Random and Irrelevant » Malware

Shoulder surfing trojan

Sam — Mon, 15 Nov 2004 09:17:25 +0000

This looks nasty: Banker-AJ, a trojan which shoulder-surfs as you browse your online banking account logging keystrokes and taking screenshots before sending the information to its distributors, potentially enabling someone to access your account and empty it. Keep those anti-virus definitions up-to-date! (Via the Register.)

BOFRA: email link virus

Sam — Fri, 12 Nov 2004 13:08:21 +0000

The BBC covered this today. Here’s a Clue: don’t use HTML for email. Look at any links you are sent in emails very carefully before loading them in a browser – not at the text used to display the link, but at the actual address targeted. Disabling the display of HTML in your email client should reveal this information to you. You should already be doing this anyway if you’ve been paying attention to the recent phuss about phishing.

Ebay phishing attempt

Sam — Tue, 19 Oct 2004 16:12:51 +0000

I received an email today purporting to be from the ebay security team requesting that I access my account. The email, in HTML format, kindly provided a link to a page hosted at disguised as a link to ebay’s site. Since my mail client displays messages as plaintext (making it obvious where links actually go), this was a pretty obvious phishing attempt. (Hey! Another argument against HTML email, as if we needed one.)

In addition to this and the fact that I’m paranoid at the best of times, something else helped me spot that this was a fake: I don’t even have an ebay account, and never have. So I forwarded it to spoof@ebay.com, where they recommend you send abuse reports of this kind. If you’re interested in seeing what the fake site looked like, here’s a screenshot – it’s a pretty good likeness.

Note that on the fake page, they say that you can use your “registered email” address instead of your ebay ID, which differs somewhat from the real ebay sign-in page. There are a few other minor differences, but even so when you compare the two they do look very similar. Beware!

Windows Security

Sam — Thu, 16 Sep 2004 12:39:41 +0000

I’d just been having a bit of an email/phone conversation with my Dad about some unpleasant bits of malware that’ve infected his XP box when I came across a potentially useful Windows security checklist. So Dad, when your machine’s fixed up, it might be worth taking a look.

txt spam

Sam — Thu, 28 Aug 2003 12:13:18 +0000

If the email spam plague and the sobig virus weren’t enough, the quantity of unsolicited txt msgs I receive on my mobile phone seems to be creeping up recently. For example, I got this last night:

From: 6655442

As a valued customer, I am pleased to advise you that following recent review of your Mob No. you are awarded with a £1500 Bonus Prize, call 09066364589

Sent: 27-Aug-2003 22:41:04

09* Numbers are Premium Rate, and cost £££ to call, and I’m sure I remember a factoid that this information had to accompany any solicitation to call one. No such information in this message. Also, the ‘From:’ number looks forged to me, but I didn’t dare call it. If this were an email, we’d call it spam, because that’s what it is. I think that this kind of promotion of premium rate services is underhand – I can’t believe the claims that I’ve won lots of cash from someone who doesn’t even have the courtesy to identify themselves. It’s clearly an attempt to get me to call their expensive phoneline. Now I wouldn’t usually bother, but it annoyed me enough to make me want to complain to someone.

I should probably start by informing my service provider, mmO2. A bit of digging through their website brings up some advice on how to deal with nuisance calls, which seems to cover text messages as well. Searching for ‘spam’ brings up nothing. Before calling customer care, I’m going to do a bit more checking around.

I recall seeing something on this topic at the BBC recently, and a search over there pulls up an item discussing measures being taken by vodafone to combat txt spam. Not much use for me, but they also mention the ICSTIS (the Independent Committee for the Supervision of Standards of Telephone Information Services (phew!)) – which is “the industry-funded regulatory body for all premium rate charged telecommunications services”. Looks good, so let’s surf on over.

The ICSTIS FAQ on unsolicited promotions (PDF) states clearly that:

Call charge details and any other information, which is likely to affect a decision to
participate, should be clearly stated. In the case of text messages, information required
under the Code of Practice should be stated before the premium rate number.

So I filled in their online complaint form. Wonder if that’ll do any good? They say it might take up to 12 weeks to reply! I’ll probably never find out, because I gave ‘em my work email, and I’m gone in five weeks… Still, it’s the thought that counts.

(Hmm. Interesting way to spend one’s lunch break.)

The computer virus

Sam — Tue, 28 Jan 2003 23:31:07 +0000

This perennial favourite has been back in the news lately with last weekend’s M$ SQL worm which apparently nearly brought the net to it’s knees. Can’t say that I noticed, and I spent a lot of time online over the weekend.

On a related note, the BBC website ran this article on the possibility that as mobile telephone technology advances those pesky viruses will start infesting our handsets. This inspired me to do a little surfing, and although it seems that warnings of this sort of thing on the past have been largely groundless (discussion here and here, via a post at epicycle) , it now appears to be a lot more feasible.

This bout of surfing also brought to my attention vmyths.com, who have this to say about themselves:

Vmyths fights computer security hysteria with a comprehensive A-Z list of popular virus hoaxes. We also tackle persistent virus myths. And we dispel misconceptions about real viruses…

Brilliant. I’m sure that if you’re like me you regularly receive email from people warning you against one or other hysterical virus-related panic and possibly even advising you to delete files like jdbgmgr.exe or sulfnbk.exe. Here’s a potential resource for dealing with that, independent from the anti-virus software vendors who have allegedly behaved questionably in the past. vmyths.com certainly qualify for a spot on my links list, anyway.