Tag Archives: Viruses

Never download apps that do this.

Posted on by The Old Wolf

You’re browsing along on your mobile, and suddenly this screen or one like it pops up. You can’t go back. Sometimes your device begins buzzing. Sometimes there’s an ominous computer-generated voice along with it.

Screenshot_2017-10-25-04-40-30

You can usually quit your browser altogether, but you might lose where you were. If you click “OK”, you might get another warning:

Screenshot_2017-10-25-04-40-54

Click the “Remove viruses” button and you’re taken to the Play Store where you can download the app that “removes viruses.”

Screenshot_2017-10-25-04-41-15

Don’t do this. Just don’t.

If the authors of the application use this technique to terrify you into downloading their app, you can hardly trust software they’ve written.

If this is being done by an affiliate marketer, it could be legitimate, but I wouldn’t bet money on it.

Lastly,  as a general rule Android devices don’t attract viruses. Many of these “cleaners” are devised to either put real malware on your device or generate more scare messages which will lead you to a paid cleaning service.

Best to stay away from all of them; here’s an excellent article on the subject from ExtremeTech.

Be safe out there.

The Old Wolf has spoken.

Infect your computer from home!

Posted on by The Old Wolf
From: <my email address>
To: <my email address>

Subject: Cooperarion with a large firm

Hello!

We are looking for employees working remotely.

My name is [Audra|Joni|Gus|Emily], I am the personnel manager of a large International company. (I got four of these in my mailbox today).
Most of the work you can do from home, that is, at a distance.
Salary is $2500-$5000.

If you are interested in this offer, please visit Our Site

Best regards!

If you’re careless enough to click that link (disabled above), what you’ll be taken to is this:

http://yaseminalkaya.xyz/wp-content/plugins/easy-tables-vc/xxxxxx/lib/jquery-handsontable/test/jasmine/spec/settings/

whereupon your computer will promptly be infected with an encryption virus or some other evil chicanery.

Do not respond to emails like this, and do not click embedded links!

The Old Wolf has spoken.

Malware download from “eBay GMBH” (German Ebay)

Posted on by The Old Wolf

Clearly not from the German version of eBay, but posting this here just in case anyone gets the same email and Googles for it.

Rechnung für [redacted] noch offen: Nummer 19879661
Sent By: Inkasso Ebay GmbH   On:Apr 04/22/15 12:59 AM
Forderung an [redacted].22 04.2015-Inkasso Ebay GmbH.zip (130 KB) | Download

Sehr geehrter Kunde [Redacted], Ihr Kreditinstitut hat die Kontoabbuchung zurück buchen lassen. Sie haben eine ungedeckte Forderung bei der Firma Ebay GmbH.

Aufgrund des bestehenden Zahlungsrückstands sind Sie verpflichtet außerdem, die durch unsere Beauftragung entstandenen Kosten von 43,90 Euro zu tragen. Wir erwarten die vollständige Zahlung bis zum 24.04.2015 auf unser Bankkonto. Namens unseren Mandanten fordern wir Sie auf, die offene Forderung sofort zu begleichen. Bei Fragen oder Unklarheiten erwarten wir eine Kontaktaufnahme innerhalb des gleichen Zeitraums.

Bitte beachten Sie, dass keine weitere Mahnung erfolgt. Nach Ablauf der Frist wird die Akte dem Gericht und der Schufa übergeben. Eine vollständige Kostenaufstellung, der Sie alle Buchungen entnehmen können, ist beigefügt.

Mit freundlichen Grüßen

Inkasso Voigt Marlon

Achtung: Dies ist ein Betrug. Keine angehängten Dateien öffnen!

Summary: I have an open invoice because of a declined charge with Ebay Germany. If I don’t pay immediately, a collection company will come after me and I’ll be reported to the General Credit Protection Agency. Notice that ZIP file up there in red, supposedly an invoice. Unzip it, and there’s another zip file. Unzip that, and there’s a file called

[redacted] Forderung 22.04.2015 – Inkasso Ebay GmbH.com (meaning, supposedly, a demand for collection.)

That’s a .COM file, or rather a simple executable file… in other words, a program. These are BAD NEWS for anyone who is foolish enough to open them. They’re just as bad as .EXE files. NEVER OPEN AN EXE OR COM FILE UNLESS YOU KNOW EXACTLY WHAT IT IS AND WHOM IT’S FROM.

Interestingly enough, I ran a virus check on this file and it came up with nothing. However, submitting it to VirusTotal.com came up with this:

viruses

In other words, it’s a nasty. The anti-virus programs indicated came up with multiple offenders for this file – one example that I followed for illustrative purposes was Packed.Win32.Katusha.o, which is a Trojan that can connect to a remote IRC server once it has infiltrated a PC. Packed.Win32.Katusha.o will download harmful files from the server that will damage the infected machine even further.

If you run this insidious program, you have just opened wide a door to the criminal element, and your computer will be infected with keyloggers, other trojans, made part of a botnet of spamming computers, infected with the dreaded CryptoLocker, or who knows what else. It will, at the very least, cause you inconvenience, and at the very worst destroy all your files, give criminals access to your personal data and/or your email accounts, and cost you lots of money. These people are horrible individuals. They want only one thing – to make money at your expense, and they don’t care how they do it.

Don’t ever fall victim to them.

The Old Wolf has spoken.

Practice Safe Computing!

Posted on by The Old Wolf

This can’t be stressed enough, or repeated often enough. Just got an email today in my business account that looked like this:

Dear Sir/Madam,

The attached payment advice is issued at the request of our customer.

The advice is for your reference only.

Yours faithfully,
Global Payments and Cash Management
HSBC

***************************************************************************

This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded.

***************************************************************************
Security tips

1. Install virus detection software and personal firewall on your
computer. This software needs to be updated regularly to ensure you
have the latest protection.
2. To prevent viruses or other unwanted problems, do not open
attachments from unknown or non-trustworthy sources.
3. If you discover any unusual activity, please contact the remitter of
this payment as soon as possible.
***************************************************************************

*******************************************************************
This e-mail is confidential. It may also be legally privileged.
If you are not the addressee you may not copy, forward, disclose
or use any part of it. If you have received this message in error,
please delete it and all copies from your system and notify the
sender immediately by return e-mail.

Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability
for any errors or omissions.
*******************************************************************
“SAVE PAPER – THINK BEFORE YOU PRINT !

ttcopy.zip

Unfortunately, far too many people will be stung by a generic sounding email like this. “Wow, someone sent me money!” will be the initial response, and they’ll happily unzip and execute the attached “payment notice.”

Unfortunately that attached file is not a payment notice, but an executable file (a program) which will infect your computer with malware, adware, spyware, and heaven knows what else; turn your machine into part of a robotic network (a botnet) for spreading spam and viruses, search for passwords and sensitive financial data, encrypt all your files and demand a ransom to unlock them (this is a particularly nasty one), or any number of other unholy things.

cryptolocker

I’m going to shout here: NEVER OPEN EMAIL ATTACHMENTS FROM PEOPLE YOU DO NOT KNOW AND TRUST!111

If WordPress supported blinking text, I’d use that obnoxious tag too, just to make sure I had your attention.

Be especially wary of any file that ends in “.exe”. This is one of the basic rules of safe computing, but far too many people don’t know about it. One of the worst things Microsoft ever did was to suppress the display of file extensions by default, assuming people didn’t care or wouldn’t understand what they are for. As a result, far too many people are simply ignorant of the dangers inherent in clicking email attachments that could be programs. All they would see in the above message would be “ttcopy.”

Notice the ironic security warning in the body of the email itself: “To prevent viruses or other unwanted problems, do not open
attachments from unknown or non-trustworthy sources.” This is misdirection at its finest; people will be grateful for the warning, if they even bother to read it, and happily execute the malicious payload.

The executive summary here: NEVER OPEN EMAIL ATTACHMENTS FROM PEOPLE YOU DO NOT KNOW AND TRUST!

The Old Wolf has spoken.