I got a facebook wall-to-wall from someone i’ve never gotten a face book message from before.  Being the overly suspicious person i am, i queried the domain name,

Domain name:       BK9WH.TK    Organisation:       BV Dot TK       Dot TK administrator       P.O. Box 11774       1001 GT  Amsterdam       Netherlands       [...]]]>

I got a facebook wall-to-wall from someone i’ve never gotten a face book message from before.  Being the overly suspicious person i am, i queried the domain name,

Domain name:
      BK9WH.TK
   Organisation:
      BV Dot TK
      Dot TK administrator
      P.O. Box 11774
      1001 GT  Amsterdam
      Netherlands
      Phone: +31 20 5315725
      Fax: +31 20 5315721
      E-mail: abuse: , copyright infringement:
   Domain Nameservers:
      NS01.DOT.TK
      NS02.DOT.TK
      NS03.DOT.TK
      NS04.DOT.TK

I then looked at her wall and saw that she posted similar messages to over 20 other people’s wall.. each with a similar message..

with one of these three variants:

This seems like a good deal, what do you think? www.bk9wh.tk

Do you know anyone that has tried this? www.bk9wh.tk

Do you think this stuff works? www.bk9wh.tk

The link takes you to a redirect that then reinfects you with the same bug and on and on it goes. 

Common Sense:  Don’t click on links directly, and especially not suspicious ones from someone you know wouldn’t send you one otherwise. 

Facebooks states:

Allowing instant personalization will give you a richer experience as you browse the web. If you opt-out, you will have to manually activate these experiences. Please keep in mind that if you opt out, your friends may still share [...]]]> Under account, Privacy Settings, Applications and Websites you’ll find a new option:

Facebooks states:

Allowing instant personalization will give you a richer experience as you browse the web. If you opt-out, you will have to manually activate these experiences. Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application. Learn more.

By default they have this option ON.  If you don’t want your information automatically shared with 3rd party sites uncheck this option.

The email address it was sent to isn’t the email address i use for my fb account.  And seriously, is there any legitimate use for zip files inside of email anymore?

Common Sense:  Don’t even bother with zip files as attachments in email messages.  If you need [...]]]> This was in my inbox today…

The email address it was sent to isn’t the email address i use for my fb account.  And seriously, is there any legitimate use for zip files inside of email anymore?

Common Sense:  Don’t even bother with zip files as attachments in email messages.  If you need to move data try dropbox or iFolder or some other transport system.

My wife pointed out that facebook wouldn’t address me as “Dear user of facebook” they would say “Dear John”, they wouldn’t sign it “Your facebook”, and they would ask me to log in and change my password, not send me a new password.

asking me to go “check out this interesting article”  DANGER WILL ROBINSON.  This is a common way of saying let me scam your money.

Their wasn’t a link on this but a typed out website.  So [...]]]> I just got this group message from someone i know (but never gotten a message from before)

asking me to go “check out this interesting article”  DANGER WILL ROBINSON.  This is a common way of saying let me scam your money.

Their wasn’t a link on this but a typed out website.  So i typed that website which was a spoof from a common reputable news source. With a character added to the address.  Firefox immediately told me not to go any further, it was a scam.  Ok.. so i tried on IE (because i knew it wouldn’t block me) and this is what i saw.

They scraped the site from the reputable news agency, and added some links “Google Pay Day” Which takes you to what looks like a very well done version of an advertisers page.  Allot of time and money went into this one.  Obviously they are making quite a bit from it to justify the expense.  Don’t be fooled into adding to their pockets.

Common Sense: If something looks suspicious, take extra caution to be sure your getting what your want to get to.  Only use websites you recognize, not only by look but by URL too.

The actual site seams to be owned by someone in China.  (Darn Chinese Hackers (inside joke))

Registrant Contact:
YAN HUA
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
Administrative Contact:
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
Technical Contact:
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
Billing Contact:
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
DNS:
ns1049.websitewelcome.com
ns1050.websitewelcome.com
ns1.lilil2iili.com
ns2.lilil2iili.com
Created: 2010-03-30
Expires: 2011-03-30

Update: 4/11/2010 Got the same message today this time asking for Local8News.net but the same scheme.

I have a stock pile of known virus’s but they are not what i would want to use to test [...]]]> as more and more people become aware of all the bad things out there in the tangled mess of the interweb, most people just take for granted that their antivirus software is actually working.

I have a stock pile of known virus’s but they are not what i would want to use to test an otherwise healthy computer with, hence the EICAR test virus is the perfect solution.  Back when i first started using EICAR it stood for European Institute for Computer Antivirus Research.  Now EICAR is just known for their name as an security company rather than just AV.

You can download the test virus’s from their website,

http://www.eicar.org/anti_virus_test_file.htm.

The signature of the file is designed to set off any virus and label it as the EICAR Test-Virus but no actual harm is done to your computer if the antivirus doesn’t catch it.  It does give you the chance to see if your antivirus is actually working and picking up treats.

The email was also CC’d to other friends and family members i knew.  It had these three thumbnails with links.  I didn’t [...]]]> not willingly i hope though.  Got this email from her a few moments ago.  It was from someone i knew so i didn’t hesitate to open and investigate further. 

The email was also CC’d to other friends and family members i knew.  It had these three thumbnails with links.  I didn’t recognize the people in the images.  There were not actual embedded attachments (kind of odd) i checked the link to see if it would actually go to an image and found it wanted to take me to:

http://downx05.h12.ru/

Taking me to a Russian website.  At the time i attempted to investigate the site further it was being overwhelmed by request to try and access that site.  Those poor souls…

Common Sense People:  If your not expecting people to send you files, be weary.  If it looks suspicious.. it probably is.

This should be the first sign of a bogus email.  But for those who actually [...]]]> I must have done it in my sleep because i don’t ever remember opening a checking account with Yorkshire Bank. Come to think of it.. i don’t even know where to find my local Yorkshire Bank. 

This should be the first sign of a bogus email.  But for those who actually DO have a Yorkshire account it may appear legitimate.  Clicking on the link does not take you to the bank however.  It goes

http://mk.volina.ru/includes/patTemplate/patTemplate/Modifier/HTML/fullPassword.ctl.htm

FireFox, Chrome blocked the site, IE reported it as unsafe but brought it up

The site would then ask for your customer number, your password, all three of your security questions and answers as well as your email address.  After entering such information and submitting would take you to the actual bank’s site, http://www.ybonline.co.uk/personal/ib-logout  but by then, it’s probably to late.  you’ve just give all your sensitive information to the Russians. 

Common sense: If you bank does send you an email, log on to your banks site yourself.  don’t use any enclosed links.  That way you know your not being directed somewhere else without your knowledge.

no paypload in the email itself.. but a few things to notice on this one.  my email address isn’t in the to.  The website at first glance looks like irs.gov but it’s actually eawsqu.pl registered to a guy in Germany:

DOMAIN: [...]]]> I doubt the federal government would ever become that efficient.

no paypload in the email itself.. but a few things to notice on this one.  my email address isn’t in the to.  The website at first glance looks like irs.gov but it’s actually eawsqu.pl registered to a guy in Germany:

DOMAIN: eawsqu.pl is releasing after termination
created:                2010.03.31 13:08:04
last modified:          2010.03.31 18:02:42
expiration date:        2010.04.05 18:02:42
no option
REGISTRAR:
Key-Systems GmbH
Prager ring 4 – 12
66482 Zweibrücken 
Niemcy/Germany
+49 6332791850

Firefox gave me a big red warning when trying to visit the site.  I much rather like FF’s warning rather than IE’s

IE let the site come up but a tiny warning in the title bar

Telling me that the website may be unsafe.  The site then ask users to download an EXE.  I wonder what that could do…

Another case where common sense goes a long way. 

symantec let the file go right through the email.

extracted the zip,

scanned the file again with symantec and

doubled check the date on my definitions.  they are current.  I’ll test it against sophos [...]]]> Well, they might deliver bio hazards but not via email.  Here’s a letter i got this evening.

symantec let the file go right through the email.

extracted the zip,

scanned the file again with symantec and

doubled check the date on my definitions.  they are current.  I’ll test it against sophos tomorrow and see what they say.

MICROWORD.COM CORPORATIONS

CUSTOMER SERVICE: TARRAGONA ESPANA Email:

ADDRESS: C/ L’ESTANY, PARC. 2, POST CODE – 43006 CITY – TARRAGONA – SPAIN.

MICROWORD.COM RESOURCE ADVERTISING LINK: http://www.microword.com/

Date: 03/03/2010.

MICROWORD.COM CORPORATIONS MARCH 2010 (3RD [...]]]> I was originally going to ignore this spam but i got it twice today so might as well share.

MICROWORD.COM CORPORATIONS

CUSTOMER SERVICE: TARRAGONA ESPANA Email:

ADDRESS: C/ L’ESTANY, PARC. 2, POST CODE – 43006 CITY – TARRAGONA – SPAIN.

MICROWORD.COM RESOURCE ADVERTISING LINK: http://www.microword.com/

Date: 03/03/2010.

MICROWORD.COM CORPORATIONS MARCH 2010 (3RD TO 30TH) OFFICIAL WINNING NOTIFICATION.

Good day, we write to inform you that your email address has won, in the microword.com corporation internet March 2010 promotions. Your email address was selected randomly from the microword.com automatic computer generated machine, and your email address emerges as one of the online winners. This attracts a prize of Three hundred thousand Euros only (300,000.00 Euro) and an Apple 13.3" Mac Book Pro Notebook laptop.

—————————————————————————————————————————-

*Your won cheque of three hundred thousand Euros (300,000.00 Euro) and Apple 13.3" Mac Book Pro Notebook laptop will be presented to you on arrival to our office in Tarragona, within the period of 30 days. Your winnings will be cancelled, if you do not present yourself at our office, within the given period of 30 days.

—————————————————————————————————————————

*If you are unable to come to our office in Tarragona- Spain to claim your won prize, your won prize will be presented to you by courier delivery via the promotion board contracted courier company. Microword.com Corporation is not responsible for the delivery changes [charges?] to your location. You will pay for the cost of delivery yourself. Please do not respond to this option, if you know, you will not pay for the courier service delivery. [ got, enough, commas, in there?]

—————————————————————————————————————————–

Please note: The draft certified cheque and all documents are packaged to be delivered under one way bill by the contracted courier company and are categorized as high priority & express delivery under applicable laws and regulations. This shipment cannot be delivered to P.O. boxes or postal codes but only to you the receiver at your given address.

——————————————————————————————————————————

For more information’s, on how to claim your prize, do contact our promotions department via the email below or via telephone, and quote this reference number: MSTF/2010/XУNAJZ/MAR 3-30/KFYXQX as you contact our promotion department. This reference number is the security key to your winnings, we advice you keep the reference number to yourself.

Microword.com promotion department.

Tel: 0034- 634 176 053

Tel: 0034- 659 347 846

Email: promotion_department@micro-word.com

This promotion is organized by microword.com to advertise and to promote our website, http://www.microword.com/ which is based on all kind internet companies, all kind of computer hardware and software product. This promotion is as well organized to encourage the use of the Internet user and to promote computer literacy worldwide.

Congratulations to you lucky winner!

Sincerely,

Mr. Golf . P Ivan.

CEO: MSFT Word Resource Tarragona.

Copyright © 1992-2010 Micro-word.Com All rights reserved.

===========================================================

NOTICE TO RECIPIENT: THIS E-MAIL IS MEANT FOR ONLY THE INTENDED RECIPIENT OF THE TRANSMISSION, AND MAY BE A COMMUNICATION PRIVILEGED BY LAW. IF YOU RECEIVED THIS E- MAIL IN ERROR, ANY REVIEW, USE, DISSEMINATION, DISTRIBUTION OR COPYING OF THIS E-MAIL IS STRICTLY PROHIBITED.

PLEASE NOTIFY CUSTOMER SERVICE: TARRAGONA ESPANA VIA EMAIL: info@micro-word.com IMMEDIATELY OF THE ERROR BY RETURN E-MAIL AND PLEASE DELETE THIS MESSAGE FROM YOUR SYSTEM. THANK YOU IN ADVANCE FOR YOUR CO-OPERATION.

A few things to note,

• country code returns to spain. 
• the email address uses the domain micro-world.com but the web links provided use microworld.com
• micro-world.com belongs to a company in Torrance, CA where the company in this email is from Spain. 
• the company wants you to pick up the “prize” in Spain or have them deliver it COD (for shipping expenses).  I wonder how much that COD charge would be. 
• The lack of grammar is another good give away (no pun in intended)

Basically, one of those deals where if you never entered a contest in spain, and they want you to pay up front, too good to be true.  sorry.