Jun
27

Your smartphone can be easily hacked easily if you plug it in to charge via USB at a public place like an airport, cafe or on public transport.

Researchers at security firm Kaspersky Labs found that they could install a third-party application, like a virus, onto the phone via its USB cable connection to a computer. It took them under three minutes.

They also found that the Android and iOS phones tested leaked a host of private data to the computer they were connected to whilst charging, including the device name, device manufacturer, device type, serial number and even a list of files.

It’s well known that public Wi-Fi connections are a security risk, but did you know that the USB cord used to charge your phone is also used to send data from your phone to other devices?

By pairing it with any charging station (airport, plane, mall), which usually has a computer hidden behind it, you run the risk of having your photos or contact info sent to that device. If the computer behind the charging station is compromised, it could inject malicious code directly into your device.

You should also avoid connecting your mobile device via USB to a rental car’s entertainment system just for charging. Use the cigarette lighter adapter instead so you don’t have to worry about your personal info being stored in a car that’s not yours.

How to protect yourself:

  • Only plug your phone into trusted computers, using trusted USB cables
  • Protect your cell phone with a password, or with another method such as fingerprint recognition, and don’t unlock it while charging.
  • Use encrypted apps like WhatsApp and iMessage to communicate
  • Antiviruse programs can be a pain, but they help to detect malware even if a “charging” vulnerability is used.
  • Always update your cellphone operating system to the most recent version, as that will have the most up-to-date bug fixes.

Save

Malware: Is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
The term “malware” is a compound word from two other words “Malicious” and  “software” and describes software created by hackers to disrupt computer operations, gather sensitive information, or gain access to private computer systems.

Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs.

Some forms of malicious software are:

Spyware is a type of malware installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally to monitor users.

While the term spyware suggests software that monitors a user’s computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow internet connection speeds, unauthorized changes in browser settings, or changes to software settings.

Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing e-mails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details on a fake website which looks are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Spear-phishing is a more targeted form of phishing. Ordinary phishing involves malicious emails sent to any random email account, but spear-phishing email is designed to appear to come from someone who recipient knows and trusts — such as a colleague, business manager or human resources department — and can include a subject line or content that is specifically tailored to the victim’s known interests or industry.  Phishing attacks are so successful because employees click on them at an alarming rate, even when emails are obviously suspicious.

Pharming is a hacker’s attack intended to redirect a website’s traffic to another, bogus site.
The term “pharming” is a compound term based on the words “farming” and “phishing”. Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting e-commerce and online banking websites.

Save

May
15
Filed Under (Editorial, Tips) by dw on 15-05-2017

Ransomware stops you from using your PC. It is malware that holds your PC or files for “ransom”.

Although there are different types of ransomware, all of them will prevent you from using your PC normally, and they will all ask you to do something (like demanding money) before you can use your PC.

Ransomware can target PC users, whether it’s a home computer, a computer on a university network, or servers used by the government.

Ransomware can:

  • Prevent you from accessing your operating system.
  • Encrypt files so you can’t use them.
  • Stop certain apps from running (like your web browser).
  • Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files.
  • There is no guarantee that paying the ransom or doing what the ransomware tells you will give access to your computer or files again.

There are two types of ransomware, lockscreen ransomware and encryption ransomware.

Lockscreen ransomware shows a full-screen message that prevents you from accessing your PC or files. It says you have to pay money (a “ransom”) to get access to your PC again.

 

 

 

 

 

 

 

Encryption ransomware changes your files so you can’t open them. It does this by encrypting the files.

Some versions of ransom usually claim you have done something illegal with your PC, and that you are being fined by a police force or government agency. These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC.

The latest versions encrypt the files on your PC so you can’t access them, and then simply demand money to restore your files.

Ransomware can get on your PC from nearly any source that any other malware (including viruses) can come from. This includes:

  • Visiting unsafe, suspicious, or fake websites.
  • Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
  • Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.

It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware.

The best solution to ransomware is to be safe on the Internet and with emails and online chat:

  • Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
  • If you’re ever unsure – don’t click it!
  • Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Jan
15
Filed Under (Editorial, Tips) by dw on 15-01-2015

PhoneScamHave you ever received a call from someone with a heavy Indian accent from Microsoft saying your computer had errors or viruses? The purpose of these telephone calls is to get an easy R500 (or whatever amount they choose) by scaring you into thinking there’s something really wrong with your computer and that they can fix it for you.

These tech support phone scams have been going on for many years and scammers keep on defrauding innocent people if their money because their success ratio is still worth their time and effort. Pensioners and non-technical people are most often victims, as these smooth-tongued Indian operators are very good at blinding you with “technospeak”.

Often the caller’s number will not appear on your phone, a sign that they were using some Voice over IP (VoIP) or such technology that both completely hides their identity and costs them nothing for long distance calls.

This scam is a well-oiled machine which starts off with the alleged Microsoft representative asking you to turn on your computer to perform some checks for errors. They essentially make you open different applications which aren’t typically known by regular users.

Step 1: Scare Tactics

You will be instructed to press the “Windows” and “R” keys together to get to the Windows Run dialog box and then run a command to open up Window’s Event Viewer:

Conveniently, the Event Viewer will always show some warning or error which the scammer can use to instill fear. Often files legitimate files stored in the Windows Prefetch folder will be  called spyware and viruses, but this is a lie, as those Prefetch files are simply used by Windows to launch programs faster. The “System Configuration Utility”, also known as msconfig, will be also used to focus the victim on the status of each Service  to count how many “stopped” ones there are.

Step 2: The “Intervention”

The next step of the scan consists of allowing a remote person to fix these “issues” for the victim. This involves giving the scammer access to your computer using a remote control program like TeamViewer.

The scammers will then perform questionable tasks to “repair” the system, such as installing trials of other legitimate security software, installing malware (including rogue security software) designed to collect the user’s personal information, and deleting the aforementioned files that were previously claimed to be malware.

Step 3: The “Hit”

They then coax the victim into paying for their services or the software designed to “repair” their computer, and in turn, gain access to the victim’s credit card information, which can be used to make additional fraudulent charges. Afterwards, the scammer may also claim that the victim is eligible for a refund, and request the user’s bank account information—which is instead used to steal more money from the victim rather than providing the promised refund.

Feb
12
Filed Under (Editorial) by dw on 12-02-2014

Flappy_BirdFor those who have been spared the torture of Flappy Bird, it was the latest mobile gaming craze – until this last weekend. By the standards of smartphone games, it was simple, even primitive. You played as Flappy Bird trying to fly through the gaps between vertical green pipes. Where the game was interesting was in its difficulty. If the bird touched anything, it died immediately and the player would have to start from the beginning.

…And that is absolutely normal for these kinds of games. but unlike another endless runner like Temple Run, Flappy Bird isn’t something you can play by idly swiping your finger to the left or right every time you approach an obstacle. The only way to maintain a proper altitude is to tap the screen feverishly to make the bird flap its wings. If you stop even for a second, the bird plummets immediately to its death. Typically it would take an average player 15 tries just to get past the first pipe, the addiction coming from trying to improve your top score.

The game was removed from Google Play and the Apple iOS store this last weekend by its developer Dong Nguyen, because he maintained it was “an addictive product.”

Since the weekend literally hundreds of fake apps have since sprung up, and scammers have already figured out how to cash in on the game’s demise.

Sophos has already found infected versions of Flappy Bird in alternative Android markets. One such fake app is a “trial version” that demands that you send a text message (to a special premium number, of course) and won’t let you completely quit the app until you do.

Trend Micro also found fake Android apps, which it says are especially common in app stores across Russia and Vietnam. While these behave exactly like the original app (they’re not trial versions), they also connect, unknown to the user, to scammer’s servers to steal the user’s phone number, their carrier, and Gmail email address registered with the device.

Thankfully, these won’t do that much damage to the actual Android phone or tablet, but where the real damage can occur, is with the personal and sensitive information that is now in the criminal’s hands. Imagine if a scammer knew my smartphone number, knew who my cellphone provider was, and what my e-mail address was. They could gleam information about my physical address, where I bank and start a SIM card swap to gain access to my Internet banking account. It all started with FlappyBird and because it was addictive game that I had to play, I opened myself up to be exploited by scammers.

In short, Flappy Bird is dead, but the scams are only beginning. My advice is the same as always when it comes to Android malware: stick to Google Play and only install apps that you know are safe.

Apr
14

wordpress-under-attack-cropSince 12 April 2013, the WordPress blog system world-wide is facing its most serious coordinated brute force attack. Some WordPress hosts have reported that they have blocked as many as 60 million requests against their hosted WordPress customers in a single hour.

This attack, which targets administrative accounts, appear to be coming from a sophisticated botnet that may have as many as 100,000 computers, based on the number of unique Internet addresses the attacks are coming from.

…And Internet security experts have estimating that the botnet has the power to test as many as 2 billion passwords in an hour.

WordPress users should always make sure that their passwords, especially for admin accounts, are long and not guessable from a password list. Of course, that’s good advice for just about any password you use, but it’s especially applicable right now.

While it’s difficult to tell what the aggressor is trying to accomplish with this current round of password cracking, the consequences could be disastrous. It has been suggested that the perpetrator could be trying to upgrade a botnet composed of ordinary PCs into one that is made up of servers.

Last year, a brute force attack against Joomla sites created a server-grade botnet, created with a tool called Brobot, that overwhelmed US financial institutions with DDoS attacks.

One risk is that personal bloggers that set up WordPress installations might not have thought to set up a highly secure password. However, it’s not just the blogger’s posts that are at stake, as the attacker could potentially use the login to gain access to the hosting server, a more valuable prize that could cause even more damage.

This botnet is going around all of the WordPress blogs it can find trying to login with the “admin” username and a bunch of common passwords.

If you still use “admin” as a username on your blog, change it, use a strong password, and better still change the name of the admin account to something else, which will certain block the botnet attack.

I personally run 7 WordPress blogs, excluding this GERGABlog, and a year or so ago, after a attack crippled 3 of the sites, I removed the default “Admin” account and had set very strong passwords on all of them.

On Friday evening I installed a small plugin, recommended by my hosting company, which blocks an Internet address from making further attempts after a specified limit of retries is reached. I set the plugin to log all Internet Addesses that had been locked out, and after barely 30 minutes, 3 of my 7 blogs had logged more than 5 Internet addresses that has tried to attack my blog and had been locked out. I could see that the attack was underway and was very glad that my paranoia had paid off!

nessieWhat is a Virus/E-Mail Hoax?

Have you ever received an e-mail message that includes something like the following:

  •  A warning of a new virus that you should send on to everyone you know.
  • A warning of a scam that you should send on to everyone you know.
  • A petition to help the needy or some cause that wants you to forward it on to those who might be interested.
  • A get-rich-quick scheme that claims if you forward on the message you’ll receive money for each time it’s forwarded.
  • A claim that for each email sent someone in need will be helped by another organization.
  • A warning of a new virus or a scam that was sent out apparently by an organisation that is perceived as being legitimate and informed – like the South African Police.

These 6 scenarios account for almost all the virus and e-mail hoaxes you will see, and in almost all cases anything that follows any of these guidelines is a hoax, false, or an outdated petition that is just “floating” around the Internet. Before you consider forwarding any email that asks you to forward it to anyone else you should be able to do the following:

  •  Check the original date the message was created and sent.
  • Check the original sender of the message.
  • Check how many times the mail has been forwarded (Several FWD: Or Forwarded: in the subject line will be a clue)
  • Check any quotes made by any organizations mentioned with specific URL’s (web addresses) that backup the claims made in the message.
  • If the e-mail is for a cause, check the date of any action mentioned and/or the specific piece of legislation that is mentioned.

In general it is considered very bad manners  to forward a message on to a large number of people.

Why these Hoaxes Cause Problems?

Imagine if someone receives a message that tells them to forward it on to “everyone they know.” If  this person forwards the message on to 100 people, (which is not uncommon) and just a few people forward this message onto to another large group, the message will be duplicated thousands of times in a short period of time, often just hours.

A few thousand extra e-mails result in a bunch of wasted disk space, clogging of network bandwidth, and most importantly the complete waste of time for many professionals and, possibly, your friends all over the world. This simple e-mail hoax may cost thousands of dollars in wasted time by everyone involved. Consider the man hours wasted in dealing with these hoaxes and what is costing the organisation.

Furthermore the organisation is employing people to do a job and if these employees waste time sending out mail instead of doing their work, they are essentially robbing the organisation

What is equally disconcerting is that there might be a message that is true, or contains some important information, that is ignored because most of the previous e-mail have been hoaxes. (The old fairy tale of “The boy who cried wolf” is a good example)

 How to Tell if a Message is a Hoax?

Below is a message about a supposed screen saver that will wipe out your hard drive and “steal your password.” You can read about this virus hoax at http://www.symantec.com/avcenter/venc/data/buddylst.zip.html

Read after the message for some tips on how you can tell this is obviously a hoax.

 Subject: [Fwd: Beware of the Budweiser virus–really!]

 This information came from Microsoft yesterday morning. Please pass it on to anyone you know who has access to the Internet. You may receive an apparently harmless Budweiser Screensaver, If you do, DO NOT OPEN IT UNDER ANY CIRCUMSTANCES, but delete it immediately. Once opened, you will lose EVERYTHING on your PC. Your hard disk will be completely destroyed and the person who sent you the message will have access to your name and password via the Internet.

 As far as we know, the virus was circulated yesterday morning. It’s a new virus, and extremely dangerous. Please copy this information and e-mail it to everyone in your address book. We need to do all we can to block his virus. AOL has confirmed how dangerous it is, and there is no Antivirus program as yet which is capable of destroying it.

Please take all the necessary precautions, and pass this information on to your friends, acquaintances and work colleagues.

End of message.

EMAILCHIEF

 First, take look at the following text:

“This information came from Microsoft yesterday morning.”

The words “yesterday morning” are quite a clue. When was yesterday morning? Obviously not yesterday. What about Microsoft? If they are making some sort of announcement where is the web site address with this announcement? Why would Microsoft make an announcement about some random virus that has nothing to do with their company?

Please pass it on to anyone you know who has access to the Internet.

Anything that asks you to “pass it on to anyone you know who has access to the Internet” is a big flag. Any official group (Microsoft, AOL, etc.) are the last ones to ask you to forward e-mail to everyone you know. This goes against standard Internet policies and good etiquette. It just clogs up disks, networks and wastes everyone’s time.

“AOL has confirmed how dangerous it is…”

If AOL had confirmed anything they would certainly have a URL with this statement. Furthermore, what does AOL have to do with this? Finally, AOL is not an official virus reporting agency. You want to see things like CERT, Symantec (they make Norton AntiVirus), McAfee, F-PROT (they make F-PROT F-Secure), etc.

The following statement is a big sign:

“…and there is no Antivirus program as yet which is capable of destroying it.”

By the time the message gets to anyone, if the virus was for real, all the major antivirus programs would already have a check for this. Generally it takes just one or two days for a big company like Symantec, McAfee, or F-PROT to come up with a check for such a virus.

Finally, we have this:

“…the person who sent you the message will have access to your name and password via the Internet.”

What password? What do they mean by “via the Internet”? If you do store any of your passwords on your machine (e.g. dialup, in Eudora, etc.) it’s encrypted. Furthermore, suppose it’s some super virus and it can decrypt your passwords in certain circumstances, then what? Is it going to mail the password back to its creator? Now the South African Police can track them down easily and arrest them? None of this makes much sense. Many e-mail hoaxes make ridiculous statements such as this.

Where to Check if a Message is a Hoax

Before you consider forwarding a message about a “virus” or a petition, always check your sources, just because your elderly mother sent it from her computer, or the e-mail has a South African Police or SARS logo on it, doesn’t necessarily tell you that it is legitimate or true. Sometime a simple Google search with key terms will immediately give you an answer, often within a couple of seconds.

To check if a message is a hoax you can try out the following sites:

Snopes Urban Legends Reference Pages

http://www.snopes.com/

Symantec’s AntiVirus Research Center Virus Hoax Page

http://www.symantec.com/avcenter/hoax.html

 

Nov
23
Filed Under (Editorial) by dw on 23-11-2011

ISPA names and shames South Africa’s biggest spammers and email address resellers in their Hall of Shame

The South African Internet Service Providers’ Association (ISPA) updated their “Spam Hall of Shame” recently, naming and shaming the country’s spammers and e-mail address resellers.

Until recently it was mainly the embarrassment of appearing on this list which made it a deterrent to spammers, but an announcement by a local firm that it is using this data in fighting spam changes the game.

Pinpoint SecureMail said that they are integrating the Internet Service Providers’ Association (ISPA) Hall of Shame anti-spam watchlist in their e-mail protection software.

According to Yossi Hasson, managing director of Pinpoint SecureMail development company SYNAQ, this means that all companies listed on the ISPA spam Hall of Shame are immediately given an extra weighting on SYNAQ’s spam algorithms and are quarantined.

In the first three weeks following the ISPA Hall of Shame integration into Pinpoint SecureMail, SYNAQ identified and blocked 146,926 spam messages sent out by companies included in the list.

The latest spammers and email address resellers listed in ISPA’s spam hall of shame are as follows.

South African spammers:

  1. Dynamic Seminars
  2. New Heights 1268 / Jaco Derksen
  3. SA Webs (not SA Web Design)
  4. Ketler Presentations
  5. Brain Power
  6. Worldclass Mobile aka Marketing House
  7. World Class Products
  8. Kaleidoscope Advertising and eMarketing
  9. The Peer Group
  10. The SA Consumer Initiative
  11. Pinny Barak – Bizweb
  12. Promo Mail SA
  13. Greycell cc / Bad Credit Loans
  14. Eddy Wines
  15. Jake The Transporter
  16. Drive Car Sales / Justgroup-Africa
  17. No More Debt / Debt Free Living
  18. Marketing Now
  19. Body and Mind
  20. SA Passport
  21. Front Foot Events
  22. Plum Solutions
  23. Eezi Marketing
  24. Craig Sneeden C2IT
  25. Winners Circle
  26. Richard Catto
  27. Jimmie Somers
  28. South African Centre for Health Management cc
  29. African Experience Golf Tours
  30. FiF 247 Information Services
  31. Kevin Croft
  32. Tom Goldgamer
  33. Top In
  34. Master Lists
  35. Bulk eMail services
  36. IITA
  37. Kidz Memoriez
  38. Bidding Buzz
  39. Grunder Marketing
  40. SaveHost
  41. WebSites4SA – Johan Steyn
  42. Flossnet.org.za
  43. Marketing Counts
  44. Manhattan Hotel

Address resellers:

  1. Mark Tribelhorn
  2. Affordable Construction
  3. Rain Marketing
  4. Peter Van Wyk – Media Online (not The Media Online)
  5. Mandy Simone
  6. Timothy Heston
  7. Jonathan Schoeman: BP Media & SMSCity
  8. Verosha Bisnath
  9. ListSA
  10. Email Marketing South Africa
  11. Web Marketing Today
  12. All Things SA
  13. Data Corp SA
  14. Trinity Designs
  15. Trevor Jones
  16. MailMagic
  17. DataInc
  18. Jannie Pretorius, Group3Properties
  19. Silent G
  20. Michael Fraser, Pink Soda Marketing
  21. Graham Naude, Eezi Marketing
  22. Marketing Now
  23. Abram Morake
  24. Aqua Direct Marketing
  25. Master Lists SA
  26. Bulk eMail services
  27. marketing.counts@gmail.com
  28. Tony Baker – SA Data Marketing
  29. Lowveld Media

Staff Writer – MyBroadband.co.za

Nov
15
Filed Under (Editorial, Tips) by dw on 15-11-2011

Jerry Bryan immediately knew there was something wrong at his church. He knew it the second he opened up the email from the pastor. As a highly respected member of his church and a known technophile, Jerry was often consulted by the pastor concerning technical matters. In this case, however, the pastor was passing along a serious warning.

A secretary at his church had received an email from a friend that scared her:

I have some bad news. I was just informed that my address book has been infected with a virus. As a result, so has yours because your address is in my book. The virus is called jdbgmgr.exe. It cannot be detected by Norton or McAfee anti-virus programs. It sits quietly for about 14 days before damaging the system. It is sent automatically by messenger and address book, whether or not you send email. The good news is that it is easy to get rid of!

Just follow these simple steps and you should have no problem.

  1. Go to Start, then Find or Search
  2. In files/folders, write the name jdbgmgr.exe
  3. Be sure to search in you “C” drive
  4. Click Find or Search
  5. The virus has a teddy bear logo with the name jdbgmgr.exe – DO NOT OPEN!!
  6. RIGHT click and delete it
  7. Go to the recycle bin and delete it there also

IF YOU FIND THE VIRUS, YOU MUST CONTACT EVERYONE IN YOUR ADDRESS BOOK
Sorry for the trouble, but this is something I had no control over. I received it from someone else’s address book.

After receiving the email, the secretary looked, and sure enough, jdbgmgr.exe was sitting on her hard drive! She had a virus! She put in a call for the church’s tech people and then began to check other computers in the building. They all had the virus! jdbgmgr.exe was everywhere! A mass program of cleansing was about to begin, but Jerry got back to the pastor just in time with some good news. The church was not the victim of a virus. It was the victim of a hoax: the jdbgmgr.exe virus hoax.

After arising among Spanish-speaking Net users in early April 2002, the hoax quickly spread to English-speakers by mid-April. No one knows how many people fell for it, but it continues to this day, as the story above proves. Unfortunately, when people delete jdbgmgr.exe, they are not deleting a malicious virus; instead, they are deleting a system file placed on their computer by Microsoft.

Microsoft explains in its Knowledge Base article that jdbgmgr.exe is the “Microsoft Debugger Registrar for Java”. Fortunately, if you delete the file, you’re not really affected unless you use Microsoft Visual J++ 1.1 to develop programs written in the Java programming language. If you are such a developer, then you need to follow the instructions Microsoft gives on its Web page.

A Brief History of Hoaxes

The jdbgmgr.exe virus hoax is by no means an isolated incident. Indeed, there has been a rash of virus hoaxes in recent years. For instance, there was the “Budweiser Frogs screensaver” hoax in 1997. This email warned folks that a “creepoid scam-artist” was sending “a very desirable screen-saver (the Bud frogs)” that would, if downloaded, cause you to “lose everything!!!!”, while at the same time, “someone from the Internet will get your screen name and password!”. Of course, nothing of the sort would occur if you loaded the screensaver. Granted, you might find yourself thinking about enjoying a cold one, but you certainly wouldn’t find your computer affected. The logical impossibility of hard drive failure at the same time your username and password are not only saved but sent to “someone from the Internet” never seemed to cross the minds of this hoax’s victims.

Another hoax that frightened people was the so-called ” Virtual Card for You” virus of 2000. Victims were warned, via email, that a “new virus has just been discovered that has been classified by Microsoft (www.microsoft.com) and by McAfee (www.mcafee.com) as the most destructive ever!”. Details continued:

This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title “A Virtual Card for You”.

As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk.

Please distribute this message to the greatest number of people possible. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN (www.cnn.com).

There was no truth to the statements in this email. There was no virus, CNN didn’t broadcast a warning, and there was certainly no panic in New York (Like a little computer virus would panic New Yorkers! It takes something serious to get New Yorkers to panic — like a shortage of cream cheese at Zabar’s, or a gigantic gorilla on top of the Empire State Building.). Nonetheless, thousands of people fell for it, and the email continues to make the rounds.

Although virus hoaxes have been circulating since 1988, the granddaddy of them all is the supposed Good Times virus, the first really successful virus hoax. It started life on AOL in 1994, and it still pops up today. Its descendants are legion, as many other virus hoaxes have copied some aspect of Good Times. In that sense, it can be said to be the most influential virus hoax of all. The virus read as follows:

Some miscreant is sending email under the title “Good Times” nationwide, if you get anything like this, DON’T DOWN LOAD THE FILE!

It has a virus that rewrites your hard drive, obliterating anything on it. Please be careful and forward this mail to anyone you care about. The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the Internet. Apparently a new computer virus has been engineered by a user of AMERICA ON LINE that is unparalleled in its destructive capability. … What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing email systems of the Internet.

Once a Computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer’s processor will be placed in an nth-complexity infinite binary loop – which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the “Good Times” virus. It always travels to new computers the same way in a text email message with the subject line reading “Good Times”. Avoiding infection is easy once the file has been received simply by NOT READING IT! The act of loading the file into the mail server’s ASCII buffer causes the “Good Times” mainline program to initialize and execute.

The program is highly intelligent – it will send copies of itself to everyone whose email address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on.

The bottom line is: – if you receive a file with the subject line “Good Times”, delete it immediately! Do not read it. Rest assured that whoever’s name was on the “From” line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.

********IMPORTANT******* PLEASE SEND TO PEOPLE YOU CARE ABOUT OR JUST PEOPLE ONLINE

As with the other hoaxes we have looked at, this “warning” was full of lies and misconceptions. There is no way that simply viewing a plain-text email could infect someone’s machine with a virus (unfortunately, the same is not true for folks that use Outlook to view HTML-formatted email, as my SecurityFocus articles on Outlook security discussed). It used fancy-sounding “techie” words that sound impressive to non-technical people, but actually mean nothing at all, like the “nth-complexity infinite binary loop”, whatever that is. And finally, do you really think that a user of America OnLine could create anything like a virus this technically complex?

The Good Times hoax was fairly ironic. Often, system administrators would get the email and immediately forward it to everyone in their companies, warning employees not to open any email with “Good Times” in the subject. Of course, the email warning people not to open any email with “Good Times” in the subject HAD the words “Good Times” in the subject! This didn’t damage any computers, but it did produce severe cases of cognitive dissonance in irony-impaired workers all across America.

There’s One Born Every Minute – Or is There?

So why do people fall for these hoaxes? A lot of it goes back to the noble desire to help others. Who wouldn’t want to warn others about a disaster? And it’s so easy to send the warning to hundreds of people at one time: with just a click, you’ve saved your friends from a virus!

Another consideration is the uncertainty that people feel in dealing with computers. Look at the jdbgmgr.exe hoax, which is actually quite ingenious in its fashion. By asking users to confirm that the file is on their computer, it makes people feel like they are participating in their own computer security. Most computer users typically can’t “see” a virus, just the aftermath. This, coupled with the anxiety many people feel about their computers — these large, complicated machines that they really don’t understand — leads to a feeling of certainty when the jdbgmgr.exe file is found on their machines. “Aha!” they think, “Caught one! And there’s the proof — right in front of my eyes!”

It’s funny, but most people would never fall for such a trick in real life. Let’s say I walked up to the same people that fell for the jdbgmgr.exe trick and said, “There are terrorists in this neighborhood. If you see a man in a black hat, call the police, because he’s a terrorist!” Minutes later, a man in a black hat walks by. Would these people call the police? Probably not. They would use their common-sense, their experience of the normal everyday rhythms of life, to judge whether or not someone is a threat.

Computers, however, are the equivalent of a foreign country for many people. When someone is in a country with which they are not familiar, perhaps feeling anxiety because they don’t understand the language (“nth-complexity infinite binary loop”, anyone?), they are more likely to grab onto signposts that will help them. In such a situation, they might be far more likely to fall for my false warning about terrorists.

And if the warning came not from a stranger, but from a friend or acquaintance, as happened when jdbgmgr.exe warnings arrived in email inboxes, then the likelihood of falling victim to a hoax skyrockets. After all, in a foreign country, isn’t the sight of a fellow countryperson always welcome?

Another reason people fall for hoaxes is because they know that anti-virus programs, unfortunately, do not always work. Many viruses spread so quickly that they overwhelm users before anti-virus vendors can update their software. The “Melissa” and “I love you” viruses are good examples of this phenomena. So when users “see” — or think they see, a la jdbgmgr.exe — evidence of the “virus” on their computers, but their anti-virus software says there is no virus, many users are going to believe their eyes and not their software.

Even worse, many users pay no attention to the neccessity of updating their anti-virus software. I have seen office computers with anti-virus databases that are years out of date. When I ask these users why they haven’t updated their software, they typically respond with a blank stare and a plaintive but accurate excuse: “I didn’t know I needed to do that.”

Not Just Harmless Fun – The Real Dangers of Hoaxes

Virus hoaxes are not real viruses, by definition, but that doesn’t mean they don’t have negative effects. In fact, virus hoaxes can be quite damaging in a number of different ways.

First, it is quite possible that a hoax may end up damaging your computer. The email itself won’t have caused the damage. Instead, the email will have convinced you to damage your own computer, as my story about the the jdbgmgr.exe email demonstrates. The folks in Jerry Bryan’s church were ready to remove files from their computer that they in fact did not need to remove. They were fortunate that they really didn’t need the file in question, but what about next time? What if the hoax author had more malicious intentions and had instructed gullible recipients to remove a key system file or directory?

Second, a virus hoax results in a waste of resources. The victim wastes valuable time dealing with garbage, and time, after all, is money. People sending the message to friends, family, and colleagues waste bandwidth on the Internet and mail servers. Since these emails usually arrive chock-full of email addresses in the “To” and “CC” fields, spammers treat such warnings as a free gift full of new, valid email addresses they can exploit, further compounding the problem of wasted resources. So remember: if you forward that virus warning, you’ve just multiplied all of the losses above to include everyone else in your address book.

A virus hoax can damage your reputation, or at least make you the butt of jokes. When I receive an email from an acquaintance warning me about jdbgmgr.exe and its dangers, I just shake my head and think “Newbie!” … before I help them. If you forward that email along to 100 folks thinking you’ve done your duty, you’re going to feel pretty sheepish having to send another email letting them know you just made a foolish mistake — and a mistake that could have been prevented with just a little bit of checking on your part first.

Finally, virus hoaxes can have a corrosive effect on security. How? Consider the story of the boy who cried wolf. Similarly, virus hoaxes can undermine the attention that end users pay to rigorous security measures. As a result, users may fall into lax security habits, underestimating the dangers of real viruses because of the frequency of false alarms represented by hoaxes.

How to Spot a Virus

There are definite signs that indicate when a virus warning is in fact a hoax. With common sense and a healthy dose of skepticism, you can help make the Internet a better place by helping stop hoaxes before they spread.

First, don’t fall for a warning just because it “sounds” technical. As we have seen above (remember our friend the “nth-complexity infinite binary loop”?), technical-sounding language means nothing. In fact, most real virus warnings from real organizations don’t use a lot of technical language. They try to explain the problem and the solution in language that is simple and direct.

Just because the email came from your friend the computer nerd doesn’t mean it’s correct. Even if he works at Microsoft. And just because the email claims to be reporting the words of the FCC, or the FBI, or a respected anti-virus vendor, or some other government agency or company doesn’t make it more likely to be true. Search the Web sites of the organizations that are mentioned in the email before believing what you read. Further, do a Google search on the virus name: that may produce immediate results indicating whether the virus is real or a hoax.

If the email has a lot of exclamation points or words or phrases written in CAPITAL LETTERS, it is more than likely false. Real security alerts from reputable organizations don’t use such techniques. However, the creators of virus hoaxes do use such techniques, because they know that people are influenced by their emotions. If the email pushes emotional buttons, but doesn’t offer much in the way of verifiable fact, it’s a hoax.

The worse the virus sounds, the less likely its existence. Sure, some viruses do destructive things, but most do not. And the effects attributed to viruses in hoax emails are usually nothing short of apocalyptic: erased hard drives, destroyed systems, and panic in the streets. Be especially suspicious anytime a virus is described using a superlative, as in “most destructive”, “worst ever”, and so on.

Finally, if the “warning” says to pass it along to everyone you know, it is without doubt a fake. In effect, if you pass along warnings, then YOU become the means by which the virus hoax propagates. Real virus warnings never encourage you to forward them; instead, they direct you to a Web site for further information. Break the chain! Don’t forward emails warning about viruses!

But what if you do get an email that seems real? Don’t panic. And don’t forward it to everyone on God’s green earth. Check it out first. Ask the technical department at your company. If they’re not available, there are some excellent resources on the Web that can help you verify the truth of a virus warning.

The major anti-virus vendors all have pages about hoaxes. In particular, Symantec, makers of Norton Anti-Virus, and McAfee have in-depth and timely information that can help you sort truth from fiction. Two outstanding sites that cover these hoaxes in depth are at Vmyths.com: Hoaxes A-Z and Snopes.com. Finally, I have a page on my Web site that gathers together these and other resources.

A Last Desparate Warning

In conclusion, I have some bad news. I need to warn my readers about a terrible new virus that’s going around. Seriously! This one is real, and I urge you to watch for it and take the appropriate measures. I received the following dire warning in an email today that I must pass along to you, so you can protect yourself. Forward it to all your friends, so we can all help stop this hideous scourge before it brings the world to its knees!

If you receive an Email with the subject line “Badtimes” delete it IMMEDIATELY, WITHOUT READING it. This is the most dangerous Email virus yet.

Not only will it completely rewrite your hard drive, but it will scramble any disks that are even close to your computer. It also demagnetises the strips on your credit cards. It reprograms your ATM access code, screws up the tracking on your VCR and uses subspace field harmonics to scratch any CD’s you try to play. It will recalibrate your refrigerator’s coolness settings so all your ice cream melts and your milk curdles. It will give your ex-boy/girlfriend your new phone number. This virus will mix antifreeze into your fish tank. It will drink all your beer. It will even leave dirty socks on the coffee table when you are expecting company.

It will hide your car keys when you are late for work and interfere with your car radio reception so you hear only static while stuck in traffic. When executed “Badtimes” will give you nightmares about circus midgets. It will replace your shampoo with Nair and deodorant with Surface Spray. It will give you Dutch Elm Disease and Tinea. If the “Badtimes” message is opened in a Windows95 environment, it will leave the toilet seat up and leave your hairdryer plugged in dangerously close to a full bathtub.

It will not only remove the forbidden tags from your mattresses and pillows, but it will refill your skim milk with whole milk. It has been known to disregard ‘Open This End’ labels and can make you ‘Push’ a door that says ‘Pull’ and vice versa. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve. These are just a few signs.

You have been warned!

by Scott Granneman

Oct
07

Steve Jobs – CEO and co-founder of Apple – who passed away on 5th October – hasn’t even been buried yet and already there are numerous scams using his name and company to extort information and money.

As an example, the stevejobsfuneral.com site, attempts to collect e-mail addresses for a supposed lottery with a 1-in-15 chance to win a Macbook. And it links to an online store selling Apple products as way to pay tribute to Jobs, by buying Apple products.

Conveniently for the site, this link also contains affiliate advertising info that brings revenue for any purchases made though the link.

It is probably needless to say that people should avoid stevejobsfuneral.com, which was already registered on September 20th. The vultures have been circling around for quite a while.