MoMusings

Do you know about Phishing?

No this isn’t sitting on the bank of a river, stream, pond or in/on the sea dangling your rod over the water…if you are still confused then see this article here and all should become clear.

I hear you ask “What have Mules got to do with Phishing?”

The answer is this:

We are not talking about four legged creatures that are half horse and half donkey….think more of drug couriers who are more usually referred to as Mules!

Now, in most cases Mules are those that either carry things for others [hence the use of the term] or act as laundering points, such as in organized crime syndicates, they do the dirty work of moving material from A to B and usually have little or no idea hat what they are doing is illegal. They may even be acting as a Mule under duress, such as blackmail, etc.

So, back to the Phishing…..

There have been a number of people who have recently been recruited as Mules by the Phishers to help process the identities stolen during the latest Phishing Trawl, but the Mule doesn’t know that they are helping criminals… They believe that they have a ‘real’ job helping financial companies with ‘excess’ workload or helping to test the companies security by loging in using the stolen credentials and moving money to other accounts…scary huh?

Of course, when the authorities catch up with the Mules and they are arrested and charged, they are often shocked that they had been so naive and feel rather ‘used’.

So next time you see a job ad on the web, in the local paper or receive a job offer via e-mail, stop and think is this really legit, or am I about to be turned into a mule…

Oh, and this [Phishing and using Mules to process the stolen identities] isn’t something new, this has been happening for at least the last six months or more, but it is becoming more prevalent as Phishing attacks have exploded over the last year growing almost 5,000 percent since November 2003, but that’s another “tail”…

Don’t think it “really” happens? Think again, here are some links to prove it:

• Phishers recruit
  UK computer users into stealing money, ‘Don’t be a mule’ says Sophos
• Aussie crooks
  recruit teen phishing mules
• Gone phishin’

I was discussing how long it would take the 419ers to latch onto the latest way of them making money; taking advantage of the Asian earthquake and the resulting tsunami. I said that we’d see one within 10 days. Sure enough they couldn’t resist using this catastrophe to try and fleece more people.

On the 3rd of January 2005 a mere 9 days later, I have seen the first of these predicted 419s.

In reality it is just the latest nasty, bad taste version of the boys from Lagos’s attempts to dupe people, in this case not just the usual naive and desperate that don’t mind breaking the law, but also those that are ‘really’ interested in helping out those unfortunates that survived the disaster as well as those that lost loved ones; friends, family and acquaintances alike.

The ‘Boys [and girls too] from Lagos’ should be ashamed of themselves, how much lower will they go?

They are nothing more than heartless thieves and con artists….and I hope they get their just rewards!

Here it is in all it’s sick glory:

Subject: Earthquake and Tsunamis in Indonesia (how
we were affected)

Dear Sir

My name is Marco Nula; I am a victim of the recent
Earthquake followed by the Tsunami that wrecked our whole society of Banda Aceh Province
in Indonesia resulting in painful death of my Parents.

My Late Father Mr. Alfredo Nula is from Paramaribo
in Suriname (South America) and my Mother from Banda of Aceh Province in Indonesia,
they got married in Suriname because Indonesia like Suriname was a colony of The Netherlands,
but they moved to settle in Indonesia when my Sister and I were born and because Indonesia
has better economy than Suriname, but my Sister and I was away in School in the Capital
Jakarta when this sorrowful incidence happened to my late parents and all other Families
affected by the Quake and the Tsunamis all around Sumatra and Aceh Province.

My Father and Mother owned a tourist resort and
grocery store at No 71 Panglima Polim Street, Banda Aceh in Indonesia, it was visited
by numerous tourists from different countries on Holidays each year but this tragic
and devastating Tsunamis took the lives of my parents and many others. My Late Parents
saved much of their money in a Bank in The Netherlands, not only because we were Dutch
Colony but also because we speak Dutch as an official Language in Suriname, I contacted
my Parents Lawyer in Jakarta and he has confirmed to me that my Parents has the sum
of 3.2Million Euros deposited in savings in The Netherlands which will be claimed
by me as next of Kin, but he also explained to me that because I was not nationalized
in Netherlands after Suriname got Independence from the Netherlands I had no permission
to settle there in that Country.

We have recovered the corpses of my Late Parents,
although private, international and government aid is coming in, it will not be any
where enough to settle our problems, please I am hereby soliciting for your assistance
at clearing my Late father’s money Euros 3.2Million in The Netherlands, I have asked
the Lawyer to provide me with all documents, I shall have send them to you when you
show sincere intentions to help me and my Sister, if you are business oriented with
experience in Holiday, Hotel and Resort business or have some idea on how to run a
groceries shop, I am willing to recommit the money for the full benefit of all (My
Sister you and I) apart from that I shall be willing to give a negotiable percentage
of the money to you otherwise or alternatively, please contact me on my email address
as the telephone system is not functioning at the moment.

Thank you,

I hope you understand our predicament and come to
our assistance.

Marco Nula

Whatever you do don’t fall for this scam [or any of it’s relations], it relies on what the Lagos boys call Wad [rich, greedy people]. They also use a less polite name for the people they dupe; Mgbada. It may also catch naive but well meaning people due to the latest sick twist of the scam.

Oh by the way, just in case you didn’t get it, this like all the other multitudinous versions is nothing more than a scam, there is no money [or other valuables, such as Oil, Gold, Diamonds, etc.].

To the boys [and girls] from Lagos [the 419ers that run these scams] it is a business and they don’t care who they rip-off to get the money.

Please help!

If you want to help those affected by the Asian disaster, then please do not let these scammers put you off giving your much needed assistance. However, DO use one of the real charity organisations that are helping such as the ‘Disasters Emergency Committee’ [based here in the UK], their website address is http://www.dec.org.uk and so far the British public have donated over 76 Million Pounds.

This money goes to Member Agencies such as: The British Red Cross, Oxfam, Save the Children, Christian Aid, and many others that are assisting the affected countries in Asia and the many people affected by this disaster.

What Next?

Another prediction: We will see Phishing scams using this disaster within the next 10-14 days.

Well, Christmas has come and gone, and no doubt lots of people got shiny new computers from Santa?

So, as the average Windows PC [once unboxed and connected to the internet] has a life expectancy of around 10 minutes before getting a digital dose of the Pox, and sometimes more than one strain to boot!

I know of systems that have had 6 different doses of different digital Pox [Malware] in less than an hour and that’s on a slow day!

So, you ‘Think’ your computer is infected, what should you do?

I get asked this question at least once a week, so I thought I better cover it in some detail.

First question for you is:

Do you have anti-virus installed, and is it up to date? [Yes, I know that is two questions]

If not then why not, you can even get it for FREE, yes FREE, links below:

AVG
Avast
AntiVir

Second question for you is:

Do you have a firewall installed and enabled?

If not then why not, you can even get it for FREE, yes FREE, links below:

Kerio
Sygate
ZoneAlarm

If you have XP then you can use the XP Firewall instead [if you must].

Third question for you is:

Do you have anti-spyware/adware installed and enabled?

If not then why not, you can even get it for FREE, yes FREE, links below:

AdAware
SpyBot S&D

Fourth question for you is:

Do you use Windows Update to ensure that your system is fully patched [at least once a week]?

A significant number of malware will get onto systems by exploiting known vulnerabilities in the operating system or applications. So, make it harder for them to ‘own’ your box, update it!

Fifth question for you is:

Do you still use Internet Explorer?

If so, then you are making it easier for adware, spyware and some malware to infect you via your browser, yes Internet Explorer is a ‘Holey Browser, Batman’. I would strongly suggest that you use another one such as Firefox or Mozilla instead as it tends to have less holes for the nasties on the web to crawl in through.

Have you noticed the theme yet? No, well just to make it clear; There is NO excuse for not having protection against Malware, Spyware and Hackers installed on that shiny new PC [or that old grubby one for that matter].

So, if you have done all of the above and still think you are infected by something new, proceed to the next section:

Why do you think you are infected?

If the answer is “my system keeps crashing, behaving badly or won’t do what I want it to do…” then a virus or other malware may be the least likely of your problems. The most likely causes are faulty memory or other hardware component, a corrupted file system (component or data corruption) or software/operating system mis-configuration or dare-I-say-it, “user error”. So, check these first before jumping to conclusions about being infected.

If you have tried all the above suggestions, and ruled out all the other possibilities listed above, especially the “end-user” problem and still think you have a new Pox on your box, then it is time to get a second opinion. Just as you would if you think your Doctor has mis-diagnosed you.

The first step is to use one or more other virus scanners. I would strongly recommend the Kaspersky, BitDefender, McAfee and TREND ones for starters.

Online Virus Scanners:

BitDefender
TREND
Panda
McAfee
Kaspersky
RAV
Symantec

If they don’t find anything odd, then the chances are you probably not infected at all. However, if you have some files that you suspect, you can send them to the anti-virus firms to analyse. Please only do this is you are convinced they are malicious.

Anti-Virus Vendor Submission E-mail Addresses:

Authentium (Command Antivirus) virus@authentium.com
Computer Associates (US) virus@ca.com
Computer Associates (Vet/EZ) ipevirus@vet.com.au
DialogueScience (Dr. Web) Antivir@dials.ru
Eset (NOD32) sample@nod32.com
F-Secure Corp. samples@f-secure.com
Frisk Software (F-PROT) viruslab@f-prot.com
Grisoft (AVG) virus@grisoft.cz
H+BEDV (AntiVir, Vexira engine) virus@antivir.de
Kaspersky Labs newvirus@kaspersky.com
Network Associates (McAfee) virus_research@nai.com
- (use a ZIP file with the password ‘infected’ without the quotes)
Norman (NVC) analysis@norman.no>
Panda Software labs@pandasoftware.com
Sophos Plc. support@sophos.com
Symantec (Norton) avsubmit@symantec.com
Trend Micro (PC-cillin) virus_doctor@trendmicro.com

You can find all the links mentioned above, and other useful tools, etc. here.

At the end of the day to help keep you system free of net nasties and their kin, you need to ensure that you have a personal firewall, up to date anti-virus installed, anti-spyware tool(s) installed, and last but not least practice ‘Safe-Hex’.

Be careful out there, the web is a dangerous place without suitable protection…