Issue 18 - Hoax-Slayer Newsletter
Issue 18: April 9th, 2004
This week in Hoax-Slayer:
Trojan Phisher Scam Targets Major Banks
Customers of major Australian banks have reported receiving emails
that claim a substantial amount of money has been withdrawn from
their accounts. In order to make the message seem legitimate, the
emails arrive in HTML format and generally include a logo stolen
from the targeted bank's website. A link included in the email
supposedly leads recipients to the bank website to seek "technical
assistance". The intention here is to panic gullible recipients
into clicking on the link provided in order to gain details
regarding the apparent withdrawal. ANZ, National, Commonwealth
and Westpac have all been targeted.
At face value, this sounds like a typical phisher scam.
However, those who click on the link in the bogus email may
inadvertently download a trojan that will automatically be
executed on their computer. This trojan is configured to
log keystrokes that are entered into specific websites and email
the information to the scammers. When a window that contains certain
specified title phrases is opened, the key logger begins
recording any information that is entered. This information could
be passwords, account numbers, and other personal information.
The specified title phrases are associated with a number of major
financial institutions both in Australia and elsewhere in the world.
Thus, even recipients of the scam emails who are not customers of the
targeted bank can have sensitive information stolen if the trojan
infects their system.
The scammers have manipulated the link in the bogus email so that
it resembles a normal text link. However, those who click on the
link are first taken to a webpage where the trojan is downloaded
before being redirected to the real bank website. This happens
quite quickly and users may not even be aware that a download
and redirection has taken place.
The example below is directed at ANZ customers, but virtually
identical emails target National, Commonwealth and Westpac
banks. The amount specified varies.
Subject: Notification on transfer from your ANZ bank account
More detailed information
We are informing you that today, the amount of $719.00 AUD has been drawn
out of your account.
Technical assistance of ANZ Bank
[LINK TO BANK REMOVED]
Virus Infection "Warning" Points to Trojan
Another fraudulent email has been hitting inboxes this week.
The email points to the same trojan discussed in the bank scam
above but uses a different tactic. The message claims to be
a warning that the recipient's computer has been infected by a
worm and advises that an update be downloaded via the link
provided. As with the bank withdrawal notification emails
(see above) the link is cleverly disguised so that those who
click on it may have a trojan downloaded to their system
before being directed to a legitimate website. The actions taken
by the trojan are also identical to those discussed in the story
To add a veneer of legitimacy, the scam emails use the name of a
real virus, Netsky.b and the links provided point to legitimate
anti-virus companies, including McAfee and Panda AntiVirus.
An example of one of the emails is included below:
Subject: Attention! Your computer has been infected!
Your computer has been infected with a virus Netsky.b.
In order to avoid losing valuable information we suggest you
to urgently download an update from this link:
Technical assistance of Antivirus Company.
The Jamie Bulger Email Petition
In spite of the fact that this petition is hopelessly out of date,
it is still circulating. It still regularly crosses my inbox and
has been submitted by site visitors several times in the last
month or so.
Although the case in question is true, this petition is now way
outdated and has degenerated to little more than junk email. The
boys who committed this horrendous crime were released in 2001,
so the continuation of this petition in 2004 and beyond is simply
a waste of time and bandwidth.
In any case, these sort of email petitions are almost completely
pointless, as these lists of names rarely get to where they are
supposed to nor are they taken in any way seriously by politicians
or any one else in authority. Regardless of any intrinsic value
that email petitions might possess, in this case, one fact is
paramount. Rightly or wrongly, these boys have already been
released, and no amount of email signitures is going to change
Unfortunately, in spite of the best intentions of the individuals
who put their names on this petition, the most useful thing to
do with it is to highlight it and press DELETE.
Do you remember February 1993 when a young 3 yr old was taken
from a shopping mall in Liverpool by two 10-year-old boys.
Jamie Bulger walked away from his mother for only a second
and Jon Venables took his hand and led him out of the mall
with his friend Robert Thompson. They took Jamie on a walk
for over 2 and a half miles, along the way stopping every
now and again to torture the poor little boy who was crying
constantly for his mommy. Finally they stopped at a railway
track where they brutally kicked him, threw stones at him,
rubbed paint in his eyes and pushed batteries up his anus.
It was actually worse than this... What these two boys did
was so horrendous that Jamie's mother was forbidden to
identify his body. They then left his beaten small body
on the tracks so a train could run him over to hide the
mess they had created. These two boys, even being boys,
understood what they did was wrong, hence trying to
make it look like an accident.
This week Lady Justice Butler-Sloss has awarded the two boys
anonymity for the rest of their lives when they leave
custody with new identities. We cannot let this happen. They
will also leave early this year only serving just over half
of their sentence. One paper even stated that Robert may go
on to University. They are getting away with their crime.
They disgustingly and violently took Jamie's life away -
in return they get a new life. Please read it carefully....
then add your name at the end... and send it to everyone
you can! Please add your name and location to the list and
send it to friends and family. Please copy this e-mail
(highlight text, right click, copy and paste into a new
email) instead of forwarding so we do not get arrows at
the beginning of the sentences. If you are the 220th person
to sign, please forward this e-mail to [*email address
removed*] and attention it to Lady Justice Butler-Sloss.
Then start the list over again and send to your friends
and family. The Love-Bug virus took less that 72 hours
to reach the world. I hope this one does as well. We
need to protect our family and friends from creatures
like Robert and Jon. One day they may be living next
to you and your small children, without your knowledge.
If Robert and Jon could be so evil at 10 years old,
imagine what they could do as adults!
[Many names and area addresses removed]
It seems that viruses are becoming more and more complex as time
goes by. The emails that carry a typical modern virus tend to
have characteristics that vary considerably and use complex
combinations of subject lines, messages and attachment names.
This can make the provision of a clear and concise write-up on
such a virus somewhat problematical in a newsletter format.
In view of this, I'm trying a new format for passing on virus
information. This format will simply provide a brief overview
of the latest and most significant viruses and include a link
where readers can access detailed information.
I would be pleased to hear from readers with regard to this. Is
this format the way to go? Comments or ideas
on this or any
other aspect of the newsletter are most welcome.
The list below represents some of the most significant new virus
threats identified by Symantec Security Response
over the last few days.
- W32.Sober.F@mm spreads as an email attachment. It sends itself
to email addresses it finds on the infected computer using its
own SMTP engine.
- W32.Bugbear.C@mm steals information from the infected computer.
It uses its own SMTP engine to send itself to email address it finds on
the infected machine.
- W32.Netsky.T@mm is yet another variant in the Netsky series of
mass mailing worms. The worm can carry out a Denial of Service (DoS)
attacks on certain web sites.
Happy Easter - Easter Egg Hunting
Happy Easter to all those who celebrate this holiday!
If you have some spare time over the Easter break, you might like
to explore some of the Easter eggs that are hidden within your
computer software. An Easter egg, apart from the chocolate variety,
is hidden code or functionality within a computer program that
can do unexpected and amusing things.
A good site
for Easter eggs.
I hope everybody has an enjoyable break.
Top 4 Hoax and Scam Submissions this Week
As the Hoax-Slayer site becomes more well known, more and more
site visitors have been good enough to submit examples of hoax
or scam emails they have received. If you receive any such
emails, I would appreciate it if you would send me a copy
- In number one spot for submissions this week are lottery scams.
A number of people have received and submitted examples of these
scams. I've been communicating with a site visitor who is
pretending to be taken in by one of these lottery emails. So far
the scammers have requested a fee of $2600 supposedly to cover
delivery costs for the money and have sent photographs of the
"winnings" to back up their spurious claims
I will be updating the Lottery Scam page in the near future in order to provide more in-depth information as well as more examples.
- As usual, site visitors have submitted a number of Nigerian scam
emails and I have received several to my spam account
- The Teddy Bear virus hoax comes in at number 3 this week.
- Coming in at number four is the long-lived and widespread Money
from Microsoft hoax
Humour: Microsoft Janitor
A new take on an old joke:
An unemployed man goes to apply for a job with Microsoft as a
The manager there arranges for him to take an aptitude test
(Section: floors, sweeping and cleaning). After the test,
the manager says, "You will be employed at minimum wage,
$5.15 an hour. Let me have your e-mail address, so that I can
send you a form to complete and tell you where to report for
work on your first day."
Taken aback, the man protests that he has neither a computer
nor an e-mail address.
To this the MS manager replies, "Well, then, that means that
you virtually don't exist and can therefore hardly expect to
Stunned, the man leaves. Not knowing where to turn and having
only $10 in his wallet, he decides to buy a 25-pound flat of
tomatoes at the supermarket. Within less than two hours, he
sells all the tomatoes individually at 100 percent profit.
Repeating the process several times more that day, he ends
up with almost $100 before going to sleep that night.
And thus it dawns on him that he could quite easily make a
living selling tomatoes. Getting up early every day and
going to bed late, he multiplies his profits quickly.
After a short time he acquires a cart to transport several
dozen boxes of tomatoes, only to have to trade it in again
so that he can buy a pickup truck to support his expanding
business. By the end of the second year, he is the owner of
a fleet of pickup trucks and manages a staff of 100 formerly
unemployed people, all selling tomatoes.
Planning for the future of his wife and children, he
decides to buy some life insurance. Consulting with an
insurance adviser, he picks an insurance plan to fit his
new circumstances. At the end of the telephone conversation,
the adviser asks him for his e-mail address in order to
send the final documents electronically.
When the man replies that he has no e-mail, the adviser is
stunned, "What, you don't have e-mail? How on earth have
you managed to amass such wealth without the Internet,
e-mail and e-commerce? Just imagine where you would be now,
if you had been connected to the Internet from the very
After a moment of thought, the tomato millionaire replied,
"Why, of course! I would be a floor cleaner at Microsoft!"
Moral of this story:
1. The Internet, e-mail and e-commerce do not need to rule
2. If you don't have e-mail, but work hard, you can still
become a millionaire.
3. Seeing that you got this story via e-mail, you're probably
closer to becoming a janitor than you are to becoming a
4. If you do have a computer and e-mail, you have already
been taken to the cleaners by Microsoft.
The Hoax_Slayer Newsletter is published by:
All Rights Reserved
©Brett M. Christensen, 2009
Questions or Comments