Beware Earthquake & Tsunami Scams

First, my heart-felt best wishes go out to those directly affected and those who have families and friends in Japan.  Events there have been devastating to say the least, and I hope that no more people are injured as a result of this catastrophe.

There will undoubtedly be many spam and malicious emails floated about the Internet, posing as relief efforts, charities and even news footage of the events unfolding and aftermath.  These scams will be used to deliver malware to your computer, fleece you of your money, and take advantage of human suffering and good will.  Don’t fall for these malicious campaigns. 

• Donate only to charities that you known and trust.
• Go to their known websites on your own, do not follow links in dubious emails.
• Do not give out your personal or credit card information to inbound phone callers.
• Use the Charities Listings provided by Canada Revenue Agency or the US IRS.

Malware Tracking Spam

Oh you rascals.  Hahaha.  It seems that there is a parcel enroute to my address.  No idea who it’s coming from, or even why.  It’s not even my birthday. 

Good folks at DHL are on the ball, and sending it to me.  I am so excited!  I wasn’t expecting a parcel.  But they assure me it is coming.  And SOON!  Seven days!  I can hardly contain myself.  I’m just dying to find out what’s inside.  It could be treasure!  Or a pair of mismatched and poorly fitting mittens from Aunt Ann.  She’s a sweetheart, but her eyesight’s going.  You ought to see those knitting needles fly, though…

Oh, look the email that DHL sent me to advise that the mystery parcel is on its way has a handy attachment that contains “more information and the tracking number”.  Well, I’ll be.  That is so handy!  Now why do you think they wouldn’t just put the tracking number into the email itself?  Probably some pointy-haired manager made a policy decision before going for lunch.  You know the type.  “Security-minded”. 

The attachment is a ZIP file, so it must be safe.  I’ve received ZIP files from all over the place.  That guy my sister married, what-his-face, the one in IT, he sends them over to me all the time.  I should probably double click that file so I can see what’s inside of it.  Maybe it has clues as to the contents and sender…  It says DHL_Document.zip, so I’m pretty sure that must be what it is.

DHL is a big company.  They are SO big in fact that they don’t just use names on their email addresses.  Why, looking at this email, coming from support61m@dhl.com, they have to number their employees just to keep track of them!  Imagine how many there must be if this came from number 61 in the support department.

DHL works so hard to get my parcels to me.  FAST.  They really should slow down though.  Their sentence structure and grammar is terrible.  I should reply to these nice folks, let them know I got their email, and thank them for being so considerate.  Oh, look, there’s another one.  And one from Purolator.  Wow, and another one.  I can’t wait to get all of these packages!  Someone loves me.  They really, really love me!!

Dear customer.

The parcel was send your home address.

And it will arrice within 7 bussness day.

More information and the tracking number

are attached in document below.

Thank you.

2011 DHL International GmbH. All rights reserverd.

Beware Of Email Offers

Many people are fooled by phishing spam.  Even more people don’t know what the hell I’m talking about when I say that.  Let’s start from the beginning…

Long ago, spam was just a luncheon meat popular with frugal moms, not so popular with their offspring.  Then some clown decided to start sending out email messages that pretended to be from someone’s friends in order to get them to buy a product or click on a link that would gain money for the sender of the message.  Well, like all bad ideas, some other idiots decided that since the original clowns seemed to be getting rich using this marketing method, it cost virtually nothing to implement, and the law didn’t seem to be able to deal with them effectively, adopted the idea for direct fraud and larceny.  Malware could be delivered in this manner.  Malware that is intent on stealing from your bank account, poaching your credit card numbers, grabbing your personal information and stealing your identity so that large loans can be taken out in your name and never repaid, traffic offences can be committed and attributed to you, and illicit behavior can be blamed on you instead of the actual peretrator.

Phishing spam was almost totally focused on banks in the early days, immitating bank password change notiifications and other standard communications to get the recipients to share their online passwords and personal verification questions with them so that they could drain the recipients’ accounts.  Now a change has occurred as the banks are able to identify, react, take-down and otherwise deal with the problems these issues have posed.  The focus is now on recognized consumer brands.  Everyday products and services that appeal to a wide audience.

Anyway, CA (Computer Associates) has a good article showing how these guys have progressed from simple text based messages, to messages with logos, to full on, authentic looking marketing emails that connect the unsuspecting recipient to a website, compromised or fraudulent, that delivers the payload.  In this case, the payload appears to be Fake-AV, a type of phony anti-virus product designed to get the recipeint to “buy” their fake product.  So you spend $50 on a fake product.  Big Deal, right?  Unh-unh.  You lose fifty bucks for sure, but you have also given a definite miscreant your credit card number, allowed them to check if it is valid, and sent them off on a shopping spree!!

CA

Caution FIFA Fans! Beware PDF Files

  Security researchers are issuing their annual warning regarding an ongoing targeted email attack using a FIFA World Cup-themed lure.  The intention of this one is to trick users into opening a malicious PDF file.  The PDF file targets a code execution vulnerability in Adobe Reader that was patched in February (CVE-2010-0188).

The FIFA World Cup is the most important football (soccer of Americans) competition and arguably the most watched regular sport event in the world.  The 19th edition of the event will kick off on June 11, 2010 in South Africa.  The current attack misuses the name and intellectual property of a renowned African safari organizer called Greenlife Africa.  Greenlife produces an informative and useful PDF guide to the World Cup.  The attackers have downloaded Greenlife’s PDF, and changed it to include malicious code, explains Symantec.  They also point out that a worker from “a major international organisation that brings together governments from all over the world,” was among the targets of this email attack.  The wording in the email suggests that attackers intended to trick consulates and tourism authorities into distributing the PDF file through official channels to the general public. 

Successful exploitation by this PDF will result in several encrypted executable files being dropped and executed on the system.  This threat also features a rootkit component, installing itself as a service called “Remote Access Connection Locator.”  This malware agent might also be capable of self-propagation on local networks.  Symantec warns that detection rates are currently very low.  Users of Adobe Reader and Acrobat older than 9.3.1 or 8.2.1 are urged to upgrade immediately to the latest version.

Symantec Notes

Beware Haiti Help Scammers

As is typical with spam and scam scumbags, the roaches are crawling out of the woodwork to solicit your help getting aid out to Haiti.  Only, they are looking to fleece you for all you are worth for the purposes of helping themselves.  Fake charities are popping up everywhere, and email barrages are being found trying to entice you to visit a fake website, contribute to “the cause”, and then take your credit card information as well.

 Don’t fall prey to highly unethical, callous and selfish cretins.  Research charities to find those that are reliable and contribute what you can. 

CBC’s reaching out and helping out:  http://www.cbc.ca/canada/story/2010/01/13/f-emergency-contacts-haiti-relief-aid.html

CRA’s registered charity list:  http://www.cra-arc.gc.ca/tx/chrts/menu-eng.html

CBC’s background on the scammers:  http://www.cbc.ca/consumer/story/2010/01/14/consumer-haiti-donations-scams.html