Archive for December, 2014

Old Scam with a twist

December 22, 2014

A tech support scam was discovered that not only locks your browser stating your computer may be infected, but also has a computer generated voice trying to scare you as well. Typically, browser support scams will display a text or graphical alert that states that your computer is infected, you should call a number, and then makes it difficult for you to close the window or navigate away from it. A new alert was discovered that takes it to the next level by also playing a computer generated voice that states the following:

Important security message: Please call the number provided as soon as possible. You will be guided for the removal of any adware, spyware, or virus that is found on your computer. Seeing these messages means that you possibly have it installed on your computer which puts the security of your personal data at a serious risk. It’s strongly advised that you call the phone number provided and get your computer scanned before you continue using your internet.

This audio recording is contained in an MP3 file that is set to repeat itself when viewing the ad. This MP3 file can be found here.

When you call the number 877-363-6747, which is displayed in alert, someone will answer who says Tech Support and speaks in perfect English without any accent. When questioned, they stated that their company name was 1 Good IT and started giving me the standard pitch of taking over my computer to see what was wrong and then fix it. Having done this before with other scams, I did not proceed further and hung up.

Though you may hear a voice speaking to you, this is still the same old scam. So stay vigilant and close any browsers that display these types of messages. If you are having a problem closing the browser, then you can start the Windows Task Manager and kill the process associated with your browser. Finally, never call the numbers listed in tech support scams unless you just want to mess with them


Be on your toes for scam emails during the Holidays!

December 3, 2014

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.

Home Depot

An “order confirmation” malware email blasted out by the Asprox spam botnet recently.
Seasonal scams like these are a perennial scourge of the holidays, mainly because the methods they employ are reliably successful. Crooks understand that it’s easier to catch would-be victims off-guard during the holidays. This goes even for people who generally know better than to click on links and attachments in emails that spoof trusted brands and retailers, because this is a time of year when many people are intensely focused on making sure their online orders arrive before Dec. 25.


This Asprox malware email poses as a notice about a wayward package from a WalMart order.
According to Malcovery, a company that closely tracks email-based malware attacks, these phony “order confirmation” spam campaigns began around Thanksgiving, and use both booby-trapped links and attached files in a bid to infect recipients’ Windows PCs with the malware that powers the Asprox spam botnet.

Asprox is a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email (such as the pharmaceutical spam), and perpetuates additional Asprox malware attacks. Asprox also deploys a scanning module that forces hacked PCs to scan websites for vulnerabilities that can be used to hack the sites and foist malware on visitors to that site. For an exhaustive and fairly recent analysis of Asprox, see this writeup (PDF) from Trend Micro.


Target is among the many brands being spoofed by Asprox this holiday season.
Malcovery notes that the Asprox spam emails use a variety of subject lines, including “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”
If you receive an email from a recognized brand that references an issue with an online or in-store order and you think it might be legitimate, do not click the embedded links or attachment. Instead, open up a Web browser and visit the merchant site in question. Generally speaking, legitimate communications about order issues will reference an order number and/or some other data points specific to the transaction — information that can be used to look up the order status at the merchant’s Web site. I know I’m probably preaching to the choir for the loyal readers of this site, but I’m sure most of you have friends and relatives who could use a reminder about all of this. Please feel free to forward them a link to this story.