Malware Mailing May Have Been a Test

Written by Sue Walsh on September 7, 2009

The malware infected CDs mailed to several credit unions late last916549_four_cds_1 month may have been part of an authorized pen test. The SANS Internet Storm Center said they were notified by Microsolved that they are responsible for the mailing.

Starting a few weeks ago, credit unions around the country began receiving a set of CDs in the mail along with a letter that claimed to be from the National Credit Union Administration. It was a fake fraud alert that urged the recipient to review the documents on the CDs, claiming they were training materials, and was riddled with poor spelling and grammar:

“The NCUA has warned numerous times about “phishing” scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies or government agencies asking consumers to “re-submit” or “verify” confidential information such as bank accounts, Social Security Numbers, passwords, and personal identification numbers…

Please read the included document, as it contains important training and informational material regarding the risks of fraud…”

The NCUA immediately issued an alert warning credit unions not to run the CDs as they may cause a security breach. It’s not yet known exactly what was on the CDs but according to Microsolved it was simply a test to gauge how many employees would fall for the scam and run the CDs. So far there have been no reports of any breaches or harm caused by the mailing.

Twitter hit by spam wave

Written by Dan Blacharski on August 10, 2009

Twitter hit by DOS attackTwitter has been in the news the past few days, and it’s not been pretty. On Wednesday, the Mashable blog reported that scads of Twitter accounts were seen sending out Twitter spam with URL links all at once. The spam was not being generated by run-of-the-mill spam accounts that were created just for the purpose of disseminating spam, but rather, they were regular accounts that had obviously been hijacked. Spammy tweets had been going out by the hundreds, making it appear to many people that their friends were recommending a get-rich-quick scheme, which of course, they were not.

Continue reading Twitter hit by spam wave»

Phishing Down Under

Written by Dan Blacharski on June 30, 2009

The Sydney Morning Herald reported yesterday that a new scam is making the rounds in the land down under. A perpetrator of a phishing scam has created an email scam, claiming to be the Australian Tax Office (ATO). The email promises Aussie taxpayers a $250 bonus with their tax return, and sends them to an online form that asks for their tax information, along with their bank account data.

The web site containing the form then asks the victim to mail a printed copy of the form to an address. The print-and-send is just a ruse though, the data is actually captured through a hack when the victim presses the “print” button. The email, like many such scams, attempts to create a sense of false security, by claiming the print-and-send routine is being done for the victim’s safety.

Officials still have not been able to trace the source of the fraudulent email sender, who is using a bot network to send the emails. The ATO recommends that people delete emails like this immediately, and advises that they do not ask people to provide personal information by email. The same holds true for most, if not all, tax collecting agencies in other countries.

Grand Jury Indicts 4 In Huge College Spam Ring

Written by Sue Walsh on May 11, 2009

A Missouri grand jury has indicted 4 men, including a pair of brothers, for their roles in a huge spam operation which spammer3irtargeted over 2,000 colleges. Authorities say Amir Ahmad Shah and his brother Osmaan created a program that harvested over 8 million student addresses from those colleges. Those addresses were then sent thousands of spams hawking such things as digital cameras and spring break specials. In order to gain the students’ trust, the brothers claimed to be campus representatives and that the businesses were alumni-owned, both of which were untrue

          “Nearly every college and university in the United States was impacted by this scheme,” Matt Whitworth, acting U.S. attorney for the Western District of Missouri, said in a statement. “Illegal hacking and e-mail spamming wreaks havoc on computer networks. These schools spent significant funds to repair the damage and to implement costly preventive measures to defend themselves against future intrusions.”

The operation allegedly netted over $4.1 million. The Shah’s and their company face 26 charges of aiding and abetting each other to access a protected computer without authorization and transmit commercial emails with the intent to deceive or mislead the recipients about the origin of the messages, as well as with conspiracy to engage in an unlawful spam operation and multiple charges of fraud using computers and email. They face a minimum of 10 years in jail as well as stiff fines.

Spammers gaming Google, beware of strange Polish domains in search results

Written by Dan Blacharski on April 17, 2009

Next time you do an Internet search to find a part for your old classic Ford, be careful what links you click on. Recent reports highlight an interesting technique for sending out spam ads by gaming the Google search engine. The spam operators target people using the Google search engine to search for Ford and Nissan parts. After a search is conducted, the results are full of spammy sites that won’t sell you a carburetor, but will download malware onto your computer and try to sell you a bogus anti-virus program. 

Many of the URLs are unusual, often with several numbers and from Polish domains. When the searcher clicks on the link, they go to a web page where they become a victim of a drive-by download, which is designed to cause the victim’s computer to generate pop-up ads and issue a security warning. The warning tells the victim they have a virus, and must purchase a security program.

The combination of Polish domains and automotive results is what caught my eye on this issue. Curious Polish domains concerning automotive care are no stranger to me. A Google search on my name will serve up hundreds of articles and links to my books, as well as links to Polish web sites that talk about automotive repair. But, in my case, it’s not scareware, it’s just because my last name is strikingly similar to the Polish word used for an auto body repair shop. 

But aside from that curiosity, the bogus URLs are a real threat, and one of the only web site spam attacks out there that actually target a specific brand. So if you’re looking for a part for an old Ford Galaxie, and you see a link from a Polish domain, it can be one of two things. It may really be someone in Poland that has a legitimate web site to sell car parts. You may even be directed to a “blacharstwo,” or an auto body repair shop. Maybe one of my relatives. But more than likely, it’s part of a scareware scam.

Citibank Falls for Nigerian Scam

Written by Sue Walsh on March 3, 2009

citiYes, that’s right. Citibank, one of the largest financial institutions in the country, fell for the old 419 spam. Federal authorities have indicted a Nigerian man for attempting to scam the bank out of over $27 million! Here’s how the scam worked, according to the New York Times:

          To carry out the elaborate scheme, prosecutors in New York said on Friday, the man, identified as Paul Gabriel Amos, 37, a Nigerian citizen who lived in Singapore, worked with others to create official-looking documents that instructed Citibank to wire the money in two dozen transactions to accounts that Mr. Amos and the others controlled around the world.

The money came from a Citibank account in New York held by the National Bank of Ethiopia, that country’s central bank. Prosecutors said the conspirators, contacted by Citibank to verify the transactions, posed as Ethiopian bank officials and approved the transfers.

Continue reading Citibank Falls for Nigerian Scam»

Fake Greeting Card Emails Resurface

Written by Carl E. Reid on November 5, 2008

Over the last few months I’ve noticed a resurgence of e-card spam scam from our unfriendly neighborhood spammers.

According to security expert Bill Mullins, in the last year, email inboxes have being swamped with similar scamming emails from fraudulent sites like Greetings.com, and 2000Greetings.com, amongst others.

This time around, the domain name being used by these scammers is Greetingcard.org, which is a legitimate site of The Greeting Card Association, a greeting card industry trade association. This organization makes no bones about it when it says on its website, “We do not publish cards, nor do we have an e-card pick up. If you receive an e-card notification from our association, it is fraudulent and should be deleted”.

Continue reading Fake Greeting Card Emails Resurface»

Trojan Compromises Over 300,000 Accounts

Written by Sue Walsh on November 4, 2008

Over the past three years a powerful Trojan maintained by a cybercrime organization has been responsible for stealing the usernames and passwords of nearly half a million bank accounts and nearly as many credit card numbers. Researchers captured some of the Trojan’s (known as Sinowal, Mebroot or Torpig) code and used it to track down its drop server full of the stolen information. Further research showed it’s been active since early 2006.

The Trojan works by waiting for the user to enter the URL for a banking or credit card site. Once it senses one, it replaces it with a fake one that captures the user’s details. So far it’s known to have the ability to sense nearly 3,000 different URLs, and is not detected by most anti-virus programs. It does this by using a rootkit to infect a PC’s master boot record, making it practically invisible.

Continue reading Trojan Compromises Over 300,000 Accounts»

MillerSmiles.co.uk Provides Latest Anti-Phishing Updates

Written by Carl E. Reid on October 27, 2008

 MillerSmiles.co.uk is one of the internet’s leading anti-phishing sites, maintaining a massive archive of phishing and identity theft email scams.  This organizations provides the latest information on phishing scams.  MillerSmiles.co.uk actually keeps its phishing database updated from contributions from people around the world, including email administrators.

Continue reading MillerSmiles.co.uk Provides Latest Anti-Phishing Updates»

French President Falls for Phishing Scam

Written by Sue Walsh on October 22, 2008


French president Nicolas Sarkozy is a victim of a phishing scam. French officials confirmed yesterday that he had money stolen from his bank account after inadvertently giving scammers his username and password through what was later found to be a phishing email.

           “[This] proves the system of Internet checking is not infallible,” French secretary of state for consumer affairs Luc Chatel said. “These cases are sufficiently rare that we haven’t had to really organize ourselves, but [are] sufficiently serious for us to reflect on how to improve the system.”

President Sarkozy filed a complaint with police and an investigation is ongoing. The specifics of the attack haven’t been released and officials say the president’s bank could face sanctions if it’s found their security procedures, or lack thereof, contributed to the hacker’s attack.