Tax Time Tricks
Those located in the US will likely have tax preparation on their minds in the coming weeks…and, likewise, that topic will also be of major interest to spammers and scammers looking to exploit the upcoming April 15 filing deadline. Recent reports are already confirming a rise in phishing messages purporting to come from the U.S. Internal Revenue Service, aimed at tricking taxpayers into falling for a scam.
We have a few simple tips from the experts at Lavasoft to help you stay on guard this tax season and ensure your private information does not get intercepted by cyber thieves – you’ll find them online in the March issue of Lavasoft News. And for all those who are not in the midst of tax season, the rest of this month’s newsletter is packed with the latest security news and threat updates – browse through it today.
Fraudulent SMS domains!
Lavasoft Malware Labs recently had a closer look on an IP range full of hoax sites. Reverse IP on 78.129.142.235 will reveal around 200 fraudulent domains which are hosted in United Arab Emirates. Most of the sites hosted under 78.129.142.235 will use and take advantage of already existing products from the security industry and other popular software. The examples below display their way to make illegal domains look reliable.
hxxp://7zip-2009.info
hxxp://Directx-full.info
hxxp://Icq-full.info
hxxp://Messengerplus-2009.info
hxxp://Safari-full.info
hxxp://Winrar-2009.com
hxxp://Www-kaspersky.info
The victims are tricked into a “SMS trap” where they are offered freeware/Trial products for “~3$” per SMS. The only developing costs for the villains are actual time on making homepages look legitimate/trustworthy and to “steal” others freeware products.
The first picture shows the site hxxp://adaware-full.info/se/. This “fake domain” distributes the free version of Ad-Aware AE and uses screenshots from the real program to entice users to make a purchase.
The goal is to redirect the user to a site full of flags as you can see in the second picture.
If the user chooses to click on one of the flags, a telephone number will pop up in a new window. The victim will then send a SMS to the specific number to purchase an access code.
This is a smart, cheap and easy way to trick people into buying freeware, so remember to be careful and suspicious if you end up at “dodgy” SMS pay sites.
New Rogue: SpywareFighter
Today a new rogue was discovered called Spyware Fighter. It is following the normal patterns with false detections and trying to scare the user into buying a license to clean them.
Further it has the classic user friendly home page available under a few similar named domains.
SpywareFighter was added to detection in release 0146.0017.
In the News
Not to be missed news – in the March 2009 issue of (IN)SECURE Magazine, a digital security mag that takes on today’s hottest information security topics, there are two contributions from Lavasoft that make for an interesting read.
For your reading pleasure, take a look at our CEO Jason King’s interview with (IN)SECURE’s Chief Editor, Mirko Zorz. You’ll also find an article by Lavasoft malware analyst, Pekka Andelin, that explores the ins and outs of ISP level malware filtering.
The magazine is available, free of charge, for download on (IN)SECURE’s website.
The 13th
Your Stories
Not too long ago, we called on our Ad-Aware users to write in with their thoughts and stories of what our software has meant to them over the past decade.
We're humbled and flattered - not to mention extremely appreciative - of all of the e-mails that have poured in to help celebrate Lavasoft's 10th year in the anti-spyware industry. We'd like to share a few of these stories with you:
"One day, my sister called me and said her new PC was running very slow and sluggish, and she stated that it was not like her PC to run like that. I asked if she was running an anti-virus program and firewall, and if she had ever heard of Ad-Aware. I told her to go CNET and download the free version and she did! No more than an hour later she e-mailed me and said that her new PC had about 30 malware programs and Trojans on it. I said, well, get rid of them - she did and got back to me just bragging about how I saved her PC. I said, no honey it was not me, it was Ad-Aware that did it. Her new PC is now running just like the day it came out of the box! And I am so happy for her!"
-Donald in Georgia, USA
"I'm a 53 year old granny from Finland and have had a computer with an Internet connection a long, long time... I'm living my happy life with my love.. and with several computers. All of our computers have Lavasoft's Ad-Aware which we trust and is easy to use.
For us, the security of the Internet is the most important thing. Though my personal laptop is only under my use and no one has entrance to it without my permission, the Internet is not a very safe place anymore. Luckily, there are good virus and "bug" protection programs to help us to keep our machines clean and functional. I wish that one day our home can be kept clean just as easily.
Thank you, Lavasoft, for good programs which help me to enjoy the world that this wonderful Internet provides me. I can't think of any other way to explore the whole world and find the information we need, not to mention the amusement that the Internet provides us. Thank you, Lavasoft, for helping me to keep my online life secure."
-Merja in Kirkkonummi, Finland
"I have used the Lavasoft products for many years now both those that were free downloads and those that I had to pay for. They are all good products and have recommended them to a number of friends that have businesses of their own.
My son who is a chiropractor and my daughter in-law who is an eye doctor have both used them in their offices. Why? Because they are safe and secure products that people can rely on time and time again. So in closing let me just say thank you for all the free downloads my friends have used, and thank you for the paid products and great support through the years."
-Mike in Illinois, USA
For more words from your fellow Ad-Aware users, take a look at the February issue of Lavasoft News.
2 New Rogue Anti-Virus Programs
Some new rogue anti-virus programs to be aware of...First out is XPVirusProtection with a standard looking website.
This rogue is also available under a different name, TotalVirusProtection, with an identical interface.
The second rogue in today's lineup is MalwareDoc. Comparing its web page, it is a clone of a previously known rogue, AntispyKnight.
As always, stay away from these fraudulent applications.
The Demographics of ID Theft
Think identity theft can't happen to you? If you're a woman, your odds of being an identity theft victim may be higher just by virtue of being female.
According to statistics from a new study, women are 26% more likely than men to be fraud victims. Reuters reports a few other interesting bits of data from the Javelin Research fraud study, which was released at the start of the week:
- ID theft is becoming more widespread; in 2008, nearly 10 million American victims lost $48 billion
- The fraud rate was found to be highest among people 35 to 44 years of age
- Those with salaries over $75,000 were more likely to be fraud victims than those who earned less
How can you protect your valuable private data? Whoever you are . no matter your gender, age, or income - you'll find information on how to reduce your risk of identity theft and fraud in the Lavasoft Security Center.
Chinese Computer Security
We've all heard that China has a bad reputation for being one of the global hotspots for malware distribution, but we should remember that the computer users there are victims as well.
Our CEO, Jason King, is in China right now, and has some very interesting statistics coming out of the security industry there.
When compared to the rest of the world:
- 26% of virus infected PCs are located in China
- 81% of individual PC users currently have malware on their machines
- 80% of Chinese enterprises have been a victim of an external malware attack
- Surveys show rapid deterioration in the situation in China
- Over 65% of Chinese PCs users reported account theft and information hijack between 2003-2007
- There was an approximate 2100% increase in malware attacks toward servers 2003-2007
So, while there is a host of malware coming out of that market, they are certainly not immune to the effects.
Source: www.antivirus-china.org.cn
Ad-Aware Anniversary Edition - In Your Words
We're happy to announce that reviewers around the world are taking notice of the new, lighter, faster version of Ad-Aware Anniversary Edition. But more importantly, we're getting great feedback from our users. Here are a few examples of what people from around the globe are saying:
"I would like to let you know that the Anniversary Edition is more powerful than Ad-Aware 2008 Pro....You did a great job of just not tweaking it but building a better system."
-Joe in Bowie, USA
"Thank you for your prompt reply and help. Yes I have downloaded the Anniversary edition and what a great improvement it is. I am thrilled with all the new features. Congratulations to all at Lavasoft for a job well done."
- Terry, New Zealand
"I have been using Ad-Aware for many years" Last week I downloaded your free Anniversary Edition. It works better, easier to use than the former one. In a few words: "It is really great." ...Just wanted to say thank you for your new free Anniversary Edition. Besides my comments, this e-mail has the intention of expressing my sincere: "Thank you so very much for offering this type of great programs to people all over the world."
- Gerd, Bolivia
Check out the improved features and compare how Ad-Aware stacks up against the competition.
New rogue: Antispyware3000
Antispyware3000 is a typical rogue. It shows a lot of false positives for files that do not even exist on the drive. However, for some reason, their full scan does not show these hits.
Looking closer at the interface, it is clear that this is a clone of the already known rogue Antivirus XP Pro. Proof for this can also be found by clicking around on their home page.
Waledac Questions Answered
[Visualization of Waledac courtesy of Sudosecure.net]
We took some commonly asked user questions about this threat to Jeremy Conway, an independent security researcher at Sudosecure.net who has been closely tracking Waledac. Read our Q & A below to learn more.
How closely have you been following Waledac? When did it first appear?
"Waledac first appeared mid December, and I have been aggressively tracking it since the 2nd of January. To track this worm, I have written several scripts that aggressively exploit the Double Fast Flux structure of the Waledac Botnet. Waledac infected computers that have public IP addresses (those not behind a NAT) serve two additional functions when compared to infected computers with private IP addresses (behind a NAT), which are a HTTP proxy function and a Fast Flux Name Server function. My scripts crawl these Fast Flux Name Servers performing Domain to IP DNS requests to identify newly infected computers. The other portion of my tracking consists of retrieving the Waledac Trojan executable every 30 minutes and performing a simple MD5 against it to identify new versions as they are made available through the HTTP web proxies. These HTTP web proxies are infected computers that pass the latest web theme/campaign and Waledac Trojan to end users visiting any of the current Waledac Domain names. These proxies hide the real web servers from the public and researches to protect the true command and control servers for the Waledac botnet."
How are computer users most commonly getting infected?
"The Waledac botnet's main purpose is to spew out spam. Spam templates are passed in an HTTP peer to peer network structure between infected computers, which is why many researchers are referring to the Waledac Trojan as an HTTP P2P botnet. This HTTP P2P structure is also used to pass other infected computer IP addresses to ensure communication and spam templates are maintained and distributed to the HTTP bots in a timely manner.Computer users are infected using social engineering spam messages. There have been several different themes/campaigns for these social engineering techniques. The first was a Christmas theme in which a user was told he or she has received a postcard or e-card from a friend and was asked to download it. The second major theme was a political theme attempting to exploit the inauguration and popularity of President Obama. This theme sent several spam messages that appeared to be related news such as "Barrack Obama has refused to be President". These spam messages linked to a fake blog site with President Obama's photo on it. On this fake blog site, all links prompted the end user to download and execute the Waledac Trojan. The third and present theme is a Valentine's theme and spam messages like "Someone loves you".
Spam messages are also sent out for pharmaceutical messages, such as the ever popular "Canadian Pharmaceutical" spammed sites. These sites have been covered in the past by numerous researchers and even the news media, as they offer discount drugs without a prescription. One of the most popular items being pushed by these sites is Viagra and other male enchantment drugs."
What is the scale of the botnet of compromised PCs being created? What region has the majority of infected PCs?
"The Waledac Botnet is approximately 20,000 - 30,000 infected nodes and growing. This estimate was derived from crawling the botnet and analyzing infected lab computers as they communicated with the botnet.According to my tracking scripts China appears to be the region hit the hardest, followed by The Republic of Korea, and then the United States. I was personally surprised to find the United States as the third most infected region since the Barrack Obama theme appeared to target the United States specifically."
What is known about the authors of this malware?
"Very little is truly known about the real authors of the Waledac Trojan, but it is suspected that the Russian Business Network (RBN) is involved. I believe this suspicion stems from so many researches believing Waledac is the Storm Worm replacement. It had been suspected that the RBN was behind the Storm Worm as well."
What tips would you give everyday computer users for how to prevent getting infected?
"The best advice I can give computers users is to not download executable files from sites that claim you need to install them to view additional content on the web site. Most legitimate web sites do not ask users to download additional software to view their content. Another piece of advice I can give is to not open email messages from people you do not know, and never follow the links inside of these messages if you do by chance open them. After that, it would be advisable to ensure their antivirus software is up to date and running."
For more information and detailed graphs visualizing Waledac, visit sudosecure.net.
- 1 of 34
- ››
You Should Know...
Subscribe to Blog
Categories
- Beta Testing (23)
- Developer Comments (15)
- Everyday Life at Lavasoft (73)
- Industry and Security News (148)
- Lavasoft Products (90)
- Law Enforcement and Legal Action (35)
- News about Lavasoft (45)
- Researcher Comments (33)
- Riff Raff (18)
- Rogues (1)
- Security Alert (1)
- Security Alerts (54)
- Security Tips (49)
- Uncategorized (1)
- Website News (9)
Archives
- February 2009 (11)
- January 2009 (11)
- December 2008 (14)
- November 2008 (12)
- October 2008 (15)
- September 2008 (12)
- August 2008 (11)
- July 2008 (14)
- June 2008 (15)
- May 2008 (15)
- April 2008 (15)
- March 2008 (16)
- February 2008 (16)
- January 2008 (13)
- December 2007 (9)
- November 2007 (13)
- October 2007 (13)
- September 2007 (14)
- August 2007 (15)
- July 2007 (11)
- June 2007 (12)
- May 2007 (10)
- April 2007 (15)
- March 2007 (21)
- February 2007 (15)
- January 2007 (15)
- December 2006 (9)
- November 2006 (9)
- October 2006 (11)
- September 2006 (5)
- July 2006 (4)
- April 2006 (1)
- March 2006 (2)
- November 1999 (2)
- March 2009 (1)
Social Web