New Rogue Uses Fake PC Magazine Review
Yesterday, the good folks at BleepingComputer posted removal instructions for a rogue antivirus (please see, Internet Plague – Rogue Antivirus) that is demonstrating a new behavior…
Quote: “Anti-virus-1 is a new rogue anti-spyware program from the same family as Antivirus 2010 and Antivirus 360. This program is promoted primarily through two methods. The first is through the use of advertisements that pretend to be online anti-malware scanners. These advertisements go through what appears to be a scan of your machine and then when finished, state that your computer is infected and that you should download Anti-virus-1 to protect yourself.
Remember, though, that this is just an advertisement and it has no way of knowing what is running on your computer. The second method that is used to promote this rogue is through the use of Trojans. When certain Trojans are installed on your computer they will display security alerts stating that your computer is infected or that you have some other security risk. When you click on these alerts, it will download and install Anti-virus-1 onto your computer…”
But that is not the new part, the new behavior adds entries to your HOSTS file so that if you go to any of a number of technology sites, including pcmag.com, you are instead brought to their site and are shown the malware author’s content. This content includes a doctored PCMag review of their fake anti-malware product.
For more on the story, click here.
And for removal instructions, click here.
A big tip of my geek hat to BleepingComputer.
Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Anatomy of a Phish
“Dear Wells Fargo customer,
Security and confidentiality are at the heart of Wells Fargo. Your details (and your money) is protected by a number of technologies, including Secure Sockets Layer (SSL) encryption.
We like to notify you that Wells Fargo carries out customer details confirmation procedure that is compulsory for all our customers. This procedure is attributed to a routine banking software update.
Please visit our Customer Verification Form using the link below and follow the instructions on the screen.”
There are several things wrong here, and I hope you detect them. Loyal Friends and True to this series should recognize a couple right away. (And if you remember this recent article, the word “compulsory” might have rung a bell.) Here’s how the e-mail actually looks.
* One BIG clue is that in this case Hotmail has detected the Sender and the true source don’t match. That means the Sender has been “spoofed”. The red shield and warning doesn’t always mean a phraudulent e-mail, but 9 times out of ten it does.
* The next clue is the two “Bcc” recipients.. similar in name, but completely unrelated. Why are they there?
* There is some poor grammar.
* The next clue is that I don’t currently bank at Wells Fargo. I haven’t in, oh, about 20 years.
* Another clue is that e-mail contains a hyperlink (you are always suspicious of e-mail hyperlinks, right?), and that hyperlink is a little bit “off”. Yes, it says “wellsfargo.com”.. but what’s the www4? And all that other garbage?
* (now this is interesting) when you place the cursor on the URL (hyperlink), the actual link– shown in the lower left of the bottom bar of Internet Explorer — are different. Clicking on the link that says “www4.wellsfargo.com/blah blah blah” will REALLY take you to someplace called “online7.wellsfargo.com.bnk7.co.uk/blah blah blah”.
Now.. why would they want to put a hidden redirect as the link? Hmmm?
* And lastly, (as you know) legitimate businesses never send you important information, requests, or “notices” via e-mail.
This is a classic phish. It is an attempt by cyber-criminals to get you to visit a webpage they have created which looks very much like a Wells Fargo web page. On that page you will be asked to enter your Wells Fargo logon/password, all your person information, and banking details. When you’re finished giving your identity away, and handing them the keys to your bank account, you will be thanked for your cooperation and “bounced” to the real Wells Fargo website.
Game over.
Surely.. nobody falls for this anymore, right?
Wrong. The experts will tell you that cyber-criminals have a harder time moving all the money they steal than anything else.
But, if I clicked the link.. and I filled out the “compulsary” Customer Verification Form.. and basically just handed my information over.. is it really stealing?
Tip of the day: Be savvy. And that means always be suspicious and wary. Look for the tell-tales.
Copyright 2007-8 Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
|
|
|
|
|
 |
|
|
|
 |
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 