Issue 18 - Hoax-Slayer Newsletter

---

This week in Hoax-Slayer:

• Trojan Phisher Scam Targets Major Banks
• Virus Infection "Warning" Points to Trojan
• The Jamie Bulger Email Petition
• Virus Report
• Happy Easter - Easter Egg Hunting
• Top 4 Hoax and Scam Submissions this Week
• Humour: Microsoft Janitor

---

Customers of major Australian banks have reported receiving emails that claim a substantial amount of money has been withdrawn from their accounts. In order to make the message seem legitimate, the emails arrive in HTML format and generally include a logo stolen from the targeted bank's website. A link included in the email supposedly leads recipients to the bank website to seek "technical assistance". The intention here is to panic gullible recipients into clicking on the link provided in order to gain details regarding the apparent withdrawal. ANZ, National, Commonwealth and Westpac have all been targeted.

At face value, this sounds like a typical phisher scam. However, those who click on the link in the bogus email may inadvertently download a trojan that will automatically be executed on their computer. This trojan is configured to log keystrokes that are entered into specific websites and email the information to the scammers. When a window that contains certain specified title phrases is opened, the key logger begins recording any information that is entered. This information could be passwords, account numbers, and other personal information. The specified title phrases are associated with a number of major financial institutions both in Australia and elsewhere in the world. Thus, even recipients of the scam emails who are not customers of the targeted bank can have sensitive information stolen if the trojan infects their system.

The scammers have manipulated the link in the bogus email so that it resembles a normal text link. However, those who click on the link are first taken to a webpage where the trojan is downloaded before being redirected to the real bank website. This happens quite quickly and users may not even be aware that a download and redirection has taken place.

The example below is directed at ANZ customers, but virtually identical emails target National, Commonwealth and Westpac banks. The amount specified varies.


More detailed information.

---

Another fraudulent email has been hitting inboxes this week. The email points to the same trojan discussed in the bank scam story above but uses a different tactic. The message claims to be a warning that the recipient's computer has been infected by a worm and advises that an update be downloaded via the link provided. As with the bank withdrawal notification emails (see above) the link is cleverly disguised so that those who click on it may have a trojan downloaded to their system before being directed to a legitimate website. The actions taken by the trojan are also identical to those discussed in the story above.

To add a veneer of legitimacy, the scam emails use the name of a real virus, Netsky.b and the links provided point to legitimate anti-virus companies, including McAfee and Panda AntiVirus.

An example of one of the emails is included below:

---

In spite of the fact that this petition is hopelessly out of date, it is still circulating. It still regularly crosses my inbox and has been submitted by site visitors several times in the last month or so.

Although the case in question is true, this petition is now way outdated and has degenerated to little more than junk email. The boys who committed this horrendous crime were released in 2001, so the continuation of this petition in 2004 and beyond is simply a waste of time and bandwidth.

In any case, these sort of email petitions are almost completely pointless, as these lists of names rarely get to where they are supposed to nor are they taken in any way seriously by politicians or any one else in authority. Regardless of any intrinsic value that email petitions might possess, in this case, one fact is paramount. Rightly or wrongly, these boys have already been released, and no amount of email signitures is going to change this.

Unfortunately, in spite of the best intentions of the individuals who put their names on this petition, the most useful thing to do with it is to highlight it and press DELETE.

---

It seems that viruses are becoming more and more complex as time goes by. The emails that carry a typical modern virus tend to have characteristics that vary considerably and use complex combinations of subject lines, messages and attachment names. This can make the provision of a clear and concise write-up on such a virus somewhat problematical in a newsletter format. In view of this, I'm trying a new format for passing on virus information. This format will simply provide a brief overview of the latest and most significant viruses and include a link where readers can access detailed information.

I would be pleased to hear from readers with regard to this. Is this format the way to go? Comments or ideas on this or any other aspect of the newsletter are most welcome.

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

• W32.Sober.F@mm spreads as an email attachment. It sends itself to email addresses it finds on the infected computer using its own SMTP engine.
  
  
• W32.Bugbear.C@mm steals information from the infected computer. It uses its own SMTP engine to send itself to email address it finds on the infected machine.
  
  
• W32.Netsky.T@mm is yet another variant in the Netsky series of mass mailing worms. The worm can carry out a Denial of Service (DoS) attacks on certain web sites.
  
  

---

Happy Easter to all those who celebrate this holiday!

If you have some spare time over the Easter break, you might like to explore some of the Easter eggs that are hidden within your computer software. An Easter egg, apart from the chocolate variety, is hidden code or functionality within a computer program that can do unexpected and amusing things.

A good site for Easter eggs.

I hope everybody has an enjoyable break.

---

As the Hoax-Slayer site becomes more well known, more and more site visitors have been good enough to submit examples of hoax or scam emails they have received. If you receive any such emails, I would appreciate it if you would send me a copy.

---

1. In number one spot for submissions this week are lottery scams. A number of people have received and submitted examples of these scams. I've been communicating with a site visitor who is pretending to be taken in by one of these lottery emails. So far the scammers have requested a fee of $2600 supposedly to cover delivery costs for the money and have sent photographs of the "winnings" to back up their spurious claims
   
   I will be updating the Lottery Scam page in the near future in order to provide more in-depth information as well as more examples.
   
   
2. As usual, site visitors have submitted a number of Nigerian scam emails and I have received several to my spam account as well.
   
   
3. The Teddy Bear virus hoax comes in at number 3 this week.
   
   
4. Coming in at number four is the long-lived and widespread Money from Microsoft hoax
   
   

---

A new take on an old joke:

---

An unemployed man goes to apply for a job with Microsoft as a janitor.

The manager there arranges for him to take an aptitude test (Section: floors, sweeping and cleaning). After the test, the manager says, "You will be employed at minimum wage, $5.15 an hour. Let me have your e-mail address, so that I can send you a form to complete and tell you where to report for work on your first day."

Taken aback, the man protests that he has neither a computer nor an e-mail address.

To this the MS manager replies, "Well, then, that means that you virtually don't exist and can therefore hardly expect to be employed."

Stunned, the man leaves. Not knowing where to turn and having only $10 in his wallet, he decides to buy a 25-pound flat of tomatoes at the supermarket. Within less than two hours, he sells all the tomatoes individually at 100 percent profit. Repeating the process several times more that day, he ends up with almost $100 before going to sleep that night.

And thus it dawns on him that he could quite easily make a living selling tomatoes. Getting up early every day and going to bed late, he multiplies his profits quickly. After a short time he acquires a cart to transport several dozen boxes of tomatoes, only to have to trade it in again so that he can buy a pickup truck to support his expanding business. By the end of the second year, he is the owner of a fleet of pickup trucks and manages a staff of 100 formerly unemployed people, all selling tomatoes.

Planning for the future of his wife and children, he decides to buy some life insurance. Consulting with an insurance adviser, he picks an insurance plan to fit his new circumstances. At the end of the telephone conversation, the adviser asks him for his e-mail address in order to send the final documents electronically.

When the man replies that he has no e-mail, the adviser is stunned, "What, you don't have e-mail? How on earth have you managed to amass such wealth without the Internet, e-mail and e-commerce? Just imagine where you would be now, if you had been connected to the Internet from the very start!"

After a moment of thought, the tomato millionaire replied, "Why, of course! I would be a floor cleaner at Microsoft!"

Moral of this story:

1. The Internet, e-mail and e-commerce do not need to rule your life.

2. If you don't have e-mail, but work hard, you can still become a millionaire.

3. Seeing that you got this story via e-mail, you're probably closer to becoming a janitor than you are to becoming a millionaire.

4. If you do have a computer and e-mail, you have already been taken to the cleaners by Microsoft.

---

---