Bogus YouTube Emails
Monday, August 27, 2007

The perpetrators of an ongoing malware attack that began with fake eCard notification emails have again changed tactics. The latest distribution of bogus emails contain a link disguised to look like it leads to a YouTube video. However, the link actually opens a website that can download and install a trojan.

I have included three examples of the malware emails below:

Subject: LOL, dude what are you doing

You need to take this offline, it is in everyones email. :-( check it out yourself [Link to malicious website removed]


OMG, what are you thinking

If your dad see this video you made, he is gonna kill you. see for yourself...
[Link to malicious website removed]


Where did you take that?

Dude I know thats you, someone emailed me a link to the video. this is the link to it.[Link to malicious website removed]


As well as these bogus YouTube emails, and fake eCard notifications, the scammers are also sending out fake Membership Confirmation emails. All three types of spam point to web pages containing malware. Once this malware is installed it can then download even more malware components

The tactics used by these Internet criminals is likely to continue changing as they come up with even more ways to trick unwary users into clicking links without due care and attention.

You should be very cautious of any unsolicited emails that ask you to click an included link. It is also vitally important that all Windows users ensure that they have the latest security updates installed and use a firewall along with anti-virus and anti-spyware scanners.

References:
Another eCard twist
Storm Worm using YouTube

posted by Brett Christensen @ 11:40 PM, ,


Facebook Shutting Down Hoax
Thursday, August 23, 2007

Yet another mutant child of the old Hotmail account closure hoax is currently circulating. The message warns that Facebook will close down unless 1 million people join a new group within 7 days.

The warning reads:

FACEBOOK WILL SHUT DOWN IN 7 DAYS IF 1,000,000 PEOPLE DONT JOIN THIS GROUP!
I JUST GOT THE NEWS FROM MARK ZUKERBURG THAT I HAVE TO MAKE A GROUP AND HAVE 1,000,000 PEOPLE JOIN IT IN 7 DAYS OR FACEBOOK WILL SHUTDOWN!

INVITE ALL OF YOUR FRIENDS!

HURRY WE ONLY HAVE 7 DAYS!

This claim is total nonsense. There has been a long line of similar hoaxes that target MSN, Yahoo, AOL, Bebo, Orkut and others. All claim that the targeted website or service will close down unless users work to "save" it by forwarding emails, circulating instant messages or sending out site invitations. All such claims are untrue. Of course, no legitimate company is ever likely to conduct business in this way, least of all one as wildly successful as Facebook.

Given that Facebook had over 34 million active members as of July 2007, I'm pretty confident that the company's management has not been panicked into making absurd and outlandish requests to its users to avoid imminent closure (grin).

In spite of the obvious absurdity of these "closure warning" messages, they still continually circulate.

Other Versions:
Another Hotmail Account Closure Hoax Email
Bebo.com Closing Down Hoax
MSN Messenger 500,000 Signatures Hoax

posted by Brett Christensen @ 5:14 PM, ,


Two Moons on August 27? I don’t Think So, Tim.
Monday, August 13, 2007

As discussed more thoroughly in another Hoax-Slayer article, the "Mars will be close to Earth" hoax has become an annual event. Every July and August, messages claiming that Mars will be close to Earth late in August vigorously circulate. Mars was close to Earth back in August 2003, but this has certainly not been true in the years hence and 2007 is no exception.

Moreover, some versions of the message have become even more wildly exaggerated. One popular version currently circulating claims that we will witness "2 moons on 27th August 2007". According to the message, Mars will look as large as the moon to the naked eye. This is pure nonsense. The claim was untrue even when Mars was actually close to the Earth back in 2003. I remember viewing Mars from my backyard with my children in that year. Certainly it was spectacular, but nowhere near the size of the moon to the naked eye.

In fact, this version misquotes an earlier version. The original stated:

At a modest 75-power magnification Mars will look as large as the full moon to the naked eye.

The new version conveniently omits the "magnification" part.

So, don't be duped. Of course, Mars won't look as big as the moon to the naked eye! In fact, it will not even be particularly close to the Earth in 2007.

Read more information about this hoax

An example of the hoax email:

Subject: 2 MOONS ON 27 AUGUST 2007

27th August 2007, a Monday the Whole World is waiting for.............2 moons on 27th August 2007

Planet Mars will be the brightest in the night sky starting August. It will look as large as the full moon to the naked eye. This will cultivate on Aug. 27, 2007 when Mars comes within 34.65M miles of earth. Be sure to watch the sky on Aug. 27 12:30 am. It will look like the earth has 2 moons.

The next time Mars may come this close is in 2287.

Share this with your friends as NO ONE ALIVE TODAY will ever see it again.

posted by Brett Christensen @ 11:21 AM, ,


Lloyds TSB Phishing Scam
Tuesday, August 7, 2007

One of my email accounts has been hit by multiple, and identical, phishing scam messages that target UK banking group, Lloyds TSB. The scam message claims that there has been unauthorised use of online accounts and instructs recipients to click a link and "confirm" their online banking information.

However, clicking the link opens a bogus "login" web page designed to closely resemble the genuine bank website (see screen shot below). Victims who are fooled into logging on to the fake page will be in fact handing over their login details to identity thieves. Subsequent bogus pages will request further personal information that can also be harvested by scammers.

Phishing scammers regularly target financial institutions such as Lloyds TSB. If you receive any unsolicited email from a bank or other institution that asks you to click an included link and provide sensitive personal information, then you should view the message with the utmost suspicion. If you have any doubts at all about the veracity of the email, contact the institution directly to check.

For more information about phishing scams, see:
Phishing Scams - Anti-Phishing Information

Lloyds TSB has also published information about scam emails on its website.

An example of the scam email:

Subject: Unauthorised use of Lloyds TSB

Dear Customer,

Lloyds TSB has been receiving complaints from our customers for unauthorised use of the Lloyds TSB Online accounts. As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.

Due to this, you are requested to follow the provided steps and confirm your Online Banking details for the safety of your Accounts. Please Click Here To Start .

However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Thanks for your co-operation.

Fraud Prevention Unit
Legal Advisor
Lloyds TSB.


A screen shot of the fake login page:

posted by Brett Christensen @ 5:03 PM, ,


Strange Messages in Spam
Friday, August 3, 2007

As usual, a lot of the spam I've been receiving has the spam "payload" nestled between passages of totally irrelevant words and sentences. For example, the following is a snippet from a Viagra spam:

"yes, god saw her, and¡¡painfully conscious that he was not improving the advantages his alma mater likes if he tries hard enough," he answered, standing very straight and looking "aunt clara says i
"yes, god saw her, and "yes, god saw her, and find them. "now, which will you have?"¡¡in shape again.
in shape again. ¡¡morning, she found the usually orderly room in confusion. some of the girls "now, my dear, make yourself at home," said mrs. many pleasures, except that of charity, and worked so hard that i fear he shortened

Why do spammers include these random passages of text in their messages, you may ask.

Well, spammers include hidden text in their emails in order to try to trick spam filters. A lot of spam filters are configured to detect messages that contain certain words, phrases or ways of structuring sentences that are commonly indicative of spam. If these indicators add up to a significant percentage of the message, the filter will block the message as spam.

The hidden text can effectively dilute the overall "count" of these spam indicators, so that the message can sneak through the filter. Many recipients would not see the hidden text, or even know it existed, but it is easily "seen" by the spam filtering software.

posted by Brett Christensen @ 5:42 PM, ,


Nude Celebrity Malware Emails

Malicious emails that promise the recipient nude pictures of famous female celebrities are currently hitting inboxes. The messages have text similar to the following:

Good day dear!

Shocking photos of nude Nicole Kidman. See it in your attachment

Other stars such as Angelina Jolie and Natalie Portman are also used in the emails.

Opening the zip file atached to the emails will initally install a rootkit and then attaempt to download and install other malware from the Internet. Users should be veru caution of opening unknown email attachments and ensure that anti-virus and computer security software are uptodate and correctly configured.

More information:
Nude Nicole Kidman, Angelina Jolie, Natalie Portman? Sophos warns of email assault

posted by Brett Christensen @ 5:38 PM, ,