May 25, 2012

New money mule email scams lead to infamous Rock Cruit Management

May 25, 2012

Today, while reviewing my auto-deleted spam email messages, I found one that I decided to take a closer look at. It is an obvious Money Mule recruitment scam (to spam hunters like me), with the subject: "Re : Re : Please Complete Your Job Application." Let's see where it leads, shall we?

First of all, everything in the headers is garbage. Throw them out, except to report the unwitting sender to SpamCop, which I did. The sender was an open proxy in Greece. The spamvertised link was to a URL shortener service hosted in China.

The bait was as follows:


The salary available for open openings range from $35.77 /hr to $57.62 per hour.
Prior being considered, we will first need you to formally apply.
Please go here to begin the process:


I have seen these exact same words, with only slight variations, for a year or longer. In fact, I write spam filters for MailWasher Pro users which detect these phrases and others, to auto-delete such scams.

I decided to follow the URL shortened link and see where it leads.

The first stop along the spam link highway was the URL shortener service called iurl.us. Anyone landing there is quickly transferred via an HTTP Refresh code to another middleman website. That site then redirects visitors to a third site, which uses a 302 Found redirect to a template page for a money mule recruiter affiliate. This is where the buck stops, figuratively speaking. The company name displayed in the upper left says: Rock Force Management.

Nothing suspicious or revealing is to be found on the landing page. But, to proceed with the application, one must click on a button (a .gif image) that takes you to "page2.php." This is where is gets interesting. Here, victims are asked for personal information, including their address and phone number. One of the hidden form fields tells who is behind this scam: input type="hidden" name="listname" value="rockcruitmanagem"

Regular readers of my blog will already be familiar with this fake management company, which involves variations of the words "Rock" "Cruit" and "Management" in email scams going back to this time last year. The copyright details in the footer claim to be "Hot Deal Dep, LLC." This is the affiliate website that sells the templates to spammers, who drive traffic to the people running the RockCruit Management scam.

The scam is that people meeting the application minimums will be offered positions as "money mules" in a criminal enterprise. Some will receive and wire-transfer out stolen funds from bank accounts which have been hijacked by banking Trojans, like ZeuS. Others will receive packages purchased with stolen credit cards and will be instructed to reship them to a foreign location. These crimes are known as Money Laundering, Wire Fraud, Aiding and Abetting, and Receiving Stolen Goods and are punishable by hard time in a US Federal Penitentiary.

What the money mules are told is that they will work under test conditions for a short period of time, usually less than one month, after which they will begin to get paid. What always happens is that the people pulling the strings cut them loose with no pay, before the month is up. All communications from the mule to the master is severed, leaving the mule with nothing.

But, one day, after fraudulent bank transfers or illegally purchased goods are traced, they Police end up kicking down the money mule's door and hauling them off to Jail. In the meanwhile, Boris Badenov and Natasha Darlink live in luxury, in the former USSR, off the money the mules wired to them, wearing the fancy cloths bought with stolen cards and sent to them by their reshipper mules.

Don't fall for Russian Money Mule scams. There is no real job being offered in the "pay range from $35.77 /hr to $57.62 per hour scams. All that awaits the victims is prosecution in a Federal Court, in the USA.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 24, 2012

Anatomy of a PayPal email scam leading to malware

May 24, 2012

Cyber-criminals are once again ramping up their email scam campaigns to deliver messages with links to malware servers they control. One of the recent scams, happening this week, is a PayPal Payment scam, with links leading to an exploit attack kit.

The most recent PayPal scam arrives in your Inbox with the Subject: "You sent a payment" and a spoofed From address: "[email protected]" <[email protected]>. However, if you were to take a look at the actual normally hidden Header information, you would see that the email came from some other non-related website. The PayPal scam I am looking at came from Brazil:

Received: from [187.56.96.53] (helo=telesp.net.br).

See my article from 2006 for suggestions on how to display email headers.

The PayPal scam message body text is meant to both poke the curiosity of the recipient (by the dollar amount they allegedly sent) and to delay their checking into their PayPal accounts to see if they did make such a payment. Here is how the crooks accomplish these important tasks:


You sent a payment Transaction ID: 2T004487YM209135A
Dear PayPal User, You sent a payment for $334.85 USD to Otis Bauer (or another name). Please note that it may take a little while for this payment to appear in the Recent Activity list on your Account Overview...

This payment was sent using your bank account.By using your bank account to send money...


The call to action that they want victims to perform is NOT to login to their PayPal accounts to investigate this scam (See italicized sentence above), but to click on poisoned links provided amount keywords in the email message body. These inks are wrapped around every word that a PayPal user might normally expect to be available for seeing details about their accounts. The linked words were as follows:

  • 2T004487YM209135A

  • View the details of this transaction online

  • Help Center | Resolution Center | Security Center

  • h**ps://www.paypal.com/us/cgi-bin/webscr?cmd=_history (not URL in link)

  • h**ps://www.paypal.com/us/cgi-bin/webscr?cmd=_contact_us (not URL in link)


Each one of the above anchor words were wrapped by a link to a compromised website that contained the following contents (placed there when they got hacked):

WAIT PLEASE
Loading...
<script type="text/javascript" src="h**p://REMOVED.com.tr/fu25e3pr/js.js"></script>
<script type="text/javascript" src="h**p://REMOVED-epices.com/X1RrZw4G/js.js"></script>
<script type="text/javascript" src="h**p://REMOVED.com.au/Xsqgw1AK/js.js"></script>

Each of the links on the compromised website is a JavaScript include, which is drawn from the URL I removed and imported as JavaScript Includes, into the browser of the victim. Once the first active URL in those 3 files loads (some may have been taken offline, or cleaned), it loads another JavaScript code that redirects your browser to another URL, which is hard-coded into that script. In the case being analyzed that poisoned link goes to:h**p://69.194.196.44/showthread.php?t=4a6d866826776084 (DO NOT GO THERE!).

Whois 69.194.196.44?
Answer: Solar VPS, in Rutherford, NJ, USA.

What happens when you are redirected to this VPS server? You get attacked by the BlackHole Exploit Kit, which first and foremost probes for any exploitable versions of Java on your computer.

How can one protect themselves from such exploits?

Your first line of defense should be your own hand, in which your pointing device is activated. Whether you use a traditional mouse, trackball, fingertip mouse-pad, stylus, or touch-screen, always allow the pointer to hover over links before you actively click on them! All modern browsers will automatically display the actual URL of a link as you hover over it. All standalone desktop email clients have an option to show or hide the Status Bar. I always show my Status bar.

If you use Microsoft Windows Live Mail (WLM) as your email client, and you don't see a Status Bar along the bottom of its window, click on the tab labeled VIEW (under the title bar, listed among Home | Folders | View| Accounts). Look to the right of the options and buttons that appear under the View tab and find the one labeled "Status bar" and click on it. The Status bar will instantly appear on the bottom of the WLM window. If you preview your emails (View - "Preview" or "Reading" Pane). Even if you don't use the Reading Pane, once you open an email message and hover over links in it, the URLs will be displayed in the Status bar of that opened email message. Fortunately, that Status bar is not turned off even if the main interface has its Status bar off.

Another way you can protect yourself from being exploited in case you accidentally do click on a poisoned link, is by using the Firefox browser, along with the NoScript Add-on. I operate this way. NoScript is an extension that one can manually install into the Firefox browser. It disables JavaScript and other active content by default. You have to actively instruct it to allow this or that website or URL to allow scripting to be rendered. You can do this permanently, or temporarily. Chances are very minute that you will have white-listed one of the domains that have been compromised by the criminals running these BlackHole scams. Therefore, should you click on a hostile link that leads to a JavaScript Include that redirects to a malware server, you may see the "Please Wait, Loading" message, but nothing more will happen (Yes, I have checked this out).

Even if you go directly to the BlackHole exploit server, nothing will happen if you have JavaScript disabled. But, since the majority of people browsing the Internet do not block JavaScript, "stuff" may well happen to you if you go there.

The BlackHole Exploit Kit first attacks Java technology, if present (see: Do I have Java installed?). Java is NOT the same as JavaScript. They are horses of a different color. Java is like an executable, in that it is compiled into an Applet that can run on its own. JavaScript is an interpreted language that normally operates only in web browsers, or special browser emulators used by developers, or in Adobe Reader and Acrobat, or certain other specialized applications. If your computer, or hand held device has any out-dated version of Java installed, you can be taken over by the BlackHole Exploit Kit.

If you either do not have Java installed, or only have the most recent version, which has been patched against known vulnerabilities, the BlackHole Kit might probe your for an out-dated version of Adobe Flash or Reader. It really depends on which version of the BlackHole kit you are lured to, as the one I am looking at today only targets Java. Some email scams have links to the Phoenix Exploit Pack, which definitely includes Flash, Reader and ActiveX attacks, in addition to Java. This means you have to make sure that you stay up-to-date with patching all plug-ins that are accessed through a web browser.

Thankfully, Oracle's Java, Adobe's Flash and Reader and Apple's Quicktime plug-ins all have an optional automatic check for updates feature. I strongly advise you to enable those automatic updates and have them both downloaded and installed as they become available.

Finally, if you now operate your computer with Administrator privileges, read my articles [1] [2] [3] about lowering your privileges to the Limited, Power, or Standard User level instead. This will significantly reduce your likelihood of being successfully exploited by means of a drive-by attack. Yes, you could be tricked into agreeing to install a Trojan, by cleverly worded social engineering tactics. But, at least you would have a chance to see it coming and stop it, whereas with Administrator privileges, the malware could just walk on in and sit right down.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 16, 2012

Spoofed 'Bill Me Later' email has links to 20 Blackhole exploit websites

May 16, 2012

This article is about cybercriminals taking email exploit attacks to a new level. Tonight, I processed an email scam (to SpamCop) that claimed to come from a service known as 'Bill Me Later' - detailing an online payment I was supposed to have made over the phone. Except, my name is not Dr. Mary Olsen, MD!

The message, which was carbon copied (CC) to dozens of other recipients (whose email addresses were viewable in plain text), started off with the following totally fake text:

"Thank you for making a payment over the phone! We've received your
Bill Me Later® payment of $60.12 and have
applied it to your account.
"

The scam goes on to list various account numbers and (fake) payment details. It was also loaded with images and clickable links (20) to view many details, including:

Manage your account, Make a payment, View statements, Account Summary, Home, Make a Payment, About Bill Me Later, Offer, Directory, View Statements, Merchant Sign Up, Store, View Account, Summary, FAQs, Register Account
and 4 image links.

What is astoundingly different about this scam is not just the unusually high number of links leading to an exploit kit, but the fact that they all led to different domains. Normally, I see one or two domains used in hostile link scams. Twenty different compromised domain links is a new record for me.

Each one of these 20 links (see compromised website list) leads to a different website, to a sub-directory (folder) containing 8 mixed case alphanumeric characters, then, /index.html. Here is one sample URL (deactivated for your safety): h**p://webprof.ro/Tv2YU8u6/index.html

The 20 domains used in this attack were all compromised by means of out-dated, or unsecured plug-ins to web software they were running, like WordPress, Joomla, the TimThumb image viewer/uploader, or some other exploitable software the Webmasters installed but failed to update.

The payload is the BlackHole Exploit Kit, which in this scam run is hosted on a compromised server belonging to Directspace Networks (AS46816), in the USA. I have notified them about the IP and file details where the exploit kit is housed. The exploit is delivered by a Russian designed Nginx web server.

The BlackHole Exploit Kit (Wikipedia article) originates and is updated in Russia. It targets vulnerable versions of Java, Flash and Adobe Reader, with Java exploits coming first. If you click on a link that redirects your browser to this exploit kit, and you have JavaScript enabled, and you have an out-dated, or unpatched version of the Java Virtual Machine installed on your computer, it will probably be taken over by the malware delivered by the BlackHole Kit. This usually means that, 1: your computer joins a botnet; 2: it becomes infected with a dangerous Trojan* that does whatever the criminals delivering it want it to do, and 3: a rootkit is installed to protect it against your trying to remove it.

Hopefully, you read this before you receive the fake Bill Me Later email message. Hovering (without clicking) over the links and clickable images will reveal the actual URLs in a status bar. Every one of the links in all of the current BlackHole scams lead to various unremarkable domain names (but not related to the domain mentioned in the email subject or body text), some with country code domain extensions, all having a forward slash, then a folder name with 8 mixed case alphanumeric characters, followed by a forward slash and a file named index.html.

If you receive this scam, delete it. Do not click on any links after hovering over them.

If you have clicked on any links in one of these scams, you need to run a scan with legitimate anti-malware programs, which are up to date. I use and recommend Trend Micro Internet Security as my anti virus program and also use a registered version of Malwarebytes Anti-Malware. To add another layer of protection, I operate from a "Standard User" account, not an Administrator account. While I could conceivably be tricked into installing a Trojan, it is much harder for a silent, drive-by exploit to hack my PC without my direct interaction.

* The Trojan delivered by the BlackHole Exploit Kit varies, from the ZeuS bank account stealer, to other sensitive information harvesters, to fake security programs, to ransomware that cripples your PC, or hides important files until you pay a ransom for an unlock code.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 13, 2012

My spam analysis for May 6 - 13, 2012

After taking a month off from publishing my spam statistics, I am resuming it today. I have been watching spam trends during my quiet month and found that the volume of spam is increasing. This, after a year of declining spam volumes.

I have added up all my incoming email and counted those classified as spam, and found that in the last week, my percentage of spam has been almost 40%. During the same period last year, it measured just 30%. This is a 10% increase.

I measure the amounts and types of spam with MailWasher Pro (2012), which compiles very good statistics for its users. If you don't already know about this program, it is a spam filter and email classifier, which sits between your email servers and your email client. It receives either POP3 or IMAP email from your mail servers and applies any filter or blacklist rules you define. I write and publish spam filters for MailWasher Pro and most of them are so reliable that I set them to automatically delete known spam. In case the filters are in error, I am able to restore the wrongly deleted messages from the MailWasher Recycle Bin.

While the volume and percentage of spam has increased over the last 7 days, an interesting development occurred: there was no spam with either malware links or attachments! In the previous weeks there were many such hostile messages, spoofing all manner of known websites and banks. Make no mistake, the malware scams will resume soon. Stay alert, especially if you have Java, Flash, or Adobe Reader installed on your computers or smart phones/tablets.

I always advise my readers to hover over links before clicking on them. Doing this causes the actual URL (web address) to be displayed on the bottom of your browser (Web-mail) or email client (desktop email program). This gives the savvy user a chance to see if the link claiming to lead to Intuit actually goes to a website that has nothing to do with intuit.com, or facebook.com, paypal.com, linkedin.com, etc, etc.

On the other hand, clicking (without hovering first to check it out) on a poisoned link takes you to a compromised website, which uses JavaScript and iframes to redirect you to a Russian malware server, where your computer is attacked for any vulnerable software. If you have any exploitable, unpatched software installed, your computer may be taken over by criminals and drafted into a spam and attack botnet, and have malware installed which steals money from your financial accounts, or extorts money from you to fix non-existent problems.

Let's move on to the spam analysis for the week...

Statistics Overview

Total incoming email: 531
Classified as spam: 210
Percentage classified as spam: ~40%; 30% this time last year
Number of messages classified as spam by my custom filters: 201
Number auto-deleted by my custom blacklist: 7
Number classified as spam by the Bayesian Learning filter: 2

The order of spam categories, according to the highest percentages, is as follows:

Male Enhancement: 55
Fake Pharmacies: 31
Counterfeit Cialis: 18
Counterfeit Watches: 18
Money Mule & work at home scams: 17
Fake Diplomas: 16
Weight Loss scams: 10
Blacklisted: 7
Russian and Ukrainian spam domain links: 6
Fake online Casinos: 5
Russian Dating scams: 2
Nigerian 419 & Lottery scams: 6
Miscellaneous spam: 19

Updates and/or additions to my custom spam filters:

Known Spam Subjects #4,
Male Enhancement [S] (twice),
Money Mule Scam #2 (twice).
Updated and renamed ".RU .UA" Domain Link to "Russian" Domain Link

Additions to my MailWasher Pro Blacklist:

[email protected]

There was 1 false positive last week, which I corrected in my published filters. All other filters behaved as intended. Note, that I now publish three types of spam filters for MailWasher Pro. One type is for the latest 2012 series, in xml format, and two are for the previous series 6.x. One of those filters is set for manual deletions and the other for automatic deletions. You can read all about MailWasher Pro and the filters I write for it, on my MailWasher Pro Custom Filters page.

If you are having trouble caused by excess volumes of spam email, and are not using an effective filter, why not try out MailWasher Pro? It sure works for me!

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 7, 2012

Really lame and blatant Nigerian 419 scam

Today, I received an email containing a Nigerian 419 scam that while laughable for its horrible spelling and punctuation, makes an upfront demand for payment. Normally, these scams hide the fact that victims are asked to pay in advance before the (fake) hundreds of thousands of dollars will be released to the beneficiary (victim).

Let's take a look at this scam from a curiosity point of view.

First of all, the sender has covered his tracks by using compromised email relaying PCs in a botnet. Two computers were used, both belonging to US residents. One belongs to an organization named "Secured Private Network" - which is obviously not so well secured! The second relay occurred via an open relay in a mail server belonging to CrystalTech Web Hosting.

The return path was interesting. It used a (possibly spoofed) account on a Ukrainian domain: [email protected]. However, the From address shows [email protected], which is obviously spoofed.

The message body claims to be from the "United states ambassador to nigeria
Ambassador terence mccauley" - yet it is filled with incorrect grammer, bad spelling and letter cases. I have to believe that any school kid in the USA knows that titles, countries and personal names always have the first letter capitalized.

The scammer claims to have plans to be: "coming to your country for an official meeting and i will be bringing your funds of ($500,000:00) FIVE HUNDRED THOUSAND UNITED STATES DOLLARS {bank draft} along with me." He goes on to demand an up front payment of $250 processing fee! "the cost of registering it is $250 USD the fee must be paid in the next 48 hours via western union."

Finally, to add insult to injury, the scam contains this outrageous statement:


Please, if you know you will not or can not send the requested $250 USD, please, dont bother replying this mail.

You can read the full text of this 419 scam on my SpamCop report

It is the up front, advance fee demands that gave these scams the name 419 scam. You see, section 419 of the Nigerian Penal Code makes it a serious offense to commit financial fraud involving advance fees. Yet, Nigerians go to Internet Cafes every day and mail out thousands of such scams to people in all parts of the World, but especially English speaking people in North America, the United Kingdom and the lands down under.

Never reply to a Nigerian scammer and never give them your phone number! There is no 500 Gs waiting for you, and you are not the beneficiary of anybody who died and left millions in a Nigerian bank. They will bleed you out of all your money with new fees and bribes and never send you the promised funds (because they do not exist). This has happened over and over to greedy people who fall for such scams. W.C. Fields once said "Never wisen up a chump or give a sucker an even break." That is exactly how Nigerian 419 scammers behave. They target the elderly as well as business owners and town clerks.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 6, 2012

How to prevent unauthorized people or vehicles from intercepting your wireless data

Lately, much ado has been made about the Google Street View vehicles doing more than photographing houses and businesses. Apparently, the Google vans have also been intercepting and storing wireless data from *unsecured* wireless routers, as they drive along the streets of our great nation.

Does this worry you? It should if you are one of the people operating an unsecured wireless router. Not because of what Google was doing with this openly transmitted data, but because if a Google van can read your unencrypted data, so can a neighbor's hacker kid, or somebody with bad intentions driving down your street, looking for wireless connections to piggyback on, or data to steal (a.k.a: War-driving).

Here is what the FCC determined about Google Street View vans intercepting wireless data as they dove down streets:


The FCC has been investigating, and recently fined Google $25,000 [details] for the incident. In its report, the FCC concludes, "For more than two years, Google's Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from Internet users in the United States."

In its findings, the FCC has concluded that Google's wireless data collection was not illegal because the information the company gleaned was not encrypted. The $25,000 fine against Google was actually for interfering with the investigation by stonewalling at searching employee records to find out why this happened and what was done with the purloined data. It turned out to be an experiment by what Google referred to as a rogue employee.

So, how can you make sure that something like this doesn't happen to your wireless connections? Secure your wireless routers, or hotspots! Here's how...

While I cannot give you instructions for your particular wireless router or hotspot, you can get them from the installation instructions that shipped with the device, or by going to the manufacturer's website and downloading a manual. However, I can tell you a few things to do to secure that device against casual drive-by, or next door snoopers.

First and foremost, no matter what brand or type of wireless router, modem/router, access point, or hotspot you employ, change the default administrator password to something not easily guessed, or found in a common dictionary. This won't stop unencrypted data from being intercepted but will definitely make it much harder for a hacker, or malicious script to take over control of critical router/hotspot functions. If your router's password can be guessed, the DNS [1] settings can be changed without your knowledge, to point to rogue DNS servers, which will re-route every Internet based request to hostile territory, for nefarious purposes [2].

The next item you should take care of is to apply the best level of wireless "encryption" [3] that your wireless device is capable of using. This is what will stop almost all War-drivers and nearby snoops from intercepting anything they can make sense of. Right now, WPA2 [4]is the strongest security available in home routers, using a 256 bit key code. Don't even think for one minute that applying the ancient WEP [5] security protocol is going to keep even script kiddies out of your router!

Wireless hackers would have to run a super heavy duty encryption cracking program, over a long period of time, to decipher 256 bit security keys. If somebody is willing to go to that much trouble and resides next door to, or within signal acquisition distance of your location, you'll need to apply the strongest encryption possible, plus some extra measures to lock out unknown devices.

Some of these additional measures include allowing only specified MAC addresses to connect (although these can be spoofed by hackers), or only as many IP addresses to be assigned as required by the wireless devices in your location [6]. For instance, if you have a wireless laptop and wireless hand-held smart device, with your desktop PC hard-wired with a network cable, you only need to assign three wireless IP addresses. There will be a section in the "web" configuration screens of your router that allow you to set how many IP addresses can be assigned to any devices requesting a connection. If you can limit the connections to only what you need for your own internal use, a snooper will not be able to obtain the IP address required to join your network.

There is a new feature showing up on N protocol wireless routers called WIPS [7] which establishes an additional layer of security between a wireless router and the devices known to it. In particular, WIPS detects and takes action against rogue access points, or man-in-the-middle router attacks.This is not an end-all protocol and can be cracked by determined hackers with plenty of time on their hands and gear to do the dirty deed.

Once again, many of the attacks aimed at wireless routers (including breaking WIPS, WEP and WPA) can be thwarted by changing the default login password to the router to a strong code, not easily guessed, or found in a common dictionary.

You can learn more about wireless security development on this Wiki-pedia page. Remember, it takes a combination of techniques to keep determined crackers out of your wireless network. Make it as difficult as possible for unauthorized devices to connect to your network. This way, both your data, including logins and passwords, and your connection itself will remain under your control, as pertains to the wireless network. Protecting your individual devices from attacks from the Internet, via exploits, trickery and social engineering tactics is another matter, beyond the scope of this article.

Stay safe and practice safe Hex!

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.


CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter


Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.


MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.





Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^