Archive for Phishing

Updated Posts: AntiVirus for Mac; Sneak Peek Sale

Back in Dec. 2008 I wrote a post titled Apple Encourages AntiVirus Use for Macs?! I updated the article today to include links to the latest AntiVirus and AntiSpyware applications for the Mac. If you still believe that Macs are invulnerable to viruses and spyware, then you may be interested in knowing that Apple has added anti-malware features to their latest Mac Snow Leopard operating system. See Dan Moren’s report at PCWorld on the Hidden Malware Features of Snow Leopard. I mentioned some risks to Mac users in recent weeks.

I also updated the links in my Jan. 2009 post about sale items on Buy.com. I’ve crossed out the items that are not available. I’ve updated the links and proces on the items that are available. It’s a useful link because many of the items have become very affordable.

Truth About Email Petitions

I received the following question just last night:

I received an email telling me that email petitions and chain letters use tracking software and cookies to collect email addresses from anyone who receives that email message. I was also told that email petitions aren’t acceptable by congress like a signed petition would be. Are both these items true?

Well, the first is false, and the second is true.

Tracking Emails and Tracking Software

The only way an email can be tracked is from one sender to the first recipient. If I send an email message to a friend, it is possible for me to be notified when they open the message. If my friend forwards the message to someone else, there is no way for me to tell that has happened; nor is there any way for me to receive the email address of that second recipient, or any recipient after that. So, no, there are no tracking programs of this sort.

BUT, Remember the concept “Six Degrees of Separation”? Erase email addresses before forwarding a message

The idea of “Six Degrees of Separation” says that everyone is 6 steps away from any other person on the planet. Which in my way of thinking means that we are all six steps or less away from a spammer. The problem here being that when people forward an email message they usually leave any previous email addresses in the message, too, plus most people add new addresses of their own when they forward the message. The best practice here is after you click FORWARD and before you click SEND make sure you erase/delete any email addresses that appear within the email message. That is, just before you click SEND, read through the message and erase any email addresses you find in the message. If you don’t, you never know who in the chain knows or is a spammer.

BCC: Blind Carbon Copy Hiding Email Addresses

When you are sending an email message to multiple recipients, use the BCC or Blind Carbon Copy feature to address your message. That is, use BCC instead of TO. An, if your email software says, “At least one recipient is required in the TO field”, then put your email address in the TO field, and everyone else in the BCC field. The BCC field hides the email addresses from the recipients. When the sender uses the BCC field to address an email message, the recipients of that message will see “undisclosed recipients” in the TO field or elsewhere in the message. If you can’t find the BCC feature in your email software, contact your email service provider and have them tell you how to access it. Or you can contact Skylarking and I will help you find the feature.

Email Petitions Don’t Work

That much is true. A genuine petition requires signatures and street addresses. Anyone can type a list of names and email addresses into a petition, but there is no way for the recipient to prove or disprove that those people participated in or knew about the petition. It is best that each individual person email or contact their representative directly, and not as part of some long list of names in an email message. Additionally, you wouldn’t want to include your street address in such a petition, since you never know if that message might eventually end up in the hands of a spammer or an identity thief. After all, most acts of identity theft are performed by the victims friends, co-workers, and family members.




Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Spam Dropped Last Week. Are You A Victim?

You may or may not have heard the news last week, but spam traffic dropped by 50 to 70 percent last week after two Internet Service Providers (ISPs) cut off Internet access for hosting company McColo in California last week.

If you’re not familiar with these terms, a hosting company provides computer service and equipment for other companies and individuals. A hosting company typically offers storage service for email and web sites. An ISP provides companies and individuals with access to the Internet.

Spyware Doctor Free Scan

In last week’s case, McColo, a hosting company with locations in Delaware and California, was providing hosting services to several companies and individuals who used the McColo’s computers to distribute viruses and spyware via spam and harmful web sites. Many of the sites and messages dealt in pharmaceutical drug sales and child pornography. These companies were paying McColo for the use of their computers, and despite the illegal activity McColo ignored it.

McColo’s host computer center in San Jose, CA was connected to the Internet via several Internet Service Providers.  Two of the providers took it upon themselves to deprive McColo of Internet access and shutdown the Internet connection. Within seconds the level of spam traffic worldwide dropped by 50% to 75% according to several spam watchdog services such as Spamhaus.

Consumer Risks: “XP AntiVirus Protection” and “AntiVirus 2009”

If you downloaded either of these two programs then you can probably count yourself among the victims of this incident. “XP AntiVirus Protection” and “AntiVirus 2009”were fraudulent programs distributed by several companies and individuals who were provided hosting services by McColo.

Update Jan. 2010: As a computer service professional I receive two calls for help per week to remove spyware and fraudulent anti-spyware programs. Best Buy’s Geek Squad wants $200 — $300 to remove spyware and viruses. My recommendation, purchase Spyware Doctor(at right) for only $39.95 and protect up to 3 computers. It’s the real deal. It’s downloadable, and not available in stores. Only have one PC? Then ask a friend and/or relative if they’d like to split the cost with you.

Below are sample images of the two most common fraudlent (anti-)spyware programs circulating the web. The call them “spyware protectors” some times. Sadly what these  scammers are saying is they “protect the spyware” and not your computer.

AntiVirus 2009

AntiVirus 2009

XP AntiVirus

XP AntiVirus

Help Yourself, Help Your Computer

If you downloaded either of these fraudulent programs you should remove them immediately. To do so:

  1. Click Start > Conrol Panel
  2. Click or double-click “Add/Remove Programs” (In Vista and Windows 7 its called “Programs and Features”)
  3. Locate and click each of these programs on the list and click “Remove” or “Uninstall” for each one found.

After removing these programs, go purchase Spyware Doctorto remove any traces of these programs and the harmful software they may have added to your computer. I recommend Spyware Doctor from PC Tools—hands down—over any other antispyware software you’ll find.



Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

33 percent of all spam ended yesterday

Sort of….

The FTC (Federal trade Commission) won a preliminary legal victory against the world’s largest spam gang  by persuading a Chicago Federal court to freeze the gangs assets and to order their spam network shutdown.

The spam gang, known by spamfighting agencies as HerbalKIng, had a networks of 35,000 computers which which could send out 10 billion spam messages a day.  Many of these computers were owned by people who didn’t know their computers had been remotely commandeered to send email on behalf of the spammers.  The network had ties in the United States, China, India, New Zealand, and Australia. The network was referred to as the “Mega-D Botnet”.

If you’re unfamiliar with the term “botnet, here’s an explanationation from SearchSecurity.com:

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie – in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.

The network was purportedly responsible for a third of all spam at one point, and had been collecting $400,000 in Visa charges in one month.

The spammers had been sending messages hawking various pharmaceuticals and male-enhancement drugs. The charges brought against them are more than just spamming counts, but the charges also include making false claims about their product, selling pharmaceuticals without a prescriptions or doctor’s intructions, and selling drugs from countries such as Indie which aren’t regulated or approved for sale in the US.  Many of the drugs being sold had harmful side effects.

The FTC’s investigation aginst this organization had been ongoing for over 2 years.

Here’s a bio about HerbalKing from Spamhous spamfighting organization:

HerbalKing is a massive affiliate style spam program for snakeoil Body Part Enhancement scams (penis enlargement). It has also done spam campaigns for replica luxury goods, pharma (counterfeit pills) and porn. Spam arrives via botnets with spamvertised sites on “bulletproof” hosting offshore, particularly in China. The group also uses fast-flux hosting, running sites on hacked botnet PCs.

HerbalKing, with connections to India (possibly due to pharmaceutical supplies), rivals the traditional Eastern European spam gangs for volume and criminal botnet methods of its spam. “Tulip Labs” appears to be the source of HerbalKing’s herbal remedy products. The main operation may be run out of New Zealand or Australia by long-time spamming brothers Lance & Shane Atkinson. (see: http://www.geekzone.co.nz/juha/2237 )

There are hundreds of SBL listings related to HerbalKing but some may not be linked to this ROKSO due to the tremendous number of identities and domains used by the program. Lists of domains should be considered examples of that abuse of domain name space, not comprehensive lists of their registrations.

Read more at the FTC‘s web site; the NY Times; and the ars technica web site.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Apple’s MobileMe: A New Spammer Resource

Users of, that is, subscribers to, Apple’s MobileMe service have found themselves getting more spam than usual, as well as some “phishing” scams aimed directly at them.  And spammers are getting fewer bouncebacks.

The problem lies in the iDisk online file storage service every subscriber is provided with. The service comes with a “public” folder which cannot be hidden or deleted. Every public folder starts with the address http://idisk.mac.com/ and then it’s followed by their username and “-Public”. A programmer can write code to automatically generate random user names using words and names straight out of a digital dictionary.

“Why do this with iDisk’s public folder space?”, you ask.

iDisk: A Sample Public Folder

iDisk: A Sample Public Folder

The username associated with a public iDisk folder is also the first half of their email address assigned to them with the MobileMe service.  The second half of their address is either @me.com or @mac.com.  This hack allows a spammer to determine the validity of email address. Any http://idisk.mac.com/username-Public address that doesn’t result in a “Account Error: Inactive” message — as the link above probably will — means that they’ve found a legitimate account. A legitimate account would come up with a page as shown in the picture at right.

Furthermore, if the public folder shows that there are files stored in that location, as the sample picture shows, a spammer could tailor a message referring to that file in an effort to get the user to reply and reveal personal information.

Imagine if you used this service: You upload some of your files or photos to it, and then, a few days or weeks later you get an email mentioning one or more of your files by name. If you hadn’t thought about your “public folder” being “public”, you might take the message very seriously. Even more so if the sender claimed to represent Apple. (Of course that spammer would be breaking the law by falsely identifying themselves. See my article “Spammers Get CANned”.)

Anyone Can See The Files?

Anyone can see or read the names of your public files, assuming they find your public folder, but they won’t be able to access, open, or download them unless they take a guess at your login information, too; so make sure you use a good password and not your birthday or pet’s name.  They can’t upload anything to your folder either, unless they figure out your login info.

Simply said, Apple’s MobileMe iDisk service gives spammers a handy way to determine valid email addresses, so they get fewer, if any, bouncebacks and undeliverable messages. The names of files stored on iDisk could be used to make the spammer or phishers message appear legitimate.

Phishing. For those unfamiliar with this term, simply stated, it is an email message designed to get the recipient to reveal personal information such as account numbers or login information. The sender poses as well-known service or someone offering an enticement to respond. Popular targets have been eBay, PayPal, and online banking users.

In the iDisk problem discussed here, the phisher can determine if a username and email address exists. Furthermore, If the account owner stores files publicly on the service, the names of files can be referred to in a phishers email message to shore up their credibility.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form. I’m looking forward to hearing from you.