wi-Fi access points. But instead, they’re signing on to fraudulent networks and hand-delivering everything on their laptops to the crooks*.”

Please click here to read the rest of this story, and find out what you need to know before you use public “hotspots”.

* emphasis mine.

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

July 20, 2009 Posted by | advice, computers, cyber crime, Internet, News, Portable Computing, security, tech | , , , , , , , , , , , , , , | 3 Comments

Skype Phishing Returns*

Chat Message Scares Reader Into Installing Malware

Folks, after a brief quiet period, criminals are once again using Skype to send phishing “chats” in an attempt to defraud you. So, I am re-posting this article. It is the exact same ruse I first warned of last year, but the name has changed.
This attack will reappear every so often with a slightly different name and URL…

Yesterday a Skype chat window opened on my machine, and presented me with a dire warning from someone named “Software Update” “Registry Scan Online®” Today’s flavor. It said that “WINDOWS REQUIRES IMMEDIATE ATTENTION” and, it provided me with a solution.  SkypeCon

(Click on image to see large version)

Please, folks, tell me you have spotted this for what it is. Please tell me that you knew –instantly– that this is a cybercrime attempt; that it is Phraud-ulent.

Please tell me that you know what will happen if the link provided in this message is clicked; and, please, please, please tell me you would never click the link.

Just in case you aren’t sure:
*Software Update” “Registry Scan Online ®”  Today’s flavor doesn’t exist.
*http://www.onlinemonitor.info” “http://www.registryscan.com” Today’s flavor is not registered in ARIN (the registry of Internet addresses).
* clicking the link will allow scripts to run, and/or take you to a poisoned Website which will install malware on your machine, or/and it may take you to a site that will sell you a rogue anti-spyware program
(please read my article, Is that antispyware program really spyware).

* Microsoft DOES NOT alert you via Instant Messaging. No legitimate company does. Period. Ever.
This is a classic example of a hacker’s attempt to get you to click their link.

All of this so they can rip you off. It’s their full time job.

Please point your less-savvy friends and family to this article and educate them to the dangers of spam (unsolicited) messages and tell them– NEVER CLICK THE LINK.
[Note: while this article directly references the VoIP client Skype, you may see this type of thing in other Instant Messaging/Chat programs, and social networking communications.]

[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, “Please report users who send these messages to abuse@skype.net – that will help us to block them where appropriate.”]

Today’s free link: Pirated Windows 7 leads to malware, botnet

Today’s free downloads(s): I have assembled on my Website a collection of links to the best free anti-malware programs to help you prevent infection.. and clean up if you’ve been infected. To see them, click here.

Related: Bill Mullins has posted a very complete tutorial, Think You Have A Virus?– Some Solutions, which is quite probably the best one-stop lesson on malware I have ever run across. (I also recommend his How Fake/Rogue Software Affects Real People.)

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

May 13, 2009 Posted by | advice, computers, cyber crime | , , , , , , , , , , , , , , | 11 Comments

Video Demonstration of Poisoned Search

Cybercriminals are manipulating the Internet to cause their poison websites to appear at the top of search results.

When people click the link, a bogus “scareware” window opens, as I have warned about in several prior articles.
(please see Security Alert — An Infection Has Been Detected!)

This installs a “rogue” anti-malware application. This video from security firm Panda Security shows exactly how this is done, and in this case, the criminal is trying to install MS Antispyware 2009.. which is just one of the thousands of these “rogues”.

I highly recommend that you watch it, as it is showing you two (increasingly common) attacks.. and exactly how a “rogue” looks and acts.

Vodpod videos no longer available.

more about “untitled“, posted with vodpod

Please note: I have one, MAJOR, complaint about this video: it pretty much says that if you have an up-to-date anti-malware (such as an antivirus) on board, you’ll be protected from these things. WRONG! Once you click the links, ignore the the warnings, and click “Run”.. you’re hosed. (And you did it to yourself.)
Telling your machine to ‘run it’ bypasses all your protections.. even Vista’s annoying UAC.

Today’s free link: ErrorRepairTOOL Computer Infection? – Blame Your Search Engine!

Today’s free download(s): The best defense is to NOT click “Run” when you’re not sure. But there are tools you can add to your web browser to help you detect and avoid these poisoned websites in the first place — known as “anti-phishing”. I suggest installing both:
WOT: (Web Of Trust) is a free Internet security add-on for your browser. It will help keep you safer from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky Website. It’s easy and it’s free.
Link Scanner Lite: Automatically inspect search results for exploits, hacked sites, fraud/crimeware, and other online threats. Includes right-click, on-demand scanning of any URL you choose.

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

April 18, 2009 Posted by | advice, computers, cyber crime, Internet, Internet scam | , , , , , , , , , , , , , , , , , | 2 Comments

« Previous Entries