Welcome to the weekly roundup of articles from the developers of the blogs that are members of the What’s On My PC blogroll community. I encourage you to visit these blogs to learn more about information technology and computers. To these authors, I say Thank You!
Trend Micro (Malware Blog) is reporting that the Conficker worm has awakened and received instruction to download malware to the host PC that masquerades as antivirus software, called “Spyware Protect 2009”.
Having followed the activities of Eastern European online cyber crime for several years, there is one thing we are certain about — these criminals are motivated by one thing: money.
How was Downad/Conficker helping them meet their goals? It wasn’t. A very large botnet of compromised computers doesn’t make money if it justs “sits there” doing nothing.
So now we saw — as described above — that the Downad/Conficker botnet has awakened, and perhaps their desire to monetizing their efforts is becoming more clear.
In the latest activity, we see infected Downad.KK/Conficker.C nodes pulling down new Waledac binaries (perhaps for spamming, as Waledac has been known to do)from a fast-flux domain infrastructure, but also now it is also installing Fake/Rogue AntiVirus (AV) malware, too.
Conficker is a worm that was crafted to take advantage of a vulnerability in Windows that Microsoft patched back in October 2008. It has been a hot topic, not only in the tech world, but with everyday users. If you maintained your updates, then you are sufficiently protected. The PC’s that are still infected (which were in the millions), have become part of the Conficker botnet, that work together as a group (network) to periodically communicate with its’ source to acquire instructions and wreak havoc, such as downloading and installing “Spyware Protect 2009”. In this case the malicious software displays a warning messages saying that the computer is infected and offering to clean it up for $49.95. If you are infected, shut down your PC and consult with your IT guru for removal.
In essence what is being seen is that Conficker is finally showing its’ true colors by activating itself to aid the creators of this worm (cybercriminals) in duping people out of money. There is also evidence that Conficker has downloaded another, separate worm called Waledac onto the infected systems. Waledac is a known botnet linked to data theft and email spam campaigns. If you start seeing popups advocating “Spyware Protect 2009” and you find that you are being blocked from legitimate security sites, then you are infected. Another sign is that your automatic updates or other security services on your PC will become disabled.
Some standalone removal tools for Conficker:
Eset Win32/Conficker Worm Removal Tool – [ Download ]
McAfee AVERT W32/Conficker Stinger – [ Download ]
Sophos Conficker Cleanup Tool (Stand-Alone Computer) -[ Download ]
Symantec W32.Downadup Removal Tool – [ Download ]
Norman Malware Cleaner – [ Download ]
After the PC is clean, I suggest you download and run:
Malwarebytes Anti-Malware – [ Download ]
SuperAntiSpyware – [ Download ]
If you are someone that depends on the Windows Live Hotmail service for email, how would you like to wake up and find that you were unable to login into your account; then later discover that everyone in your address book received an email that you were in urgent need of help and that you needed money? A friend of mine recently experienced this type of situation. What had happened was that his Hotmail account had been hijacked and stolen. The hijacker accessed the account, changed the password and then sent out the following email to everyone in the address book in an attempt to steal money through deception.
Email Subject: YOUR HELP IS URGENTLY NEEDED
Hello. please I need your help. I am caught up on an International conference and am on my way back. I lost all my personal effects, and I am stranded and so confused at the moment I need a sum of about $1000 to put me through the embassy and sort out the travel agencies. I will refund the money to you sooner than you expect. Please I need you to keep this confidential!!! Let me know if you can be of assistance so I can give you the name of the agent and details to send the money to through Western Union Money Transfer. Sorry for any inconveniences i would have call you but i lost my cell phone as well… I will really appreciate this. I will fill you in on this as soon as I can Thank you very much
Most people will let this type of incident pass and will simply subscribe to another account. My advice is to be persistent and report this matter to Microsoft Live Hotmail immediately and attempt to get your account name back (especially if your email name is your real name).
If you experience this type of situation where your Windows Live Hotmail account has been hijacked or stolen you will soon find that there is no customer support telephone hotline for Hotmail.
- Make sure you have an another email account to communicate with Microsoft (remember, your hotmail account has been hijacked and you can no longer access it).
- If you suspect that someone has used or stolen your Windows Live Hotmail ID – CLICK HERE FOR WINDOWS LIVE HOTMAIL SUPPORT
- Complete and submit the form on the Windows Live Validation Page which is a form designed to validate ownership of an account. You will be asked questions that you would only know about.
With the wave of cloud apps appearing on the internet, I knew it would be a matter of time before malware would find its’ way into the cloud. Panda Labs, an international network of research and technical support centers devoted to protecting users against viruses, discovered an interesting “cloud” tactic that is being used to trick computer users into infecting themselves with malware.
The cybercriminals in this particular case have created a pretend web site (called ScanVirus – Cumulative Online Antivirus Service) that lures the visitor into thinking their computer is infected (see graphic below). The confidence of the visitor is gained from the displayed logos that are “copies” of logos from actual legitimate anti-virus and anti-malware companies. Upon visiting the site, the visitor is prompted to download a file called “AntiVir.exe”, which Panda Labs has identified as being malware (called “Adware/Antivirus 2009).
To learn more about “malware” and to download software to “protect” your PC, I encourage you to read the following:
Basic Computer Security Precautions You Need To Know
(at Bill Mullin’s “Tech Thoughts)
Internet Plague – Rogue Antivirus
(at TechPaul’s “Tech-for Everyone”)
Recently I posted a topic “Tis the season to be email scammed..” and someone asked me, “How does someone fall for something that is so obvious?”. I thought about this awhile and concluded that there are certain psychological elements or behavioral characteristics that are within us all that the cybercriminal focuses upon when crafting the scam email.
Greed – visions of grandeur; that inner compulsive or excessive desire to acquire more or you feel you deserve more. Almost in a sense it is uncontrollable and you will believe just about anything (even when you doubt it); especially if it is something that you think will enhance your standing and is only a “mouse click a way”.
Compassion – a deep awareness of and sympathy for another’s suffering AND the wanting to do something about it… Like greed, it is a behavioral element that can be uncontrollable as well; the person feels a sincere obligation to help. They like to trust everyone!
Vulnerability (Newbies) – a newcomer to computers and the internet. Very vulnerable, susceptible, fearful, afraid they will look dumb if they ask nonsensical questions; AND they don’t know that you should “believe nothing and verify everything”. A Newbie mixed with Greed; or A Newbie mixed with Compassion are prime targets, in my opinion, for an email scam.
Remember, these are just my thoughts and I am no Psychologist by any means; however, to put this all into perspective and to show “in real life” how the psychology of a person can be used against them; click on the link below, “Woman Bilked Of $400K By Nigerian Internet Scam”. This is an article and video that is featured on the “Tech-for Everyone” web site.