In light of reduced SPAM as of late, I was somewhat surprised to see phishing and theft attempts as sophisticated as this come through to my inboxes today – at least one in each of my different email addresses, but all came from email accounts of friends on Facebook. I searched the major anti-virus and malware vendors as well as google and twitter and nothing turned up, so maybe I’m just one of the first to be hit. Here’s a message I received, and a similar one in each of my mailboxes:

A few other variations are as follows:

SUBJECT: Very good
BODY: Click here to read this message

SUBJECT: wooow
BODY: click here to see the attached video

In each case the “click here…” is hyperlinked to somethingrandom.l13.me and the URL also contains the actual email address of you, the recipient.

It appears the originator of this spam/phishing attack at the very least is validating email addresses of people opening the message.

I also tried checking Google’s SafeBrowsing service at this URL:

http://www.google.com/safebrowsing/diagnostic?site=l13.me

At the time of this writing, here is the result showing that it has not detected any malware on this site. I suspect this will change overnight:

In case some great SPAM researchers come across this article, here is the full RAW source (except my email address has been replaced with someone@notavaliddomain.ca):

Part 1 of 2:

Part 2 of 2:

If you choose to click on URL in the email itself, that’s when the spammer’s phishing attack begins, and will prompt you for your Windows Live username & password. Note that it is NOT live.com, however, which means you’re giving your username and password directly to the thief:

As you might expect, the domain itself (l13.me) was only registered a week ago, and has its real ownership disguised:

The same domain ownership disguise applies to videos4you.net where the phishing is actually hosted.

And finally, when I check to see where all the “click here to view this message” are being served from (somethingsomewhere.l13.me) they point to IP address 69.64.54.99 which is registered to Hosting Solutions International:

Naturally, I have advised the abuse email address of this clearly-malicious intent and hope to have a quick response. I don’t have any misgivings about how quickly the attacker can direct web traffic to a new host, or start generating spam with a newly-created domain elsewhere. The cat-and-mouse games just continue…

I just hope this anatomy of this particular SPAM message helps somebody somewhere avoid these types of traps, and perhaps we can all find a solution to cleaner and more productive email.

UPDATE #1:

IF you’re a victim, here is Microsoft’s article on what to do:

http://www.microsoft.com/security/online-privacy/phishing-scams.aspx#Victim

[this post is from Dennis Houseknecht, a Nerd in Virginia, USA]

‘Tis the season – well, almost. Gadgets and cool new technology are high on the wish lists of many shoppers. Here is a list of pitfalls and scams from McAfee that shoppers should be looking out for.

Some of them include mobile malware, phony Facebook promotions, phishing scams, holidays screensavers, coupon scams, mystery shopper scams, among others.

 Give you friends, family, and clients a early holiday gift and remind them that not everyone out there has that “holiday spirit”. The scammers, thieves, and hackers look forward to the holidays, too.

The 12 Scams of Christmas

‘Tis the season – well, almost. Gadgets and cool new technology are high on the wish lists of many shoppers. Here is a list of pitfalls and scams <http://www.net-security.org/secworld.php?id=11924>  from McAfee that shoppers should be looking out for.

Give you friends, family, and clients a early holiday gift and remind them that not everyone out there has that “holiday spirit”. The scammers, thieves, and hackers look forward to the holidays, too.

As all nerds (and non-nerds) should be, I try to be security-conscious everywhere. One of the ways I stay aware on my MacBook Air is to use a little tool called Little Snitch, which I strongly recommend. Steve Jobs’ last keynote included a tour of Apple’s new Data Centre and we assumed Apple, in its usual fashion, would keep its entire ecosystem close to its chest including all of the iCloud-related services.

Well, what Little Snitch is telling me here is that Photo Stream is actually streaming the photos out to Amazon’s S3 service. In the screenshot you see that /Applications/iPhoto.app/Contents/Library/ LoginItems/PhotoStreamAgent.app/Contents/ MacOS/PhotoStreamAgent is attempting to make an https connection to someplace.amazonaws.com (72.21.203.147). With North-American IP addresses, you can look them up at http://whois.arin.net and you can see that IP address is owned by Amazon.

While it’s a little surprising, it makes perfect sense that Apple would use the low-cost commoditized services from Amazon to host the Photo Stream data. We (Nerds On Site) certainly use Amazon’s array of services ourselves and for our clients, so this is a good thing!

[this post is from Dennis Houseknecht, a Nerd in Virginia, USA]

QR codes are popping up everywhere – and they are very convenient. Not surprisingly, they are also an opportunity to send users to malicious websites.

This is a significant risk, especially for Android users. Whether you love and Android or “not-so-much”, there is not doubt that the wide-open nature of the platform makes is more susceptible to attacks.

Norton recently released a new free scanner that helps mitigate the risk. It checks the URL first, even if it is obfuscated behind a shortened version. An IOS version will be coming soon.

“If you’re like us you are seeing QR codes everywhere these days”, explains Symantec’s website. “They’re on TV, on the subway, on your mail. There’s a good reason — they make it easy to get more information using your mobile phone or tablet. But the problem is that a QR code can point to a website, and it’s often impossible to tell if the website is safe.”

This will not eliminate all risk, but every little bit helps.

Note: The QR code above links to the Android marketplace application page.

image source: ehow.com

[this post is from Dennis Houseknect, West Virgina USA]

Businesses large and small have to manage risk. They invest in measures to prevent risk, including fire sprinklers, alarm systems, security cameras, employee training, and insurance.

What is the single biggest risk businesses face? Fire – no. Break-ins, shoplifting, or other traditional crimes – no. Floods or other natural disasters – no.

For the past two years, the biggest risk faced by businesses is……..Cybercrime.

Cybercrime has become more profitable than the illegal drug trade.

Cybercrime is not perpetrated by casual hackers or “script kiddies”. It is perpetrated by highly organized and very well funded criminal organizations. These are the same criminal organizations that rob banks, run illegal gambling operations, and smuggle illegal weapons. Smart criminals go where the money is. The word “cybercrime” suggests something less nefarious than extortion or drug trafficking. That is unfortunate, because cybercrime is as ugly and malicious as it gets. Lives are ruined and companies put out of business by cybercrime.

Who is helping you understand the risks? Who is helping you understand the importance of investing in security? If you don’t talk about your organization’s security, who will? Nerds On Site is here to answer your questions, and provide quality solutions to protect your organization from digital threats! Call us today! 1-877-696-3737

[thanks to Mike Duffy, a Nerd in Calgary, Alberta for this post]

Being proactive when it comes to your Technology and Information is becoming more and more important.  Reactivity to system issues results in Downtime, Loss Money, Productivity, and not to mention Undue Stress and Anxiety.

Nerds On Site is making it possible to be proactive with your Technology and Systems no matter what your budget is!! For a low monthly cost, Nerds On Site will monitor your computer, printers, servers and many other Network connected devices and inform you by email if there is an issues or concern you need to be aware of. We can even notify you that your printer is low on toner!

You NO longer need for a inhouse server for this type of Monitoring! All you need is one computer to start with Nerds On Site 24/7 Monitoring.

24 hours a day, 7 days a week, Nerds On Site Monitoring will watch over your Vital Information and Technology.  When the first sign something is detected, Nerds On Site contacts you to help you get it taken care of it before it becomes a larger problem.

Being proactive not only save money and prevents down time it just makes sense.  Reduce frustration, and give yourself peace of mind with Nerds On Site 24/7 System Monitoring!

For more information or to get set up please contact us!

[this post from Dennis Houseknecht, a Nerd is West Virginia]

Think worms are the malware of yesteryear? Not so. A new worm has been spreading rapidly. This worm spreads via RDP (remote desktop connection).

This worm does not seem to be exploiting any new vulnerabilities in the RDP protocol. Rather, it gets its foothold in the internal network through other means, such as Adobe flash or Reader vulnerabilities or general phishing attacks.

Once inside the network, it infects other machines through the RDP protocol. It also goes outside the network and tries to find other networks that have RDP exposed to the outside and brute force the administrator passwords.

Prevention really is no different from the practices we have always recommended:

1. Keep the operating system and browser add-ons, such as Java, Adobe, etc. patched
2. Educate all users about the dangers of opening attachments and clicking links in ANY email – EVEN those that come (or appear to come) from friends, co-workers, or the boss.
3. Use strong passwords – on admin accounts, use VERY strong passwords
4. If possible, do not expose RDP to the internet, especially on its default port of 3389. If you are using Level Platforms for remote access, you DO NOT HAVE TO OPEN FIREWALL PORTS TO USE RDP. If you have port 3389 open through the firewall, you can assume that someone is trying to brute force the admin account all day, every day. This was true long before Morto came to town.
5. Disable RDP on machines that do not need to have it enabled.

Want to know if port 3389 is open on the firewall? Want to get weekly reports showing all open ports on the firewall? Want to get an alert any time there is a change in the open ports on the firewall? Nerds On Site offers SafetyNet, an automated port scanning service that does this. Contact us if you are interested in this service. There is a low monthly cost.

[this post is from Dennis Houseknecht, a Nerd from West Virgina]

Are you concerned about identity theft? They should be. Most of us are.

Half of all identity theft occurs in the workplace. Think about it. Your employer has your name, address, phone number, Social Security / Social Insurance / National Identification number, and more personal information on file. Few SMEs have tight security internally.

SME clients should be concerned, because they CAN and WILL be held liable for a breach. Your clients should also be concerned, because they, or someone in their family, probably works somewhere that has lack of tight information security internally.

What can you do? TALK to ALL your clients and colleagues about security, and educate each of on what steps need to be taken to improve security practices.

Everyone should question their employers about SECURITY, and demanding that they make it clear what security measures are being taken, and what steps are being taken to further protect employee and client data.

The NerdCare Support Team can help SME clients with their security concerns! Contact us today!

[this post from Dennis Houseknecht, a Nerd in West Virginia]

According to this article from the Ponemon Institute, the costs rose by 44% last year alone.

Cyber-criminals do not just target large businesses. SMEs often have fewer resources for fighting crime and less expertise in doing so. The first step in a cyber-attack is often just an automated scan of the network perimeter – to look for known vulnerabilities that have not been patched.

Waterloo Security, or WatSec, in partnership with Nerds On Site, will soon be introducing a new program for small businesses that will address the most serious risks as a very affordable price.

image source: net-security.org

[this post from Dennis Houseknecht]

Most of us know and love Ccleaner as a cleanup tool with a value-packed FREE version. Be aware, though, that there is a not-so-free fake version out there as well.

Another tool many of us use is Ad-aware from Lavasoft. Fake versions abound. This is example of how rogue programs trick users into installing them.

Here is fake love test app for Android that is really malicious software.

Finally, here is a trojan downloader pretending to be a FireFox update.

It’s important to be aware of which programs you’re downloading and using. Make sure you’re only downloading software from reputable websites. Downloading directly from the official company website is best. Some programs are free, and some are not, so do your research. There are many malicious programs out there that look very similar to commonly used programs, but in fact are malicious. If you’re unsure, ask a Nerd!