Jim Plumb

This lovely fake email from “Microsoft Windows Computer Safety Division” wants to help me with my Conficker.B virus with a free virus scanner they’ve so thoughtfully attached to the email. Of course, what they’ve attached is a program to infect my computer with aforesaid Conficker.B or something worse like a rootkit. Unfortunately, some people will go, “Ooooh, something free from Microsoft!” and run the program and get infected.

==========================

Subject:  Conflicker.B Infection Alert

Dear Microsoft Customer,

Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

Attachments: open.zip

Have you received an email from the so-called Internet Service Provider Consorcium threatening to suspend you for illegal activities? Well, you can rest assured it’s a fake email. First of all, if they were who they said they were it would be Consortium not Consorcium. Any group that can’t spell its own name right has got to be bogus. This email has an attachment (report.zip/report.exe) that Malwarebytes says contains a Trojan. Here’s the text of the email:

===================

Subject: Your internet access is going to get suspended

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

Received this bogus email today from someone claiming to be from the Center for Disease Control.

===============

Subject: Instructions on creation of your personal Vaccination Profile

You have received this e-mail because of the launching of State Vaccination H1N1 Program.

You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.
Create your Personal H1N1 Vaccination Profile using the link:

Create Personal Profile

This is a fake email from the Social Security administration. Don’t open this email, IT’S FAKE! They wouldn’t know your email address anyway.

——————

Subject: Watch for errors on Social Security statement

Due to possible calculation errors, your annual Social Security statement may contain errors.

Use the link below to review your annual Social Security statement:

Review your annual Social Security statement

————————————————-
This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.

When looking at your “View Available Wireless Networks” button in Windows, have you ever noticed listings for either of the above? I noticed these today and had no idea where they came from since I live in the boonies, I know what wireless networks I have in my house and I know I can pick up my neighbors unsecured linksys network as well.  I googled the Internet Oasis (FREE) term and found something puzzling: both of these are part of some kind of viral wireless network. I found an article that explains what’s going on: http://blogs.techrepublic.com.com/hiner/?p=602%3E.

It also shows in this article how to delete these wireless traps. One way is to right-click on My Network Places and select properties. You should see an entry for “Wireless Network Connection”. Right-click on that and click on the “Wireless Networks” tab. You’ll see in the middle of that window a list of “Preferred networks”. Find Internet Oasis and Free Public WiFi and remove them from the list. That will prevent you from automatically joining them if you’re in their area. I would also delete any others that you aren’t familiar with.

Never heard of these guys. Obviously a fake email. Also, it has one of those big hairy URLs that probably goes to a server run by the Russian mob. Please delete this email if you receive it.

Subject: Your ACH transaction was rejected by The Electronic Payments Association

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report
——————————————————————

Copyright ©2009 by NACHA - The Electronic Payments Association

We’ve been receiving fake phishing emails with instructions on the “new” facebook login system. If you receive this email, don’t click on the links!

Here’s another variation I’ve been receiving:

Subject: Facebook Password Reset Confirmation

Hey jim ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

Attached to this email is a zip file, which is bound to be carrying something pretty nasty. I scanned it with Microsoft Security Essentials and received this report:

Detected Items: TrojanDownloader:Win32/Bredolab.X

Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
containerfile:C:\tmp\Facebook_Password_c89a7.zip
file:C:\tmp\Facebook_Password_c89a7.zip->Facebook_Password_c89a7.exe->(UPX)
file:C:\tmp\Facebook_Password_c89a7.zip->Facebook_Password_c89a7.exe->[DynDrop]->(UPX)

If you receive an email similar to the one below, you aren’t alone. Not sure what the purpose is, if only to try can steal your domain name. If you notice, in her signature, she cannot even spell her own domain correctly. And to top it off, when deleting this email, she wanted a “receipt upon deletion”. What nerve! Good luck to “Keanu Reed” in trying to register my domain name.

Subject: Checking the [domain name] company’s domain name

Dear Manager,

We are a professional Internet consultant organization in Asia,which mainly deal with the global companies’domain name registration and internet intellectual property right protection.Currently,we have a pretty important issue needing to confirm with your company.On 2009-8-17,we received an application formally,one person named “Keanu Reed” wanted to applied for the Internet brand “[domain name]” and some domain names through our body.

During our preliminary investigation,we found that these domain names’ keyword and internet brand is related with your trademark.I wonder whether you consigned “Keanu Reed” to register these domain names through us or not?Or is “Keanu Reed” your business partner or distributor in Asia?Currently,we have postponed this application of this company temporarily already.In order to deal with this issue better,please let the principal make a confirmation with me by telephone or email ASAP.

In addition,I must state that we have time limited for one person or one company’s registration.It is just 15 days.If your company files doesn’t resent within the time limited.We will unconditionally authorized the application of ” Keanu Reed”.

Thank you for your cooperation.

Best Regards,

Linda Jan

Mail:linda@worldwidenic.org

Web:www.workdwidenic.org

 Received this on Skype today:

[1:11:04 PM] Online Repair says: WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

http://www.onlinerepair.org/

For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser !

DO NOT CLICK ON THE LINK if you’ve received this. Just block the user and be done with it.

Some kind of bad if you click on the link for this “Critical Update” to Windows Outlook or Outlook Express.

—————