p3

Beware-of-the-cnncom-daily-top-ten-email or CNN alert.

This e-mail poses as "The Daily Top 10" from CNN. The funny thing about this email ... When HTML is enabled, you see something completely different from what you see in plain text. Viewed in plain text, the links go to real videos on CNN. The unsubscribe link at the bottom is very convincing as your email is part of the URL linking to CNN.(IMG:http://www.bluetack.co.uk/Kimberly/Logs/mail11.jpg)

When viewed in HTML, the same malicious link hides behind the headlines of the top 10 videos / stories and leads us to a fake Flash upgrade.
(IMG:http://www.bluetack.co.uk/Kimberly/Logs/mail10.jpg
(IMG:http://www.bluetack.co.uk/Kimberly/Logs/mail12.jpg)

This little "visual" trick is archived using
Content-type: multipart/alternative; boundary=[removed] the in the email.

"CNN.com Daily Top 10”. Here is what the email contains:

CNN.com daily top ten email

Don't click these links. because they might be highly dangerous viruses, malware, Trojans or something else nasty.

You are offered nude videos of Angelina Jolie, celebs seen nude on the beach and similar. DO NOT be tempted to have a peek. Once you have clicked you are infected with a Trojan virus. If you are Outraged of Oxted or Livid of Limpsfield by the content and frequency (I receive about ten a day) do not be tempted to click the 'unsubscribe' link. This will also implant a Trojan on your system and also tell the malicious sender that you exist!

In any case, I recommend that you neither send nor receive messages as html. The message can put a window off your screen but contain malicious content although it is invisible to you. Also, behind that pretty coloured background can exist invisible links to anywhere - malicious sites, porn, gambling etc.

What should you do?

1. Delete the e-mail, not just from your Inbox but from Spam or Junk folder where is might be consigned.
2. Buy some anti-virus/firewall software. Make sure you use it properly. Left to its own will not guarantee protection.
3. In addition to running your anti-virus program, download Lavasoft Ad-aware and Spybot Search & Destroy. Google will find the best download sites for you. They are free to non-business users. Run both programs and you will be surprised at what they reveal and how you can eliminate problems!

Virus Threat - Trojan.Peacomm (copy from Symantec)

Trojan.Peacomm is one of a number of spamming Trojan horse programs Symantec has seen lately that appear to originate from Russia and are clearly aimed at making money for the author by pumping up penny stocks. The victim is enticed through social engineering techniques to open an attachment, which typically appears to be a video clip on a recent, newsworthy event.

The trojan horse arrives as an attachment to an email purporting to contain a video of one of several different recent news stories. The email itself will have no message body, but will have one of several subject lines such as "A killer at 11, he's free at 21 and kill again!," "Fidel Castro Dead," "Re: Your Text." For a complete list of subject lines

  •     * A killer at 11, he's free at 21 and kill again!
  •     * U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  •     * British Muslims Genocide
  •     * Naked teens attack home director.
  •     * 230 dead as storm batters Europe.
  •     * Re: Your text
  •     * Radical Muslim drinking enemies's blood.
  •     * Chinese missile shot down Russian satellite
  •     * Chinese missile shot down Russian aircraft
  •     * Chinese missile shot down USA aircraft
  •     * Chinese missile shot down USA satellite
  •     * Russian missile shot down USA aircraft
  •     * Russian missile shot down USA satellite
  •     * Russian missile shot down Chinese aircraft
  •     * Russian missile shot down Chinese satellite
  •     * Saddam Hussein safe and sound!
  •     * Saddam Hussein alive!
  •     * Venezuelan leader: "Let's the War beginning".
  •     * Fidel Castro dead.

Attachment:

One of the following:

  •     * FullVideo.exe
  •     * Full Story.exe
  •     * Video.exe
  •     * Read More.exe
  •     * FullClip.exe
  •     * GreetingPostcard.exe
  •     * MoreHere.exe
  •     * FlashPostcard.exe
  •     * GreetingCard.exe
  •     * ClickHere.exe
  •     * ReadMore.exe
  •     * FlashPostcard.exe
  •     * FullNews.exe

__________________________________________________________________________ _
What is a Trojan Horse?

This term "Trojan Horse" comes from a Greek fable, in which the Greeks presented a giant wooden horse to the Trojans as a peace offering. However, a nasty surprise awaited the Trojans as Greek soldiers sprung out of the hollow horse and captured Troy. Similarly, a Trojan horse program presents itself as a useful computer program, while it actually causes havoc and damage to your computer.

Increasingly, Trojans are the first stage of an attack and their primary purpose is to stay hidden while downloading and installing a stronger threat such as a bot. Unlike viruses and worms, Trojan horses cannot spread by themselves. They are often delivered to a victim through an email message where it masquerades as an image or joke, or by a malicious website, which installs the Trojan horse on a computer through vulnerabilities in web browser software such as Microsoft Internet Explorer.

After it is installed, the Trojan horse lurks silently on the infected machine, invisibly carrying out its misdeeds, such as downloading spyware, while the victim continues on with their normal activities.

Samantha Scam

In the letter Samantha predicts a dire outcome for you unless you tear the enclosed Jack of Spades playing card into four pieces and post it back to her with a 'modest donation' of 10.
This is a common direct mail scam. Don't reply - destroy them without responding. Don’t send money or you’ll receive further scams, because your name will be added to a 'sucker' list. Stop junk mail by registering with the Mailing Preference Service.

Died intestate

You will receive an e-mail informing you of somebody who died without leaving a will and who has  millions to give away. The e-mail purports to come from a company - usually UK based - which is trying to find a legitimate inheritor. Your surname will be mentioned and you are invited to supply details about yourself. Just dump the message. If you follow it up, you will certainly be asked for money.

The following is typical.

“My name is JOHN FORTESCUE BLENKINSOP; I am a senior partner in the firm of TakeYourMoney Consulting Limited: Private Investigators and Security Consultants. We are conducting a standard process investigation on behalf of UNION BANK PLC, the International Banking Conglomerate. This investigation involves a client who shares the same surname with you and also the circumstances surrounding

Investments made by this client at UNION BANK PLC. Republic, the Private Banking arm of UNION BANK PLC. The UNION BANK PLC. Private Banking client died intestate and nominated no successor in title over the investments made with the bank. The essence of this communication with you is to request you provide us information/comments on any or all of the four issues: 1-Are you aware of any relative/relation who shares your same name ******* last known contact address was Brussels Belgium?

2-Are you aware of any investment of considerable value made by such a person at the Private Banking Division of UNION BANK PLC.?

3-Born on the 1st of October 1941

4-Can you establish beyond reasonable doubt your eligibility to assume status of successor in title to the deceased? It is pertinent that you inform us ASAP whether or not you are familiar with this personality that we may put an end to this communication with you and our inquiries surrounding this personality. You must appreciate that we are constrained from providing you with more detailed information at this point.

Please respond to this mail as soon as possible to afford us the opportunity to close this investigation.”

Don’t click on mail with the subject “IE Explorer 7 or 8” of “Free download” purporting to come from Microsoft. They also contain Trojans.

You are offered nude videos of Angelina Jolie, celebs seen nude on the beach and similar. DO NOT be tempted to have a peek. Once you have clicked you are infected with a Trojan virus. If you are Outraged of Oxted or Livid of Limpsfield by the content and frequency (I receive about ten a day) do not be tempted to click the 'unsubscribe' link. This will also implant a Trojan on your system and also tell the malicious sender that you exist! In any case, I recommend that you neither send nor receive messages as html. The message can put a window off your screen but contain malicious content although it is invisible to you. Also, behind that pretty coloured background can exist invisible links to anywhere - malicious sites, porn, gambling etc.

Don’t open the zip. It contains a Trojan
“Unfortunately we were not able to deliver postal package you sent on August the 1st in time because the recipient?s address is not correct. Please print out the invoice copy attached and collect the package at our office. Your FEDEX.com”

What should you do?
1. Delete the e-mail, not just from your Inbox but from Spam or Junk folder where is might be consigned.
2. Buy some anti-virus/firewall software. Make sure you use it properly. Left to its own will not guarantee protection.  Read more.

Scams, Crimeware, viruses,Trojans and Spyware. Your computer could be distributing it to your friends. Read how YOU can stop it.

Scam alerts and  Phishing are on the increase.
You might be e-mailed to update your PayPal details. This is almost certainly a Scam so just delete the message. Don’t answer it in any way because that just confirms that you are the intended recipient! Similarly, Nationwide, Lloyds TSB and Abbey customers are under attack.

New Credit card scam 28th November 2007

This one is pretty slick since they provide YOU with all the information, except the one piece they want. Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself. One of our employees was called on Wednesday from 'VISA', and I was called on Thursday from 'MasterCard'. The scam works like this: Person calling says, 'This is (name), and I'm calling from the Security and Fraud Department at VISA. My badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank) did you purchase an Anti-Telemarketing Device for 497.99 from a Marketing company based in London?' When you say 'No', the caller continues with, 'Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from 297 to 497, just under the 500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?' You say 'yes'. The caller continues - 'I will be starting a fraud investigation. If you have any questions, you should call the 0800 number listed on the back of your card (0800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. 'Do you need me to read it again?' Here's the IMPORTANT part on how the scam works the caller then says, 'I need to verify you are in possession of your card.' He'll ask you to 'turn your card over and look for some numbers.' There are 7 numbers; the first 4 are part of your card number, the next 3 are the security numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, 'That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?' After you say, 'No,' the caller then thanks you and states, 'Don't hesitate to call back if you do', and hangs up. You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of 497.99 was charged to our card. Long story - short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or MasterCard directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report. What makes this more remarkable is that on Thursday, I got a call from a 'Jason Richardson of MasterCard' with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening .Please pass this on to all your family and friends. By informing each other, we protect each other.