Issue 16 - Hoax-Slayer Newsletter

Issue 16: March 23rd, 2004

This week in Hoax-Slayer:

Phisher Scam targets ABA
New Worm attacks Security Software
Cruel Hoax Upsets Harry Potter Fan
Breast Cancer Donations from M&M's
W32.Netsky.P@mm Worm Still Spreading
Bill Gates is NOT sharing his fortune
Humour: Thanks for the Chain Letters

Hoax-Slayer is a Free Monthly Web-Based Newsletter brought to you by Brett Christensen

The Hoax-Slayer Newsletter keeps you informed about the latest email hoaxes and current Internet scams. Hoax-Slayer also features anti-spam tips, computer security information, pertinent articles and more.

As soon as the newsletter is published each month, subscribers are sent a notification email with a direct link to the latest issue. The Hoax-Slayer Newsletter is absolutely free and you can easily unsubscribe at any time either by following a link in the notification email or visiting the Hoax-Slayer Unsubscribe page.

To get your free subscription, enter your complete email address in the form below and click the "Subscribe" button. Concerned about giving out your email address online? I will never sell or give away your email address, or any other personal information, for any reason what so ever.

Read the Hoax-Slayer Privacy Policy for more information.

Subscribe to the newsletter via RSS feed

Subscription Options in Detail

Phisher Scam targets ABA

The American Bankers Association has joined a long list of financial entities around the world that have been targeted by phisher scammers. The ABA has placed a warning about the new scam on their website. Internet users have reported receiving an email purporting to be from the ABA that tries to trick recipients into providing personal and financial information. The fraudulent email contains an embedded "Credit Card Verification Form" that requests users to enter information directly. It is highly unlikely that the ABA, or any other legitimate financial institution, would send messages that requests sensitive personal information via email.

If you have received a suspect email that claims to be from the ABA, you can forward the message to alert@aba.com.

Read the alert from the ABA.

A sample of one of the scam emails, minus the "Credit Card Verification Form", is reproduced below:

From: American Bankers Association [service@aba.com]
Sent: Friday, March 19, 2004
Subject: Please Read! Imporant Information About Your Credit Card And Its Issuing Bank!

Dear Sir/Madam,

You have been identified as a customer of one of ABA's ( American Bankers Association ) member banks. The American Bankers Association would like to inform You about the adoption of a decision of a new Security Policy. The new policy entered into force on 1st March 2004. Due to the extensive number of credit card frauds, ABA has decided to take preventice countermeasures in order to ensure the highest level of security and safety for the customers of its member banks....

Sincerely,

ABA Customer Service Staff

[TOP]

New Worm attacks Security Software

This week saw the emergence of a new Internet worm that explicitly targets flawed computer security software. The worm, named W32.Witty.Worm after a reference in the worm's code, exploits a vulnerability in ICQ parsing in certain products supplied by Internet Security Systems Inc. The worm can spread itself via IP addresses using UDP source port 4000 and a random destination port and has a destructive payload that can overwrite random sectors of hard drives on the infected computer.

The products affected by this worm are listed below:

BlackICE Agent for Server 3.6 ebz, ecd, ece, ecf
BlackICE PC Protection 3.6 cbz, ccd, ccf
BlackICE Server Protection 3.6 cbz, ccd, ccf
RealSecure Network 7.0, XPU 22.4 and 22.10
RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
RealSecure Desktop 3.6 ebz, ecd, ece, ecf
RealSecure Guard 3.6 ebz, ecd, ece, ecf
RealSecure Sentry 3.6 ebz, ecd, ece, ecf

If you use one of these products on your computer, you are strongly advised to ensure that the relevant patches for the product have been applied.

More information about the worm is available from the following links:
http://www.iss.net/support/wittyworm.php
http://www.symantec.com/avcenter/venc/data/w32.witty.worm.html

[TOP]

Cruel Hoax Upsets Harry Potter Fan

A fourteen-year-old Chilean teenager has become the victim of an Internet hoaxster. The girl had been corresponding via email with someone who claimed to be Daniel Radcliffe, the actor who plays Harry Potter in the hit movies. The teenager was thrilled when "Daniel Radcliffe" invited her to visit him at home in London. However, when the girl and her mother flew to London for the proposed rendezvous, they discovered that it was all just a hoax. Apparently the real Daniel has a policy of never communicating with fans via email and the Internet for both his safety and theirs.

Although the girl is naturally upset and embarrassed by the callous prank she is perhaps luckier than some. Paedophiles have used similar tactics in the past in order to trick children into meeting them.

Source:
http://www.teenhollywood.com/d.asp?r=63245&cat=1027

[TOP]

Breast Cancer Donations from M&M's

Although the email below sounds like a hoax - it even has a request to pass the email on, which is a classic sign of an email hoax - the information it contains is true. A percentage of proceeds from special pink and white M&M bags have indeed been donated to the Susan G. Komen Breast Cancer Foundation.

It is, in fact, quite rare that one of these "pass it on" emails contains truthful information, but this is one of the inevitable exceptions to the rule.

However, the fund rasing effort described is not an ongoing one. Masterfoods ran the fundraiser back in 2003 and, more recently, in late 2004 and early 2005. The recent campaign coincided with National Breast Cancer Awareness Month in October 2004. According to information on the Susan G. Komen website, the special pink and white M&M packets were available at local retailers during September, October and November 2004. Even if the pink and white M&M's are still available, the company has specified a maximum donation amount of $650,000, so the 50-cent per bag donation will stop when this limit is reached.

Therefore, although the information in the email is basically factual, it will not remain so indefinitely. Unfortunately, the email does not contain any date information, so many people will continue to forward the message in the mistaken belief that the fund rasing campaign is still running. In fact, the message has continued to circulate since the first campaign started in 2003 although for much of that time no such campaign was in operation. Before forwarding such messages it would be wise to verify that the promotion described is still current by seeking information on the M&M's homepage.

After the pink and white M&M's are no longer available in retail outlets, the special packets may still be available via the M&M's online store.

New M&M colors Pass this on to all of your friends. There are many women out there who have breast cancer. Lets do all we can to support this cause. New Pink White M&M's.

The makers of M&M candies has teamed up with the Susan G. Komen Breast Cancer Foundation to raise funds through the sale of their new " pink & white " M&M candies. For each 8-ounce bag of the special candies sold, the makers of M&M(Masterfoods) will donate 50 cents to the foundation. The next time you want a treat, please pick up a bag (now sold in stores nationwide) - you will be donating to a great cause and satisfying your sweet tooth.

Please pass on to all your family and friends. -- Thank you.

[TOP]

W32.Netsky.P@mm Worm Still Spreading

W32.Netsky.P@mm is another variant of Netsky that scans the hard drives and mapped drives of the infected computer for email addresses and sends itself to them using its own SMTP engine. It can also spread through file sharing programs. The worm is also known as W32.Netsky.Q@mm. Symantec has given this worm a Catagory of 3 out of 5.

The email carrying the worm has the following characteristics:

Email Subject Line:

Below are some subject lines that might be used by the worm.

Re: Encrypted Mail
Re: Extended Mail
Re: Status
Re: Notify
Re: SMTP Server
Re: Mail Server
Re: Delivery Server
Re: Bad Request
Re: Failure
Re: Thank you for delivery
Re: Test
Re: Administration
Re: Message Error
Re: Error
Re: Extended Mail System
Re: Secure SMTP Message
Re: Protected Mail Request
Re: Protected Mail System
Re: Protected Mail Delivery
Re: Secure delivery
Re: Delivery Protection
Re: Mail Authentification
Mail Delivery

Email Body:

Below are some of the messages that might be used by the worm.

Please see the attached file for details
Please read the attached file!
Your document is attached.
Please read the document.
Your file is attached.
Your document is attached.
Please confirm the document.
Please read the important document.
See the file.
Requested file.
Authentication required.
Your document is attached to this mail.
I have attached your document.
I have received your document. The corrected document is attached.
Your document.
Your details.

Access more information.

[TOP]

Bill Gates is NOT sharing his fortune

I've written about this hoax before, but it fascinates me that it is still circulating in spite of very thorough debunking on sites across the length and breadth of the Internet. If there was an Academy Award for "most widespread and enduring email hoax", then the Money from Microsoft hoax would certainly be one of the nominees.

I think people forward this email onward, just on the off chance that it just might be true. You know, best hit the "forward" button,"just in case". It really is about time that this tired old hoax was laid to rest....preferably in the "Deleted Items" folder.

Here something that you might want to read it was on the news .
Subject: FW: PLEEEEEASE READ!!!! It was on the news!

Dear friends,
Something to share with all of u. Would u believe if this is true? Readon..... For those who need money badly and this is one opportunity to try it! I'm an attorney, and I know the law. This thing is for real. Rest assured AOL and Intel will follow through with their promises for fear of facing a multimillion-dollar class action suit similar to the one filed by PepsiCo against General Electric not too long ago.

Dear Friends,
Please do not take this for a junk letter. Bill Gates is sharing his fortune. If you ignore this you will repent later. Microsoft and AOL are now the largest Internet companies and in an effort to make sure that Internet Explorer remains the most widely used program, Microsoft and AOL are running an e-mail beta test. When you forward this e-mail to friends, Microsoft can and will track it (if you are a Microsoft Windows user) for a two week time period. For every person that you forward this e-mail to, Microsoft will pay you $245.00, for every person that you sent it to that forwards it on, Microsoft will pay you $243.00 and for every third person that receives it, you will be paid $241.00. Within two weeks, Microsoft will contact you for your address and then send you a cheque.
Regards.
Charles S. Bailey
General Manager Field Operations
[CONTACT INFORMATION REMOVED]

I thought this was a scam myself, but two weeks after receiving this e-mail and forwarding it on, Microsoft contacted me for my address and within days, I received a cheque for US$24,800.00. You need to respond before the beta testing is over. If anyone can afford this Bill Gates is the man. It's all marketing expense to him. Please forward this to as many people as possible. You are bound to get at least US$10,000.00. We're not going to help them out with their e-mail beta test without getting a little something for our time. My brother's girlfriend got in on this a few months ago. When I went to visit him for the Baylor/UT game. She showed me her check. It was for the sum of $4,324.44 and was stamped "Paid In Full". Like I said before, I know the law, and this is for real Intel and AOL are now discussing a merger which would make them the largest Internet company and in an effort make sure that AOL remains the most widely used program, Intel and AOL are running an e-mail beta test.

[TOP]

Humour: Thanks for the Chain Letters

This one was sent to one of my Yahoo groups:

To my friends, thanks for sending me chain letters in 2003:

I stopped drinking Coca Cola after I found out that it's good for removing toilet stains.
I stopped going to the movies for fear of sitting on a needle infected with AIDS.
I smell like a dog since I stopped using deodorants because theycause cancer.
I don't leave my car in the parking lot or any other place and sometimes I even have to walk about 7 blocks for fear that someone will drug me with a perfume sample and try to rob me.
I also stopped answering the phone for fear that they ask me to dial a stupid number and then I get a phone bill from hell with calls to Uganda, Singapore, Dominican Republic and Tokyo.
I also stopped eating chicken and hamburgers because they are nothing other than horrible mutant freaks with no eyes or feathers that are bred in a lab so that places like McDonalds can sell their Big Macs.
I also stopped drinking anything out of a can for fear that I will get sick from the dried rat feces and urine.
When I go to parties, I'm always worried that some guy will take my kidneys and leave me taking a nap in a bathtub full of ice.
I also donated all my savings to the Amy Bruce account. A sick girl that was about to die in the hospital about 7,000 times. Funny that girl, she's been 7 since 1993...
I went bankrupt from bounced checks that I wrote whilte expecting the thousands of dollars that Microsoft and AOL were supposed to send me when I participated in their special e-mail program.
My Ericcson phone never arrived and neither did the passes for a paid vacation to Disneyland.
But I am positive that all this is the cause of a stinking chain that I broke or forgot to follow through on and I got a curse from hell.

IMPORTANT NOTE: If you send this e-mail to at least 1200 people in the next 10 seconds, a bird will crap on you today at 5pm.

[TOP]