July 2, 2009

New Nigerian phishing scam targets Hotmail users

Today I received an unusual phishing scam that I traced to Lagos, Nigeria. It is disguised as an urgent message from the Windows Live Team, to all Hotmail subscribers. The subject was: "LAST WARNING (ACCOUNT ALERT)" - in all capital letters - as is typical of Nigerian 419 scammers. The email claims that Hotmail is overloaded with free user accounts and must prune unused accounts to free up resources. What a bunch of hooey! Anyway, the intended victim is asked for his or her Hotmail address and password (Microsoft already knows this), date of birth (why would Microsoft need that?) and your location. The details are supposed to be filled out in the enclosed form and submitted to the scammers.

This is a phishing scam looking to steal active Hotmail accounts for use as spam sending zombies, using Hotmail's good reputation to avoid email sender blockades. The phished date of birth information can be crosschecked against other stolen or looked up details about you, or they can read your personal details saved in your Hotmail account profile, to perform identity theft. This information would then be sold to more advanced cyber criminals.

The scam email I received today was sent from the IP address 62.173.55.107 which is part of the CIDR 62.173.32.0/19, which covers all IPs between 62.173.32.0 and 62.173.63.255. This CIDR is registered to ipNX Nigeria Limited, in Lagos, NG.

I discuss methods of preventing these Nigerian scam emails from reaching your desktop email clients, or forum members, in my extended comments.

This article has extended content.
Continue reading "New Nigerian phishing scam targets Hotmail users" »

Posted by Wiz at 5:13 PM |

back to top ^

July 1, 2009

Spybot Search and Destroy Definitions Updated on July 1, 2009

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on July 1, 2009, as listed below. Some new and altered fake security programs were added to the detections, plus several new Trojans, rootkits and modified spam bots.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments below.

This article has extended content.
Continue reading "Spybot Search and Destroy Definitions Updated on July 1, 2009" »

Posted by Wiz at 9:36 PM |

back to top ^

June 28, 2009

My Spam analysis for June 22 - 28, 2009

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has increased slightly this week. This indicates to me that some of the Botnets that lost their Control and Command servers following the forced shutdown of colocation host Pricewert have found other server hosts that allow illegal activities. Thus, sleeping zombie bots are awakening and spamming again.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for various fake pharmacies, which sell illicit and counterfeit pharmaceuticals like Viagra, weight loss scams and phishing scams.

See my extended comments for this week's breakdown of spam by category, for June 22 - 28, 2009 and the latest additions to my custom MailWasher Pro filters

This article has extended content.
Continue reading "My Spam analysis for June 22 - 28, 2009" »

Posted by Wiz at 1:33 PM |

back to top ^

June 26, 2009

Weekly roundup of vulnerabilities and exploits in the wild

Here is a summary of this week's vulnerabilities and exploits in the wild, as reported by Secunia, Websense and other security firms. Actually, this has been a quieter week than most.

Websense has been following a website code injection event they named the "Nine Ball Mass Injection," which is a follow-up to the "Beladen" and "Gumblar" mass injection attacks last month This is a situation where cyber criminals exploit vulnerable web application scripts that have not been secured by the webmasters who operate those websites. Too many webmasters use free scripts that are rarely, if ever updated to patch announced vulnerabilities. Hackers send out automatic scripts (a.k.a. robots, spiders) that try to upload hostile files to any website they come across. Once they find an unpatched point of entry they are able to alter the codes on any web pages (usually the home page) they want. In the past, hackers would deface home pages with gibberish or slogans for their causes. Now, it is criminals who sneak in dangerous hidden codes that redirect innocent visitors to hostile websites, where malware is attempted to be downloaded to the victims' computers. Most are successful, because most people do not, or cannot keep up with patches released by every vendor of the add-ons and plug-ins used by their browsers.

Most of the malware being downloaded by the Nine Ball and similar exploits is fake security applications that pretend to scan you computer, announce so many threats found, then demand payment to remove those threats. These are tandem malware programs, with part one being the fake alerts and part two being the fake remover. After you pay to unlock the remover, it only removes the alerts its sister placed there in the first place. You will have submitted your credit or debit card information to cyber criminals in the Former Soviet Union and can expect to have your accounts drained shortly.

The rest of this weeks vulnerabilities and exploits are in my extended comments.

This article has extended content.
Continue reading "Weekly roundup of vulnerabilities and exploits in the wild" »

Posted by Wiz at 2:42 PM |

back to top ^

June 25, 2009

Spybot Search and Destroy Definitions Updated on June 24, 2009

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on June 24, 2009, as listed below. Lots of new and altered fake security programs were added to the detections, plus several new Virtumonde Trojans and new or modified spam bots.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments below.

This article has extended content.
Continue reading "Spybot Search and Destroy Definitions Updated on June 24, 2009" »

Posted by Wiz at 10:57 PM |

back to top ^

June 21, 2009

My Spam analysis for June 15 - 21, 2009

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has decreased again this week. This is probably attributable to the forced closure of Pricewert, a spam-friendly hosting company, where Botnet command and control (C&am;C) servers and malware hosting was carried out by its customers, with no action taken by the company to halt those activities. With the C&C controllers offline their Botnets cannot receive updates or new instructions and fall silent, like zombies. Spammers then find other means of delivering their crap to us.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 scams, and dating scams. Also, the volume of phishing scams targeting customers of various banks and credit cards remained strong again this week.

See my extended comments for this week's breakdown of spam by category, for June 15 - 21, 2009 and the latest additions to my custom MailWasher Pro filters

This article has extended content.
Continue reading "My Spam analysis for June 15 - 21, 2009" »

Posted by Wiz at 4:29 PM |

back to top ^

June 17, 2009

Spybot Search and Destroy Definitions Updated on June 17, 2009

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on June 17, 2009, as listed below. Some new fake security programs, new Virtumonde Trojans and new or modified bots and rootkits were added to the latest definitions.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments below.

This article has extended content.
Continue reading "Spybot Search and Destroy Definitions Updated on June 17, 2009" »

Posted by Wiz at 1:31 PM |

back to top ^

June 14, 2009

My Spam analysis for June 8 - 14, 2009

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam, spam, spam, spam, spam, spam, spam (from the old Monty Python routine)! The volume of spam coming to my various honeypots and user accounts has held steady this week, still at a relatively low volume (some spammers do prune honeypot accounts from their lists). Some of this is also attributable to the forced closure of Pricewert, a spam-friendly hosting company, where Botnet command and control servers and malware hosting was carried out by its customers, with no action taken by the company to halt those activities.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 scams, fake Cialis and Viagra. Also, the volume of phishing scams targeting customers of various Australian banks and credit card holders remained in the running this week.

See my extended comments for this week's breakdown of spam by category, for June 8 - 14, 2009 and the latest additions to my custom MailWasher Pro filters

This article has extended content.
Continue reading "My Spam analysis for June 8 - 14, 2009" »

Posted by Wiz at 12:42 PM |

back to top ^

June 12, 2009

Windows, Firefox, Adobe Reader and Apple QuickTime updated

There have been significant program updates issued for Microsoft Windows, the Firefox browser, Adobe Acrobat and Reader and Apple's QuickTime browser plug-in. All updates were released this week to fix critical vulnerabilities that were reported and were being exploited by hackers and cyber-criminals. These criminal elements hijack legitimate websites and install hidden codes to redirect innocent visitors to hostile websites loaded with exploit attack codes.

Most of the successful attacks exploit vulnerabilities in browsers (usually Internet Exploder), or their installed add-ons and plug-ins. like Apple QuickTime, Adobe Flash and Reader (and other PDF readers) and Sun's Java plug-in. If any of these items are a vulnerable version you may have your computer hijacked by cyber-criminals who will make it a zombie member of their Botnet. This will turn your PC into a spam machine, or it could be used to attack websites or Governments, with whom the hackers have a difference of opinion.

In order to stay safe from the barrage of hack attacks targeting browsers and their plug-ins it is imperative that you keep Windows and its components and all third party add-ons up to date. One way is to always select the option to automatically check for, download and install updates to those programs. If there is no automatic update mechanism for a program you use you should check to see if it has been updated. This could be at the manufacturer's website, or by using the free Secunia Online Software Inspector (requires current version of Java).

The details of this week's updates are below, in my extended comments.

This article has extended content.
Continue reading "Windows, Firefox, Adobe Reader and Apple QuickTime updated" »

Posted by Wiz at 1:07 PM |

back to top ^

June 10, 2009

How to use Spybot Search & Destroy to fight malware

About Spybot Search & Destroy

Spybot Search & Destroy (S&D), a product of Safer Networking Ltd., is a free ("donation-ware") security program that is used by millions of people to fight off spyware, keyloggers, Trojans, Botnet executables, adware, hostile domains, unwanted cookies and other types of malware in the wild. Being freeware it lacks some functions that are commonly implemented in commercial security programs. It has only manual updates, which are usually released once a week, on Wednesdays (see my regular weekly articles about new updates), and limited scanning presets. Most functions must be carried out manually, but hey, it's free! Despite these limitations Spybot S&D is a well respected and effective anti-malware tool to add to your arsenal.

Spybot Search and Destroy can be downloaded for free from either www.spybot.info, or from www.safer-networking.org, or several official mirror sites. Don't fall for fake versions distributed by rogue anti spyware websites. Approved download mirror sites are listed on the Spybot S&D downloads page.

Once downloaded you should install the program onto your hard drive. There are installation options to watch for and the options you select will affect the normal operation of the program, when launched. One of the installation options is for the "TeaTimer" module. This is a realtime monitoring component that sits in your System Tray and launches itself into action whenever a change is about to be made to the system, the Registry, or your browser's home or search page. The program pops up little balloon alerts asking if you want to allow or deny the changes, or even notifying you that a suspicious program file was terminated automatically. These balloon popups can be annoying at times, although you can tell TeaTimer to remember your decisions. Unfortunately, there have been several serious false positives reported in the Spybot forums concerning the TeaTimer module deleting harmless files necessary for the operation of other programs or Windows itself. Lately, these false positives are becoming fewer and further between. It is your choice whether you want to use the TeaTimer module. I would keep Windows System Restore turned ON in case TeaTimer renders an important program, or part of Windows itself unusable (use the "Last known good configuration" startup option).

No matter which options you choose to install the program with, always select the option to update the program immediately. You can select or deselect all options later on, using the Advanced Mode. Once installed and updated it is time to Immunize, then scan for threats. These steps are described in my extended comments, along with download and forum links and more instructions about using Spybot Search and Destroy.

This article has extended content.
Continue reading "How to use Spybot Search & Destroy to fight malware" »

Posted by Wiz at 2:39 PM |

back to top ^

Add to Technorati Favorites

Search


About the author
Wiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

Monitor this page for changes
it's private  by ChangeDetection

We accept PayPal donations!

Recent Posts

Popular Posts

Subscribe to this blog's feed
[What is this?]
PCTools Spyware Doctor
Award-winning Spyware Doctor is a top-rated malware & spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, trojans, keyloggers, rootkits, spybots and tracking threats. Don't compromise your security with second best! Easy to use with intelligent automatic protection and 100% Guaranteed.

MailWasher Pro is an effective spam and web threat filter for your desktop email client. Using a combination of a user configurable blacklist and friends list, selectable DNS blacklists, a heuristic virus detection algorythm, the FirstAlert reporting community, user created filters and Bayesian learning filters, MailWasher Pro recognizes and deletes spam before you download it to your desktop email client. Checks multiple POP eamil accounts simultaneously. Try it free for 30 days. Pay $39.95 US once, for a lifetime license, with free upgrades.

Get Unlimited Web Hosting

Do you need affordable website hosting? Right now you can host Unlimited Domains, and get Unlimited Storage, Bandwidth and Databases, for as little as $4.95/month, when you transfer your hosting to StartLogic. New domain accounts and renewals are only $5.95/mo. Read the details here.

Norton AntiVirus 2009 and Norton Internet Security 2009

Use OpenDNS

Categories

Archives

Our main web pages

Home Page
Security Alerts
Frequently Asked Questions
Website Hosting Solutions
Links and Resources
MailWasher Pro Spam Remover
MailWasher Pro Custom Filters
Networking Fundamentals
About Computer RAM & Upgrades
Webmaster Services
Site Map

Anti-Spyware Tools

A-squared HiJackFree
A-squared Trojan remover
AboutBuster
Ad-Aware Free
Avira AntiVir Free Anti Virus
AVG Free Anti Virus
CWShredder
HijackThis
MalwareBytes AntiMalware
Rogue Anti-Spyware list
Trend Micro RUBotted
Secunia Software Inspector
SiteAdvisor Toolbar
Spybot Search & Destroy
Spyware Blaster
Strider URL Tracer
Trend Micro Internet Security
US-CERT.gov
Windows Defender
Windows Live OneCare Scanner
ZoneAlarm Pro Firewall

Spyware Removal Forums

A-Squared Malware Removal Forums
AVG-Free Self Help Forums
Bleeping Computer HijackThis Logs and Analysis
Bleeping Computer Spyware Removal Guides
Geeks To Go Forums
MailWasher Pro Forums
MajorGeeks Forums
MalwareBytes Forums
Safer Networking Forums
Spybot S&D Malware Removal Forum
Spywareinfo Forums
SpywareWarrior Forums
TomCoyote Forums
Wilders Security Forums

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.37

Try TypePad Now to Get a Hosted Blog with Powerful Features.

Get a Blogging Platform built to Grow with Your Business. Download Movable Type Now!
Monitor this page for changes
it's private  by ChangeDetection

Trend Micro Internet Security protects against the Conficker Worm, Spyware, Trojans, Viruses and Web Threats