Issue 44 - Hoax-Slayer Newsletter

---

This week in Hoax-Slayer:

• Breast Cancer Site Email (Not a Hoax)
• PayPal Phisher Scam Email
• Virus Report: Weekly Virus Wrap-Up
• Mobile Phone Virus Hoax
• Thunderbird Email and News Client

---

---

A fairly regular visitor to inboxes around the world is an email that asks people to visit the Breast Cancer site and click on a button to help pay for mammograms for underprivileged women. Although the email has some of the characteristics of a hoax, the information it contains is true. The Breast Cancer site is real and money paid by site advertisers does indeed go towards providing free mammograms. This is a worthy cause and I would encourage readers to visit the site and click on the "Fund Free Mammograms" button.

From the site FAQ:



An example of the email message:

Discuss This Story

---

A number of phisher scam emails have been targeting the online payment company, PayPal over the last week or so. I have received several identical scam messages to different Hoax-Slayer email accounts with the subject line "PayPal Very Important Warning". An example of the scam email is included below.

The scam email is cleverly formatted to closely resemble an official PayPal message and includes PayPal logos and links that lead to real PayPal and eBay web pages. However, the account log-in link in the bogus email leads to a fraudulent website that is virtually identical to the real PayPal log-in page. Links and buttons on the fake website also lead to real PayPal web pages in an effort to further convince victims that the page is genuine.

During my investigation of the scam example I have included below, I logged on to the fake site using a made up user name and password. I was then presented with a web form that requested information such as credit card details, address details, social security number, bank account numbers and more. Information submitted via this form will be sent directly to the scammers.

Even though I provided an invalid user-name and password, the fake site still "let me in" and requested sensitive information. Neither the fake log-in page nor the web form itself were secure. That is, they did not have "https://" in the web address and the lock icon was not present in the web browser status bar. If a user entered invalid log-in details into the real PayPal sign-in page an error message would result. Also, the real sign-in page and any form that you were required to fill out would definitely be secure pages on the legitimate PayPal site

At this point I would like to stress that clicking on the links in scam emails is an unacceptable security risk that should be avoided. Sometimes, clicking such links can open a webpage that allows a malicious program such as a Trojan to be downloaded to your system. I accessed and examined the bogus website under controlled conditions so that I could offer a more detailed analysis of this phisher scam. Normally, the best course of action if you receive a phisher scam email is to delete the message or forward it to the company targeted, without clicking any of the links provided.

I have noticed that phisher scams have become increasingly sophisticated over the last year or so. Earlier phisher scam emails could often be easily identified by poor presentation, spelling and grammar. However, it seems that the scammers have effectively honed their skills in what has proven to be an exceptionally lucrative enterprise for them. As this PayPal example illustrates, newer phisher scam emails are near clones of the real thing and it is not surprising that they continue to gain new victims every day.

Any unsolicited email that advises you to click on a link and provide sensitive information on a web page should be treated as a possible phisher scam. It is highly unlikely that any legitimate company would use such a method.

More information about phisher scams

---

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

---

Several variants of the Beagle worm have been spreading. Symantec has given one of these, W32.Beagle.AV@mm, a threat severity assessment level of 3 out of 5. This worm spreads via email and file sharing networks. The "From" field of infected emails will be spoofed and the subject will be one of the following:
* Re:
* Re: Hello
* Re: Hi
* Re: Thank you!
* Re: Thanks :)

A removal tool for the Beagle worm is available.

---

VBS.Yeno.C@mm is worm that sends itself to email address harvested from the Microsoft Outlook address book. Infected emails will have the following subject line and body.

Subject:
Fw: I give you again

Email Body:
Spidey has give you some password of xxx site (cute) Spidey

Another variant, VBS.Yeno.B@mm, has very similar characteristics.

---

Internet Worm SMTP Engines Explained
Email Worm Spoofing - Spoofing Explained

Discuss This Story

---

Variants of this hoax have been circulating since 1999. The information in the email is completely untrue and has certainly not been "confirmed by both Motorola and Nokia". If a virus had really destroyed the mobile phones of 3 million US users it would be a major news story around the world. There is nothing on the CNN site about this virus nor does a search of Google News reveal any articles that confirm the story.

However, there are legitimate news articles about a real mobile phone virus that was discovered back in June 2004. This worm, dubbed "Cabir" is basically a "proof of concept" virus and does little damage. Vnunet.com reports that the first outbreak of this virus "in the wild" occurred in Singapore in early October. Although Cabir is virtually harmless, it does indicate that mobile phone virus attacks are possible and may become a significant threat in the future. News of Cabir may also be giving new life to this old mobile phone virus hoax.

The "warning" should be deleted without forwarding. Any "virus warnings" received via a forwarded email should not be taken at face value. Always take the time to confirm the information at a reputable anti-virus website.


Discuss This Story

---

If you are looking for a sleek, efficient and safer alternative to Outlook Express, then you might like to check out the Mozilla Thunderbird email and news client. Thunderbird has a user friendly and elegant interface and Outlook Express users should have little trouble making the transition.

Thunderbird has an excellent built-in spam filter that makes handling junk mail very simple. It is also safer and more secure than some other email clients. Thunderbird will not allow email worms to execute automatically. Also, it will not allow script code to be run just by opening a message unless you have specifically configured it to do so.

It offers support for multiple accounts, an excellent built in spell-checker, a number of ways to sort your mail and many more features. Another plus is that Thunderbird is a cross-platform application that is available for Windows, Linux and Macintosh operating systems.

I have now been using Thunderbird for several weeks and it has proven to be quite stable on my Windows XP system. And, by the way, Thunderbird is completely free!

Find out more about Thunderbird
Why You Should Use the Mozilla Thunderbird E-mail Program.

Have you say about Thunderbird

---

---