Hackers have flooded the Internet with virus-tainted spam that targets Facebook’s estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.

for the rest of the article go here http://uk.news.yahoo.com/22/20100317/ttc-uk-facebook-virus-fe50bdd.html

http://www.virustotal.com

Alan

For people in the know, it is common knowledge that the only way you should get updates for windows, Outlook or any Microsoft product is generally through Microsoft update in Microsoft Windows or their actual website. For everyone else they may just think this is Microsoft being kind and that they got the email address because it’s a Microsoft product and that they want to help you avoid being taken advantage of by scammers or hackers.

Of course that is exactly what some people think and go ahead and extract the zip file try to run the update and get themselves a trojan virus which gives the spammer/hacker control of your machine or something else like logging all your keystrokes for user names and passwords.

All I can say is obey the Microsoft update rule and only get it direct from them and always copy and paste the subject into google as you will most likely find a site at the top telling you it’s a spam email, oh and make sure your antivirus and malware checkers are up to date.

One more thing generally updates are version specific, so if you know your software has many versions this should give you a hint that there is something not quite right, so double check with the main company website if you want to be sure.

——————————————————-

What the Attached Zip file is called: officexp-KB910721-FullFile-ENU.zip

Brief Description

Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:

1. Run attached file officexp-KB910721-FullFile-ENU.exe

2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

Also there are absolutely no links so you can’t even detect the usual false link behind the one that shows on screen.

So the only option you have is to open the zip file, which I don’t know exactly what this one does, but I can assure you they are never good, hopefully your antivirus is up to date and can save you if you do open it.

Any company sending out a digital e-card will do it with a link that takes you to a page (remember to hover over the link and make sure it’s legit), they won’t bother with sending out an actual file to you. Also a family member will most likely have their name in the email through a legit e-card website.

If you are ever in doubt always copy some of the email or the subject line and add the word spam and something should come up in the search engines that will let you know if it’s spam or not. if you’re in doubt get in touch and we can help you identify it for you.

here’s it the full text that’s in the email (the zip file has a name of ecard.zip)

——————————————————–

Good day.

Your family member has sent you an ecard from 123greetings.com.

Send free ecards from 123greetings.com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days.

If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, open zip attached file.

So in this one (see spam email at the bottom) just look at the reference number, guaranteed you won’t have that on any of your official tax documents.

The link also goes to a completely different site from the inland revenue you can tell that because their web address is  http://www.hmrc.gov.uk/  and they have http://online.hmrc.gov.uk.okio1v.kr/… if you hover over the link you’ll see this address show up.

Basically after the first two slashes in the http:// the very next slash you see signifies the end of the actual domain name. so in this case the .okio1v.kr part is taking you to a completely unrealated domain name to the …online.hmrc.gov.uk… part.

Also in this case they got my name from my email address, which most people have, so that’s why it seems like it’s personalised (generally spam email isn’t personalised), so if you have a strange ID to your email this should look even more suspicious.

HMRC will very rarely email you, most of these issues will be dealt with via a letter in the post or a phone call, so if you get any emails verify it by calling up the revenue just to be sure.

———————————————————————————-

Taxpayer ID: alan-00000217490017UK
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on HM Revenue and Customs (HMRC) website (click on the link below):

review tax statement for taxpayer id: alan-00000217490017UK

HM Revenue and Customs

——————————————————————————————

The email below is quite clever in how it makes you think that you are the reason that your getting the email. First off you don’t know the person, but his name is David, a common enough name that you might not think about it and start reading the email as you’re curious.

So the way the email starts ‘yo mate, ok I’ll give you my trick’ right away for most guys this is how an email might start with some of your best mates, so you just keep reading. Then comes the little threat, ‘but if you give it away I’ll…’ which only serves to strengthen the believability of the email.

If you’re thinking I wouldn’t fall for that, think about the fact this is specifically targeted to a very specific type, so it wouldn’t work with you, remember spam fishes for people who will believe it’s a numbers game to them!

So the email goes on to make you just want to get right on and start betting, why? well it’s promising free money, this is where the alarm bells should be triggered, if it’s too good to be true then it’s probably is. In this case we know this or I wouldn’t be writing about it, however there are some people out there that would think because it tells you don’t do more than £1,000 a day that this means it must be true.

There is also a link to a specific casino website, which is obviously where they want to get you to go to and waste soo much money trying out the technique all day to get it to work. Now if it is a real casino you might actually get luck, why because it is a 50/50 shot, so even if you fail 9 times out of 10 that 1 time may make you think that it’s possible and it’s something your doing wrong. Now you’re in Gambling addiction area, something I’m not going to get into here, but just think again about who they are targeting with this spam email.

Lets face it, all Casinos do is look for patterns, so even if there was a hint of truth in this they would be on it right away, you might get lucky with a few of the smaller ones as they might not have the resources, but word spreads quickly in communities like that, but it’s fake so we don’t need to worry about it, but I’ll bet some of you reading this started thinking wow what if it would work on lesser known Casinos. That there is the power of suggestions, that’s why Spam can work so well, we all want something for nothing.

Finally as a convincer (which normally comes first and why it works so well here), is at the very end of the email where it actually has what looks to be an email from you to David. It’s short to the point and conceivable if you like to gamble a little bit or would be curious about it that you might have sent it and completely forgot, my how we can convince ourselves it it means free money!

So there you go some good lessons in there that can be applied to many other spam emails like lottery ones especially.

Stay Safe

Alan

Spam email below

———————————————————–

yo mate, ok I`ll give you my trick but if you give it someone else I`ll fuckin kill you you know in roulette you can bet on blacks or reds. If you bet $1 on black and it goes black you win $1 but if it goes red you loose your $1.

So I found a way you can win everytime:

bet $1 on black if it goes black you win $1

now again bet $1 on black, if it goes red bet $3 on black, if it goes red again bet $8 on black, if red again bet $20 on black, red again bet $52 on black (always multiple you previous lost bet around 2.5), if now is black you win $52 so you have $104 and you bet:

$1 + $3 + $8 + $20 + $52 = $84 So you just won $20

now when you won you start with $1 on blacks again etc etc. its always bound to go black eventually (it`s 50/50) so that way you eventually always win. But there`s a catch. If you start winning too much (like $1000 a day) casino will finally notice something and can ban you. I was banned once on royal casino. So don`t be too greedy and don`t win more then $200 a day and you can do it for years. I think bigger casinos know that trick so I play for real money on smaller ones, right now I play on elite vip casino: www.elitetables.net for more then 3 months, I win $50-$200 a day and my account still works. You`ll find roulette there when you log in go to “specialty” section – “american roulette”. And don`t you dare talling about it anyone else, if too many people knows about it casinos will finally found a way to block that trick. If you have any questions just drop me a line here or on skype.

c ya

—– Original Message —–

From: “efrengj” <info@cmmc.co.uk>

To: <matthewzprx@monalisabridal.com>

Sent: Tuesday, September 15, 2009 1:14 PM

Subject: Please send me the system

> Hi david.

>

> Please tell me when you will send me your roulette trick?

> You promised you`ll send it few weeks ago

>

> Thanks in advance.

>

The next thing again is that when you rollover the ‘Personal Log on’ button you will see that the actual domain address is wrong the first part starts off like it’s ok ‘http://online.lloydstsb.co.uk’  but it doesn’t actually end there it continues with ‘.623hneczc1.com’ Which unless the is a / means that until the last fullstop and one of the usual .com, .net .co.uk or many other ones the domain isn’t finished, therfore it’s not likely that Lloyds would ever have .623hneczc1.com at the end.

As always the best peice of advice I can give is to login manually to your banks online account, so never click on the link in the email.

Stay Safe

Alan

Second if you hover over the link you will very quickly see that the beginning of the link doesn’t even correspond with abbeys own web address ‘http://www.dailyzohar.com’ They do however in the next bit have the abbey address in there, to hopefully fool you, but it’s the first part that is important. Just think of a house address you can’t put 123 my street, Glasgow, then have 456 the fake street, Glasgow and expect the mail company to send it to the second part of the address and not the first, it just wouldn’t happen.

Finally the content is telling you there has been a mismatch of your details, if you haven’t accessed the account in the last few days then it’s very unlikely it’s you and anyway the golden rule of any email telling you there is a problem with your online account is to log into the account manually like you normally would and it will either prove you still get access because you’ve just logged in or the system will tell you there is a problem and that you need to call a specific telephone number.

Stay Safe

Alan

First off the email doesn’t have your own username, that’s the first giveaway. Seconed if you hover over the click here link or the update button you’ll see that the link doens’t actually take you to the real Facebook site it takes you to http://www.facebook.com.pppioy.eu as you can see after the .com part it then has .pppioy.eu which means this is a totally different domain.

then the rest of the link doesn’t really matter /globaldirectory/LoginFacebook.php?ref=4521373272535100962456233177540855416175899293149836

Stay Safe

Alan

This one comes with an attachment called ‘MTSN_87743484.zip’ the content is very plausable, but you should ask the obvious question who is sending you that money. Generally you will know to be expecting it and if you are already expecting money then the totals should be completely different.

Also note that a typical sign of a spam email is the generic ‘Dear Customer’ if they have you’re email address and it involves money the chances are they have your actual name or at the very least a reference number you can check somewhere else.

I’m not familiar with Western Unions methods of transferring money, so I’m not sure how they alert you to the fact that there is money to be collected or if that’s even possible. Maybe the money gets wired direct to an account and the only notification is the person sending you the money telling you or you checking you’re bank statement.

Either way I wouldn’t trust anything that seems to good to be true like this and there are many examples out there.

————————————–

Dear customer.

The amount of money transfer: 1037 USD.

Money is available to withdrawl.

You may find the Money Transfer Control Number (MTCN) and receiver’s details in document attached to this email.

Western Union.

Customer Service.