#ClickSmart Tip!

Think your computer is immune to viruses? Think again! #ClickSmart this season to keep all your holiday cheer. 

iPhone 6 Launches Millions of Scam Messages

The new iPhone 6 has gone on sale around the world, sparking long lines and campouts, and a whole lot of buzz. Unsurprisingly, internet scammers quickly took advantage of the frenzy to distribute their wares.

Immediately following the unveiling of the new iPhone 6 and iPhone 6 plus, scammers accordingly began circulating email and web scams attempting to capitalize on its popularity. The gambits however take many forms.

For instance, Hoax-Slayer uncovered a bogus Facebook competition offering the ability to “win a new iPhone 6 by carrying out three easy steps.” To get a chance to win, the site claims that users must first like the site's Facebook Page and then further promote the site by sharing a link with Facebook friends. They are then instructed to go to a second page on the site to download a ‘Participation Application.’ But, a pop-up window will direct users to a list of links that open third-party survey websites.

And here’s where the real malicious activity starts: many of these ask users to submit their mobile number, which, in turn, will subscribe them to a premium SMS service that charges several dollars every time the scammers send the victim a message.

Others collect names, addresses and phone details, which can be used for a variety of nuisance campaigns.

“Meanwhile, the scammer who created the fake promotion will earn a commission via a suspect affiliate marketing scheme each time you fill in a survey and provide your details,” Hoax-Slayer explained. “And, each time you return to the download page, the pop-up will inform you that the survey was not completed properly or there was a 'small error'. You will be urged to participate in yet another survey. But, no matter how many surveys you complete, you will still not get to download your 'application'.”

In one of the many other campaigns, spammers are using an iPhone 6 giveaway email to lure in potential victims; they are asked to follow instructions in the email to click on a link to, yet once again, a survey, but instead, an adware install will commence. Since Sept. 12, AppRiver researchers have seen nearly 1 million messages associated with this specific campaign.

“Adware is a form of software that is meant to generate revenue for its author by automatically displaying advertisements,” explained AppRiver researcher Troy Gill, in a blog. “Adware is not typically anything more than an annoyance but can often seriously infringe on users' privacy. This particular strain has a wide array of functionality and can make a victim’s web browsing experience fairly miserable.”

These types of scams, of course, also carry the possibility of malicious activity in the form of man-in-the-middle attacks, malware deployments and phishing.

“Though its presence is not secret, it is quite good at embedding itself into the victim’s system and can be quite difficult for the average user to remove,” Gill said. “Remember, advertisements promising you something for nothing are almost always too good to be true.”

Instagram users targeted with spam

It's almost a given that any social service, network or app that attracts a large number of users will eventually be facing the spam and scam problem.

It happened to Facebook, Twitter, YouTube, Pinterest and many others, and Instagram - the popular photo sharing application and the network of users that grew up around it - is no exception.

Symantec researcher Satnam Narang shared the example of a spam campaign that he encountered when a user commented on a photo of his, saying that the Best Buy was giving away $100 gift cards for free to Instagram users.

The offered shortened link takes the users to a page where they are asked to input their cell phone number in order to win the card, and only if they scroll all the way down will they be able to notice the fine print saying that prior to qualifying for their prize they will be presented with optional third party offers, and that they need not to complete the offers in order to qualify.

The third party "offers" look like this, and is not really clear what exactly they are offering:


Notice that the offers can be skipped without inputing the information, but the links to do so are difficult to notice as they are small text links put in the upper right corner and designed to blend in with the background.

The collected information is likely to be used for future spamming, but it's likely that users have also unknowingly agreed to subscribe to a pricy service.

"If you have given your cell phone number up during one of these scams, be sure to check your next phone bill to see if there are any unwanted charges on it for some kind of subscription service," says Narang.

He also advises users to report these type of offers by clicking on the wheel icon in the top-right corner of their Instagram profile and reporting the user that posted them.

As we haven't seen an overwhelming amount of spam hitting Instagram users, I guess that some of the changes the service has introduced do work.

Hoax: Apple is giving away macbooks

Received this on my IM from a friend. Sometimes I really question the AI of the bots. (click to enlarge)

Double checked on the sources:
http://techjost.com/2011/11/05/spam-alert-apple-is-giving-away-5000-macbooks-today-in-honor-of-him-steve-jobs/

Sometimes I just wanna strike up a proper conversation, so can't they be any cleverer?

Spam e-books plague Amazon's Kindle store

If you are a regular customer of Amazon's Kindle store, you could already be aware of the fact that spammers are using it to fleece customers out of their hard-earned cash by tricking them into buying bogus e-books.

The scam is made possible by the fact that anyone can publish an e-book on Amazon and offer it for sale. Unfortunately, there is no barrier to publishing as many e-book as one wants, and scammers have jumped at the opportunity.

The scammers can either use an already published e-book, change the title, author and cover and pass it off as a completely different book, or they can use a piece of software that packages public domain content, equips it with a cover and title and submits it for sale.

All in all, the process is very fast and allows scammers to churn out dozens or even more titles a day. Since Amazon doesn't charge for the publishing of e-books or making it available in the store, if the bogus titles are bought even a couple of times, the scammer has earned enough money to justify the time spent on it.

Amazon does try to weed out these books, but a 48-hour approval process obviously allows quite a few of them to slip through unnoticed, mixed with the legitimate titles.

According to Eric Mack, a longer checking process might help with weeding out the offending e-books. Another simple but likely effective solution would be to institute a charge for everyone who wants to publish an e-book on Amazon.

"Charging authors $50, $20 or even just $10 to publish to Amazon would drastically cut back potential profits for spammers, and any author that spent months or years crafting a quality work should have no problem shelling out a small amount to access a global market and ensure that there's fewer titles to weed through," he believes.

Christmas Spam in February?

Holidays like Christmas and Valentine’s Day inevitably come with threats related to the holidays themselves. These attacks have become more persistent throughout the years, perfectly timed to dupe the greatest number of users with the most appropriate social engineering techniques for their holiday of choice.

Just today, we saw a certain spam run that seems a little bit too late or, seen in another way, a little too early for the season it’s supposed to ride on.

Christmas greeting cards are being spammed out with messages similarly fashioned to those from popular websites known for free e-card sending services.

The messages arrive with a file attachment in .ZIP format, which the recipients must open to view the e-card. Of course, the file in the .ZIP file being an e-card is just as accurate as it is being the Christmas season in February. The .ZIP file contains malicious files that Trend Micro now detects as WORM_PROLAC.SME, WORM_PROLAC.AB, and WORM_PROLAC.AA. When executed, WORM_PROLAC.SME drops a file detected as TROJ_CUTWAIL.IZ. It also has rootkit capabilities that allow it to hide its processes and files from users. Similar to WORM_PROLAC.SME, WORM_PROLAC.AB has rootkit capabilities and drops several files detected by Trend Micro as TROJ_HILOTI.SMAE, TROJ_FAKEAV.SM3, and TROJ_HILOTI.SME1.

Such threats, it seems, will be seen as long as holidays are observed, as these events, in one way or another, affect users’ computing behaviors. Whether they’re deployed at the right time or not, users should remain vigilant and keep themselves protected.

Scammers using IM to deliver "IQ Test" spam

An IM variant of the well-known "Solve the IQ test, get your results on you mobile phone" scam has been spotted by a Trend Micro analyst.

He received a couple of messages via Yahoo! Messenger, apparently sent from his cousin's account to all her friends:

The format of the message exchange convinced him that he was chatting with a bot. He followed the link, solved the test and was presented with the following request:

A quick look at the "Summary of Terms" at the bottom of the page revealed that apart from gaining your phone number and probably spamming you some more in the future, the scammers are also trying to get you to part with your cash.

If you enter your cell phone and press the "See My Results" button, you are simultaneously agreeing to subscribe to receiving some mobile content, and for this service you will be charged from $9,99 to $19,99 per month.

On a side note - if you want to see what bots are capable of doing on social networks, go here.

Phishing campaign targets McDonald's fans

A widespread spam campaign that is promising cash in return for completing a McDonald's customer satisfaction survey has been uncovered. The emails, claiming to be sent by 'McDonald's Survey Department' and with the subject line 'McDonald's Customer Survey' direct recipients to the survey that poses questions on McDonald's food.

Once the survey has been completed, computer users are asked to provide a raft of personal information, including their credit card number and security code, so that they can receive a $90 payment for taking the time to complete the questions.

"Exploiting online surveys is a popular way for scammers to make money as legitimate customer satisfaction surveys are increasingly common," said Graham Cluley, senior technology consultant at Sophos. "Although it's not unusual to be offered a reward or the chance of a prize for completing an online survey, a legitimate questionnaire will never ask you to part with your card details. I'm afraid anyone hoping to receive the cash from this survey is more likely to have their account emptied by the spammers."

"It's ironic that some internet users may actually be more likely to hand over their credit card information because they are more used to receiving phishing emails pretending to come from online banks, not burger joints," explained Cluley. "The truth is, however, that phishers can use a multitude of disguises - posing not just as online banks, but social networks, online stores, web email providers and now fast food giants too."

OMG! Profile Spy targeting Facebook users

Facebook users are a curious lot, and one of the things that seemingly regularly piques their interest is the opportunity to see who views their profile.

Posts that read "OMG OMG OMG... I can't believe this actually works! Now you really can see who views your profile!!! WOAH --> (link to site)" popping up on users' pages and Friend Feeds have ben seen in the last couple of days, but - All Facebook warns - don't go falling for this recycled scam.

The provided links will take you to pages outside Facebook designed to convince you that if you post the exact message you have fallen for on different places on your Facebook page, you will be allowed to download Profile Spy - a fake application that supposedly lets you see who viewed your profile:

Of course, after you have done all this, you won't be able to download the offered application, but you will be asked to complete a number of surveys and to register for a mobile service that costs $19.99 per month.

While experience users are able to spot scams like these from a mile away, there are always novices at Facebook and at computers that could be fooled. If you know any, do them a favor and educate them about the existence of the "OMG! You won't believe it!" scams.

Malicious PDF spam with Sality virus

Malicious spammers will try every approach they can think of to make you open the attachments included in emails.

Sophos warns that a malicious email containing the following text has been dropped into inboxes around the world:

"Hey man.. Remember all those long distance phone calls we made. Well I got my telephone bill and WOW. Please help me and look at the bill see which calls where yours ok.."

You surely don't remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls.pdf attachment, but don't let your innate curiosity get the better of you.

The attached file is crafted in such a way that it can exploit a vulnerability in how Adobe Reader handles TIFF images, and proceeds to download and execute a Trojan that loads the Sality virus into your system's memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit and kills anti-virus applications.

Having an up-to-date version of Acrobat Reader and of an anti-virus solution installed can help detect this threat, but teaching yourself to detect suspicious emails such as this one is also a great idea.

Just remember that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette - the odds are stacked heavily against you.

Fake Facebook account deactivation email

Sunbelt reports that in a spam run that may at first glance appear to be a phishing attempt aimed at getting your login credentials, mailboxes around the world have been filled with an email supposedly coming from "The Facebook Team":

Since the latest changes of Facebook's security settings have caused quite a stir, and many people did deactivate their accounts, it is obvious that these spammers count on people who haven't to be worried that their account has been mistakenly deactivated.

Luckily for them, a click on the "Sing In" link in the email does not take them to a phishing site, but to a Canadian Pharmacy site that tries to peddle their wares. Annoying? Yes - but less harmful than phishing.

Still, users should be careful when clicking on links in emails and avoid those in unsolicited emails.

Email Attack Targets HR Departments

The global recession has brought a shortage of jobs, but job seekers are not the only ones who are targeted by malicious emails and scams.

A targeted attack aimed at human resources departments and hiring managers in the U.S. and Europe was spotted this week -- and sent 250,000 emails during a four-hour period yesterday at the height of the assault.

TrendLabs has recently spotted an email spam campaign that contains just one line of text:

The Resume_document_589.zip file attached to the message is supposed to be the CV in question, but is actually a zipped-up malicious .exe file that drops a Trojan downloader into the victim's system.

The attack had morphed today, with a modified binary, and a different subject line and email message. The theme was the same, though: a prospective application with a CV attached. A CV campaign is still ongoing right now [as of 5:30 UK time], sending to hundreds of thousands of recipients.

Most users and especially HR managers wouldn't be fooled into opening the attachment, but for those who are not familiar with this type of spam, the curiosity might prove too much.

It is good to remember that unsolicited emails should be carefully analyzed - if you're not expecting such an email, and you don't recognize the sender's name or email address, it is best to pass up on opening attachments or following embedded links.

Fake Amazon "Deal of the Day" emails doing rounds

Fake Amazon newsletters have lately become regular visitors in inboxes around the world, says Trend Micro.

With "Amazon.com Deal of the Day" in the subject line, coming from seemingly legitimate Amazon email addresses, and looking a lot like legitimate newsletters with product endorsements coming from the online retail giant, the spam campaign was probably pretty successful.

A click on any image or link embedded into the email would lead the victim to a possibly malicious site.

According to the various entires on Amazon's forum, similar messages that contained endorsements for Viagra and other pharmaceuticals instead of items on sale at Amazon. A quick roll-over over the links with the mouse revealed all of them to be directed to a Russian domain.

As one of the forum visitors commented, the problem with this kind of email is that the text is the same as in the legitimate Amazon emails, so if she labels it as spam, her email filter will block every future Amazon email of this kind.

Spam Poses as a Twitter Email Notification

Beware, Twitter enthusiasts! Spam posing as Twitter email notifications are currently proliferating in the wild. The spam are of two types—the first type attempts to steal personal information or login credentials while the second attempts to infect systems with malware.

Almost a week ago, Twitter began warning its users about fake Twitter Support emails.

A legitimate Twitter notification email looks like this:

It usually begins with “Hi, *name of user*” and contains the words, “You have a direct message:,” followed by the message itself.

On the other hand, a couple of variants of the email have surfaced, with small differences in the text ("unreaded messages", "information messages"). The Spam mails typically look something like this:


By comparison, the fake emails look very simple and lack details that Twitter would usually use. The emails are very generic because they are intended to fool any and every recipient.

The emails contain an embedded URL that supposedly takes you to your messages, but actually links directly to malware, which is then downloaded onto your computer.

The links have already made inaccessible, but TrendMicro warns users to be vigilant when checking their emails.

Games on social networks increase spam and phishing by 50%

In order to reach high scores, social entertainment applications require users to gather a considerable number of friends and supporters to play the same game, leading to player-development of social gaming channels, groups and fan pages to facilitate player interaction.

Spammers and phishers exploit the increasing trend of social gaming with fake profiles and bots that send spam messages to groups, as a BitDefender case study shows.

Unlike the regular social networking spam, when the users are enticed to add the spammer in their circle of friends, the social gaming-related phony profiles are willingly added by the users as an immediate consequence of their interest in enlarging the supportive players’ community. This makes it almost impossible for the bogus accounts to be automatically suspended, since the spammers’ action does not constitute an abuse.

The study also demonstrates that the most successful fake accounts are those miming real profiles, which hold plenty of details and pictures of the “user.” In an acceptance experiment, BitDefender researchers created three honeypot profiles – one without any picture and holding few details, another with an image and limited information and a third with a large amount of data and photos. All three profiles where subscribed to general interest groups.

One hour after adding people to each profile, the circle of friends enlarged with 23 connections for the first profile, 47 for the second profile and 53 for the third profile.

After joining social games groups, the volume of users willing to add unknown people drastically increased. Within 24 hours, 85 users accepted a request from the first profile, 108 from the second and 111 from the third.

“Users are more likely to accept spammers in their friends list when they are in a social network than in any other online communication environment,” said George Petre, BitDefender threat intelligence team leader and author of the case study.

The security implications are numerous, ranging from the consolidation and increase of the spamming power, data and ID theft, accounts hijacking to malware dissemination. A shortened URL posted without any explanation on each honeypot profile was followed by 24 percent of the friends from the three accounts, even if they did not know who posted it and where was going.

A Perfect Valentine’s Day

As in past years, Internet users can expect to see numerous emails this weekend with links to malicious downloads, which often have subject lines related to Valentine's Day. In 2010 cybercriminals are also exploiting social networking sites such as Facebook and Twitter.

Social engineering remains cybercriminals preferred technique for deceiving users. In these cases, cybercriminals obtain confidential information from users by convincing them to take a series of actions. They use a carefully selected social engineering tactic to convince users to hand over their data or install a malicious program, which captures information and sends it to fraudsters.

Planning a romantic Valentine’s Day for your loved one? There is seemingly no end to what you can do to add even more sparkle to this "dreamy" day. Perhaps a bottle of wine, flowers, or a lovely gift to impress him/her—and if you aren’t with anyone, there are even dating services available that provide you with options to meet a date!

Valentine’s Day is a great target. We’ve observed several spam email message styles related to this upcoming event. Gift options, flower delivery, dating service, med spam to spice up your relationship, and much more.

Read on to see the common header lines that Symantec has tracked relating to Valentine’s Day so far.

Meanwhile, some practical tips on hand:

*Don't open e-mails or messages received on social networks from unknown senders.

*Do not click any links included in e-mail messages, even if they come from reliable sources. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications.

*If you do click on any such links, take a close look at the page you arrive at. If you don't recognize it, close your browser.

*Do not run attached files that come from unknown sources. Stay on the alert for files that claim to be Valentine's Day greeting cards, romantic videos or another related propaganda.

Twitter, Google and Hi5 being abused in Prolaco worm distribution

Twitter, Google and the social networking site Hi5 are being abused in an email campaign to distribute the Prolaco worm.

27 out of the 41 AV engines detect the Prolaco worm at the time of article published.

Read more here.

Spammers Target Brands To Spread Malware

Spammers continue to take advantage of the reputation of global brands such as UPS, DHL and Facebook to prompt opening of emails, according to a new report from Commtouch.

During the past quarter, cybercriminals focused on distributing the Mal-Bredo A virus, according to Commtouch's Threats Trend Report for Q4 2009. The number of variants decreased from 10,00 to 1,000 as compared to last quarter.

"As we review the Internet threats for this quarter, we can really see the creativity the cybercriminals use to ensure their messages are opened," said Asaf Greiner, Commtouch vice president, products.

"Whether we like it or not, their activities really demonstrate when society-wide activities - such as social media participation - reach critical mass. Essentially, if a spammer is using a specific brand to entice consumers to open their mail, it means that brand has achieved a strong, positive reputation."

Blended threats, including fake Swine Flu alerts and Halloween tricks, continued to circulate, while spammers introduced a few new ploys including MP3 spam and personal improvement spam targeting women.

Other highlights from the Q4 Trend Report include:

An average of 312,000 zombies were newly activated daily for the purpose of malicious activity.

Spam levels averaged 77% of all email traffic throughout the quarter, peaking at 98% in November and bottoming out at 68% at the end of December.

Sites in the "Computers & Technology" and "Search Engines & Portals" categories topped the list of Web categories manipulated by phishing schemes.

"Business" continued to be the Web site category most infected with malware for the third quarter in a row.

Pharmacy spam remained in the top spot with 81% of all spam messages; last quarter, it led with 68%. Replicas remained in the #2 spot, falling from 19% to 5.4%.

Brazil continues to produce the most zombies, responsible for 20.4% of global zombie activity.

Bit.ly steps up security

Bit.ly, one of the most popular URL shortening services, announced it will be integrating three new security-related services by the end of the year:

1. Websense's ThreatSeeker Cloud security-as-a-service solution - to analyze and categorize the Web sites and content behind millions of shortened bit.ly URLs created daily to protect end users from "spammy URLs, malicious content and phishing sites."

2. VeriSign’s iDefense IP reputation service - to detect malware and "blacklist URLs, domains, and IP addresses which host exploits, malicious code, command and control servers, drop sites and other nefarious activity."

3. Sophos' security service - to identify malware and spam by using behavioral analysis.

Very good news, indeed!

Twitter spam protection tips

With the popularity of social networking platforms such as Twitter on the rise, cyber criminals have found an easy target among unsuspecting users.

One of the biggest security problems facing Twitter as it relates to the spread of spam and malware are the many link-shortening services utilized for hyperlink posting. Users are limited to 140 characters per tweet so these URL-shortening services allow tweeters to post a longer link under such tight character limitations. Attackers use link-shortening services to disguise malicious links. Some infections could be easily prevented by allowing users to see the real URL before clicking on it.

Some of the common types of Twitter spam include:

* Tweet spam: Tweet spam comes from someone a user is currently following and everyone following that user will see the tweet

* Direct message: A direct message comes from someone a user is currently following and only the user will see the message

* ReTweet spam: ReTweet spam searches for legitimate tweets and reposts them in the system but with a different, malicious URL

* Trending subjects spam: Trending subjects spam searches for hot topics on twitter (like Michael Jackson's death) and posts similar tweets with different, malicious URLs

* Following spam: Following spam happens when a user's profile receives a lot of followers he/she doesn't know. If the user does not start following them back within a week, they stop following the user. Statistics show that one in two users will follow back. Usually these profiles are bots which are programmed to acquire as many followers as possible before they can start broadcasting spam.

Twitter users can protect themselves from falling into spam traps by following five tips, courtesy of BitDefender:

* Install a comprehensive security solution on your computer - preferably a suite containing antivirus, firewall and a phishing filter

* Follow the spam profile on Twitter: http://twitter.com/spam. Users can find good advice here. For example, a recent post states: "If you gave your login and password info to TwitViewer, we strongly suggest you change your password now. Thanks!"

* Don't click on all the links you receive

* Disable the "auto followback" option. This will allow you to pick and chose who you want to follow

* Make sure you know who you are following.