With GoToMyPc you can work from home when you're under the weather.


Protect up to 3 PCs against viruses, Trojans, keyloggers, spyware and web threats, with Trend Micro Internet Security, featuring website malware threat protection and in the cloud instant definition updates.

Between now and May 1, 2014, at 12:59 AM, Save up to 50% on Trend Micro home and mobile security programs


Blog Archives

April 8, 2014

Some best practice rules for XP computers, after final Windows Updates.

April 8, 2014

As I write this it is April 8, 2014. Today marks the final Patch Tuesday Windows Updates for the XP operating system and also for MS Office 2003. Please run Windows Update from all XP computers, sometime around 2PM your time.

Once you have applied these updates and rebooted, you are totally on your own to protect XP computers from malware, viruses and information stealers. Most anti-virus programs will continue to run on XP and will receive updates for at least one more year. But, none that I have looked into have any real long term commitments planned, with the possible exception of customers who can pay for ongoing support.

If you must continue operating XP computers for some programs that will not run on Windows 7 or newer, follow best security practices, as outlined below.

This article has extended content.
Continue reading "Some best practice rules for XP computers, after final Windows Updates." »

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

March 12, 2014

Email filter rules to block spam for counterfeit Pfizer products

March 12, 2014

Almost everybody who has used an email account to send or receive email has received 'tons' of spam messages promoting the illicit sale of counterfeit male performance drugs, such as Viagra.

These spam email messages often have the words "Viagra" or "Pfizer" in the From (Sender) field, to try to catch the attention of gullible people, imploring them to click on the enclosed links, leading to fake online pharmacies, selling counterfeit drugs, for which the spammers act as paid affiliates.

The folks that do knowingly click on links to buy Viagra (or Cialis, or Levitra) from these fake pharmacies are bypassing the only protection their country's medical system offers: the requirement to consult your physician and be tested to see if you are able to safely use that drug without the risk of serious consequences, and if so, at what dosage. They are placing themselves at serious medical risk by purchasing unregulated drugs that are produced by counterfeiters in Asia.

Most of the fake Viagra pharmacies dispensing Asian drugs are hosted on Russian domains, owned by Russian and Ukrainian drug spam syndicates using payment portals friendly to cybercriminals.

Last, but not least, Americans who purchase prescription drugs from foreign online pharmacies that ship the drugs to the USA, are violating Federal laws that forbid the personal importing of prescription drugs from abroad. Penalties start with seizure of the packages and may go up to fines and imprisonment for repeat offenders or distributors.

If you are not one of the gullible people who click on links in spam messages and are not interested in even seeing this kind of garbage in your email client's inbox, read on.

As a long-time spam fighter, I have been writing anti-spam filters for use in MailWasher Pro, which is made by Firetrust Ltd, based in New Zealand. I publish my own MailWasher spam filters for others to use, at no charge (other than the occasional donation). Note that these filters are specific to MailWasher Pro.

Lately, I have received a few requests from non-MailWasher users to show how them my spam filters can be "ported" for use in certain desktop email clients, like the long-deprecated Outlook Express or Windows Live Mail and even to Mac Mail. While I cannot "port" my entire filter set to another program, I can explain how particular filters can be composed in say Windows Live Mail, to do basically the same thing. I'll even go one step further and show how Webmasters and domain owners who have websites hosted on servers running cPanel can create custom spam filters to block email for counterfeit Pfizer drugs, or anything else that is known spam.

This article has extended content.
Continue reading "Email filter rules to block spam for counterfeit Pfizer products" »

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

February 23, 2014

Phishing scam targeting NatWest, Royal Bank of Scotland customers

February 23, 2014

I intercepted an email phishing scam today, targeting The Royal Bank of Scotland customers. It uses the abbreviation NatWest, as the sender and in logos on the page. Nat West stands for National Westminster Bank.

Analysis

The sender (From) claims to be: "NatWest Credit Card"
The subject is: Dear (They insert your email address here) Credit Card Online Services
The body text begins with:


Notice

Dear (your email address)
Your access to NatWest Credit Card Online Services is locked out..

Because of that, our security team had to suspend your account.

Please use the link below to unlock.:


The link in the message I received was on a compromised website named: sullivankitchen.com. The fraudsters have created a new folder, or folders, on that website and are using a single index file under /administrator/mobile to forward victims to another file (start.php) on the same website, to the actual location of the phishing page.

The phishing page has logos and other images and links stolen from the NatWest Royal Bank Of Scotland website. They have obviously failed to apply hotlink protection to their images, some of which were embedded from https locations. Example: https://cardservices.natwest.com/RBSG_Consumer/images/NatWest_alert.png

NB: In the footer, at the bottom of the page, is an out-of-date copyright notice, as follows: © 2005-2009 National Westminster Bank plc. This should raise your antennas, as it is now 2014!

This article has extended content.
Continue reading "Phishing scam targeting NatWest, Royal Bank of Scotland customers" »

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

February 20, 2014

Brand new pump and dump scam hits email inboxes

February 20, 2014

I was wondering when they'd make a comeback? Well, they're here! I'm referring to the good old pump and dump penny stock scams, promoted by fraudsters, via spam email messages.

The last time I saw any of these email scams was briefly in December, 2013. Before that the last serious scam run for penny stocks petered out at the end of the summer, 2013. Each one of those pump and dump scams listed a 4 letter stock symbol with a very low valuation, along with grandiose subjects and body text proclaiming that it was about to explode, or was releasing huge news, etc. Recipients were urged to buy in quickly, in huge quantities, which drove the prices up. As soon as those artificial prices peaked, the fraudsters running the scam sold off all of their shares at a profit, leaving all of the later investors holding the bag.

After disappearing for a few months, the penny stock scam has just returned, today, February 20, 2014. This time around, the stock being pumped up is PRFC. The emails are all using the exact same language and template. All have the subject: Very important information. Please read, although this is likely to change by tomorrow. All are sent from botnetted computers. The goal is the same as before. Scammers have purchase huge blocks of super-cheap penny stocks for PRFC and are now using spam messages to pump them higher. If they succeed, it will be at the expense of the people who are fooled by their new newsletter and plain language format.

However, I did find some humor in this batch of scams. Every one of them so far has been signed at the bottom with this text: "Your favorite friend and only broker :)" But apparently, my favorite friend and only broker has multiple personality disorder and is confused as to who he or she is with any given email. Each email has a different name in the From field! So far, my "only broker" claims to be: Noemi Cooke, Markus Robertson, Jasmine Suarez, Arlene Adkins and Leandro Kinney!

I've said it before and will say it again: "A fool and his money soon will part!" Don't be a fool. Never buy anything spamvertised, especially penny stocks. The game is stacked against you by true con men and women. You will not beat them at their own game. Delete pump and dump messages on sight.

BTW: I have updated my MailWasher Pro spam filters to detect and delete these messages for you, if you are also a registered MailWasher Pro user.

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

Adobe Flash Player updated to fix 0 day exploit

February 20, 2014

Today, Adobe released an unscheduled updated version of its Flash Player; the one that nearly every computer and hand held device except Apple iPhones and iPads use to view videos and animations online. The new releases are version 12,0,0,70 for all Windows and Mac OS X operating systems, version 11.2.202.341 for Linux, and 11.2.202.223 for Solaris.

Adobe strongly recommends that users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.70 and folks using 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341.

You can find out what, if any, version of Flash your various browsers are running on the Adobe About Flash page. It contains a link to download the newest version of Flash for you browser and any others you may have installed. Firefox, Internet Explorer and Google Chrome all use different builds of Flash. You update Flash plug-in for Firefox, an ActiveX version for Internet Explorer and Google Chrome itself is updated to include new builds of Flash.

Adobe normally releases updated versions of Flash on a monthly cycle, on the second Tuesday of every month, soon after Microsoft pushes out its Patch Tuesday Windows Updates. However, as fate would have it, the Flash exploit patched today is directly linked to Microsoft's Internet Explorer browsers, but currently, only IE 9 and 10 and only on particular versions of Windows, from Vista up.

So, Microsoft joined with Adobe to plug their interconnected "zero day" vulnerability being exploited in online attacks against specifically targeted entities. While Microsoft hasn't pushed out an out-of-cycle patch yet, they have published a "Microsoft Fix it 51007 as a so-called "MSHTML Shim Workaround." Security Advisory 2934088 lists all of the impacted operating systems and IE browsers.

There is a negative impact after installing the Fix it solution above. According to the Microsoft Security Advisory 2934088, "after you install this Fix it solution, you may experience increased memory usage when you use Internet Explorer to browse the web. This behavior occurs until you restart Internet Explorer."

This article has extended content.
Continue reading "Adobe Flash Player updated to fix 0 day exploit" »

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

Beware of emails containing a PayPal Phishing scam attachment

February 20, 2014

Today, I received a suspicious email claiming to come from PayPal, with the subject: "Account Notification" - notifying me that I had to verify my account information - because of a "planned system upgrade." As I suspected, it was a Phishing scam, not only meant to steal one's PayPal credentials, but also your identity.

Here are the most important identifying features of this email scam.

PayPal Phishing Scam Email Contents

Received: from mail.xx11.com.br ([177.8.168.7])
by imta24.westchester.pa.mail.comcast.net with comcast
id UhP31n00w09uhKl0QhP56C; Thu, 20 Feb 2014 17:23:09 +0000

From: PayPal ([email protected])
Return-Path: [email protected]
Subject: Account Notification
Message body contents (text only):


PayPal Account System Upgrade Verification.

Technical services of the PayPal Inc. are carrying out a planned system upgrade. We earnestly ask you to start with the procedure of confirmation on customers data.

 This email has been sent to all PayPal customers, and we ask a few minutes of your online experience. We have sent you an attachment form through this email. Please download and open it in your web browser.

 Your personal information is protected by state-of-the-art technology. After you have filled in all the required fields in the form, our verification system will automatically update your account records.

 We apologize for any inconvenience, and thank you for your time.

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click Help in the top right corner of any PayPal page.

Copyright © 1999-2014 PayPal. All rights reserved.

My analysis follows.

This article has extended content.
Continue reading "Beware of emails containing a PayPal Phishing scam attachment" »

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

February 16, 2014

Massive server probe attack on 2/16/2014

February 16, 2014

As a concerned web site owner and webmaster I make it a routine to review my daily access logs. I am not only looking at who visited me and from where they were referred, but who was attacking my web site and what probes they were using.

On Sunday, February 16, 2014, I was reading the day's raw access log when I saw an enormous vulnerability probe attack, which encompassed an amazing 2189 individual hack attempts over 12 minutes and 11 seconds. The entire attack came from a compromised dedicated server at 208.115.221.18, which belongs to Limestone Networks and is sub-leased to an Panamanian citizen, who in turn leased the server at that IP address to a company named Towntek.com.

Upon checking out Towntek.com I was greeted by a "default website page" that is displayed when web space has been leased, but no content has been uploaded to the public web root, and/ or no index page has been published.

So, what we have here is yet another undeveloped web site on an unsecured web server that has been hacked and is being used to attack other web sites.

Fortunately for me (fortune favors the prepared mind), I made it a point to learn about common attack vectors used to take over web sites and have protected my web sites against the tactics employed by the remote attacker using 208.115.221.18. This attack is most likely part of a botnet that employs hacked web sites and servers to launch attacks against other web sites and individuals browsing them.

I have since notified Limestone Networks about the compromised account. The assigned owner of the hacked site left no contact information.

Excerpts of the attack are shown in my extended content.

This article has extended content.
Continue reading "Massive server probe attack on 2/16/2014" »

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

January 29, 2014

New Phishing scam targeting American Express card holders

January 29, 2014

Email malware and phishing scams are nothing new and most will appear for a while, then disappear, then reappear some time later. So it is with a new scam targeting American Express card holders on January 29, 2014.

Earlier today, my spam protection program, MailWasher Pro, auto-deleted a message that was a phishing scam against American Express card holders. Here are the pertinent details to watch out for, lest you fall for this scam.

Subject: American Express Security Notification
From (spoofed): "American Express" <[email protected]>
Return-path: <[email protected]>
Date: Wed, 29 Jan 2014 17:23:53 +0000
Some normally hidden email headers:
Received: from [94.197.44.27] (port=53006 helo=94.197.44.27.threembb.co.uk)
Received: from 94.197.44.27 (account [email protected] HELO otpfh.ifxkmqeu.com)
X-Mailer: The Bat! (v3.51.10) Home

The message body in plain text reads as follows.



American Express Security Notification

Dear Customer,

As you may already know we ask our customers to update the contact details associated with American Express card account.

A recent review of your account determined that you need to confirm the information associated with your American Express account.

As the Primary Contact, you must verify your account activity before you can

continue using your card, and upon verification, we will remove any restrictions placed on your account.

We encourage you to use the following link and confirm your account details as soon as possible:

https://www.americanexpress.com/[Links to h**p://dychovka.eu/dissents/index.html]

Note: Failure to update your account may result in account limitations or even account closure.

We appreciate your prompt attention to this important matter.

Thank you,

Amber Justice

Level III Security Officer

American Express

? 2014 American Express Company. All rights reserved.
AMEX Account Security



Note: (I deactivated the hostile link for your safety)

Here are some pertinent details about this scam.

This article has extended content.
Continue reading "New Phishing scam targeting American Express card holders" »

Recommend this article! Bookmark and Share  

Protect your Windows and Mac computers and Android smart devices from malicious web pages, spyware, viruses and information stealing Trojans, with Trend Micro Titanium security programs.

back to top ^

Monitor this page for changes
it's private  by ChangeDetection

About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Bookmark and Share

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter

You can read my Twitter feed at the bottom of this page (requires JavaScript).





Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about or download Malwarebytes Anti-Malware here.



Domain.com, Domain Names and Hosting



Use OpenDNS

Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by
Movable Type 4.38

Monitor this page for changes
it's private  by ChangeDetection

Fight website spammers