Cyber crooks are spitting out vast amount of spam, using an alleged video of Obama making his victory speech. The fake video first surfaced on Wednesday and is slmming the Internet with this infected email. The email actually contains a virus that can steal your identity and also any stored information on your computer system.
According to the Washington Post, it also states that:
The messages, with such subject lines as “election results winner,” and “the new president’s cabinet?” and “fear of a black president,” direct recipients to a site featuring a picture of Obama beneath an official U.S. government seal and the domain name america.gov (the real domain names used to host these fraudulent sites appear to differ from message to message). Beside Obama’s visage is an embedded video player that reads “loading player.” A few seconds after the site loads, the visitor is prompted to download the malware, disguised as “adobe_flash9.exe”.
So be careful when viewing any email that are allegedly from our new President.
Over at the CA security blog, they have done a great job in bringing another of the fake Windows Security Center screens to our attention. The fake screen is so good, that some users can be fooled into thinking it is real. CA states that the fake screen can place a trojan file on your system and falsely advise the user of fake infections. I took a look at the fake screen and noted some minor differences, which many a user may not notice.
In their warning CA states that:
Another fake Windows Security Center has emerged. Much like versions in the past, on appearance this one is nearly identical to the actual Windows Security Center. And like older versions, it is installed by a trojan and falsely warns the user of non-existent infections (the true infection is the fake Security Center). The infection runs as the process seccenter.exe, which launches the fake security center interface. The malicious file is located at c:windowssystem32seccenter.exe. A complimentary process runs here: c:windowssystem32driverslssas.exe. The infection alters the registry settings that deal with a variety of critical system settings such as proxy settings: HKCUSoftwareMicrosoftwindowsCurrentVersionInternet ProxyEnable Settings with the ValueData: “0x0”.
Below is a screenshot of the fake Windows Security Center. I highlighted the key areas in red. Here is what the fake security center looks like:
Now compare that with the legitimate Security Center built into Windows:
The “security center” repeatedly nags the user to download “Windefender 2008” by blocking outgoing Internet connections and opening a security bar like the one below and also by blocking the webpage from loading properly. By limiting the user’s Internet connection to primarily downloading WinDefender 2008 (win-defender(DOT)com/export/shield.php), the user cannot download a legitimate anti-malware product to remove the infection. This is not a new technique – past infections have blocked users from updating their anti-malware products or connecting to legitimate security sites. This infection returns ‘the page cannot be displayed error’ and on that page a link to WinDefender 2008 is also displayed (see what I highlighted in red). Here is what the blocked connection looks like:
What is interesting to note here is that technically, the same trojan that maliciously installed the fake Security Center, could have also installed WinDefender 2008. It is my guess that the malware author thinks users will feel the fake security software is more legitimate if they have to manually download it, instead of it magically showing up on their system and asking for money to activate it — even though hopefully it would raise a red flag for users that all Internet connections are blocked, except to a site wanting money from them (WinDefender 2008). The infection channels the infected users to download WinDefender and hopes the user finds the process legitimate enough to cough up $40.00 to pay for the fake software.
As you can see, the fake screen looks good and may fool the casual user. Pass this on to your family and friends so that they are aware of this potentially dangerous scam.
Oh goodie. Microsoft is going to update WGA [Windows Genuine Advantage] in order to make it simpler. So if I read the explanation that Microsoft is providing, it seems that customers have asked for this. Customers want the simplest way possible to know if their copy of Windows is real or a fake. Microsoft also states that they are concentrating their efforts on Windows XP Pro, because this is where the pirates hang out.
So what happens if your copy of Windows XP comes up as a fake? This:
With this update to WGA Notifications in Windows XP, we’ve implemented a couple of related features that draw on the notifications experience we designed for Windows Vista SP1. After installing this version of WGA Notifications on a copy of Windows XP that fails the validation, most users will discover on their next logon that their desktop has changed to a plain black background from whatever was there previously (see below).
And you will also get this warning:
I’m excited about how this release balances our goals of providing a great experience to those who have genuine Windows and at the same time creating a compelling experience for those who have non-genuine copies to get genuine Windows. As usual I welcome your feedback about this latest release and the program overall. Thanks for reading!
I’m glad someone is excited about this. My only gripe is when WGA doesn’t work correctly, which has happened in the past, a few million or so users suffered. Trying to get your system back up and running as the genuine article can be trying to say the least.
Just one question? Did anyone here call Microsoft and ask for a new WGA ? :-)
Microsoft blog release.
Over at IT Wire they have a story about fake news articles allegedly from CNN or MSNBC, are being spoofed in an attempt to spread malware and spyware onto computer systems. The article states that the amount of fake news spam is about 5 million articles per hour. But is that a lot of spam? According to one source, a recent botnet could actually send out 7.8 billion spams per hour.
For years this has always been a problem that most of us just accept as everyday life on the Internet. We also have learned that our best defense is a reliable anti-virus/spyware program set to monitor the traffic coming into our systems. But these fake news articles are trying to attach themselves to alerts that may appear to be a valid link. What to do?
If you haven’t subscribed to a web site’s alert service, don’t open emails that purport to be such alerts. If you have subscribed, think twice before clicking on the links. The safest approach is probably to open the real site’s home page in your browser and then navigate to the story of interest – if it’s actually there!
In the longer term, a decent spam filter (either running on your computer, your mail provider’s server, or a third-party filtering service) should reduce the amount of spam that reaches you.
So what protections do you have in place? Have you experienced a fake news alert that contained suspected malware? What action did you take? Let us know.
It is rare to see one software product that has caused such a stir. It is usually Norton or McAfee who receives the ‘bad mouthing’, but this time it is AVG with their LinkScanner technology. All over the Internet people and web site owners have been screaming about how AVG’s LinkScanner has created false traffic and has become a royal pain. But AVG took notice and has fixed the problem, I hope. I found this on a forum from an AVG vendor who stated:
Peter Cameron, Managing Director of AVG Australia / New Zealand here again.
As promised, I am letting you know that the latest update for AVG Free edition has addressed and rectified the issue that Simon and other members of Whirlpool (and others) have brought to our attention. This update has now been released to users and has also been built into the latest installation package for AVG Free.
It typically takes several days for all free users to get updated so results of this change should be seen by early next week. A similar update for AVG’s commercial users will be released on Tuesday as previously notified.
We thank you for your feedback. You can see that we do listen to you and take appropriate action as required. We are totally committed to providing maximum protection for our users and for the Internet eco-system as a whole without causing unnecessary disruption.
AVG Australia / New Zealand
Hopefully this will put an end to the controversy once and for all.
MonaRonaDona virus is making its presence known on the Internet and packs a feature that actually wants to sell you fake software. The writers of the software have come up with a message that states:
“Hi, My name is MonaRonaDona. I am a Virus & I am here to Wreck Your PC. If you observe strange behavior with your PC, like program windows disappearing etc, it’s me who is doing all this. I was created as a protest against the Human Right Violation being observed throughout the world & the very purpose of my existence is to remind & stress the world to respect humanity.”
When a unsuspecting users does a search for the virus, they are sent to fake sites that have articles about how to remove the bug, including some fake software that sells for $39. Yes the virus is than removed. But any good anti-virus software will do the same thing.
Over at Kaspersky they have stated:
Researchers at anti-malware software provider Kaspersky Labs theorize that it may be installed when unsuspecting users looking for a bargain install and run a fake utility program called RegistryCleaner 2008.
Bottom line. Be careful out there in cyberspace. The bad guys are always lurking about.
Full story is here.
[tags]monaronadona, virus, fake, software, sell, kaspersky, labs, beware, infection, [/tags]
Just a quick note:
Over at the Sunbelt Blog they have posted another of those fake Microsoft emails that is circulating around the web once again. Make sure you ignore these type of emails. They contain a nasty bug. This one is fairly obvious since the grammer leaves much to be desired. Such as:”Please update your P.C. in maximum 12 hours otherwise your Windows is Expired”. :-)
Full details are here.
[tags]microsoft, fake, email, virus, ignore, [/tags]
The FTC is warning that a fake email is being sent out which appears to be from their agency, but in fact is a virus. Contained in the fake email is an attachment, that if opened, can unleash the viral pest. In a statement released by the FTC it states:
A bogus email is circulating that says it is from the Federal Trade Commission, referencing a “complaint” filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments.
The spoof email includes a phony sender’s address, making it appear the email is from “[email protected]” and also spoofs the return-path and reply-to fields to hide the email’s true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Recipients should forward the email to [email protected] and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.
Simply opening the email does not appear to cause harm. However, it is likely that anyone who has opened the email’s attachment or clicked on the links has downloaded the virus on their computer, and should run an anti-virus program. The virus appears to install a “key logger” that could potentially grab passwords and account numbers. More information about bogus emails, phishing, and virus protection is available at www.OnGuardOnline.gov.
As always, never open an attachment unless you know who the sender is and that you are expecting the email.
Be careful out there in cyberspace. :-)
Full statement is located here.
[tags]ftc, fake, email, attachment, cyberspace, virus, [/tags]