The Spam Primer started in 1996 as a way to help people deal with a new problem: spam. Even then, author Randy Cassingham realized spam would become a huge problem for everyone who depends on e-mail (and it has: it’s estimated that about 90 percent of all e-mail traffic is spam, which makes it difficult for legitimate e-mail to get through, and to find it among all the garbage!)

The next time you hear someone say “what’s the big deal, just delete it” (or worse, “just click cialis no rx the unsubscribe link”), send them to SpamPrimer.com.

BTW, I wanted to post this on our BTR blog, but they have removed that feature.  (Existing posts remain, but you can’t add or change posts.)  So much for the “B”.

Coming in the guise of a new message from one of your LinkedIn contacts, it’s actually an attempt to infect your system with a trojan, which will probably let “the bad guys” steal your passwords, or take remote control of your system, which will be added to their ever-growing botnets.

Now, I don’t have a LinkedIn account, though I do get the occasional “real” e-mail from them with an invitation to join from someone buy cialis I know. But, even if I did have an account, I would like to think that, upon opening my e-mail in the morning and finding 217 identical messages from overnight, red flags would be going up for just about anyone.

So, what’s the payload?

In the most recent incarnation, it takes you to a page that “complains” that you don’t have the latest version of Flash installed (see my previous post on similar scams):

There’s no need to actually click the “install now” button, as simply visiting the web page with the above image will cause your browser to start the download.  (Hopefully, your browser will tell you it’s about to download a file, and ask permission.)

AVG identifies the file as containing “Trojan horse PSW.Generic8 WDK”.

If you do visit a web site that claims that you need to update your Flash player, the safest way to do so would be to visit the Adobe website directly, and download it yourself. (Even if it’s a legitimate website, I’ve heard of cases where the ads displayed on the site have been compromised. Make sure that any “out of date” notification isn’t from an advertisement.) Or, use Mozilla’s plugin check webpage to keep all of your plugins up-to-date.

Of course, the attached  HTML document, supposedly a link to a news report about a plane crash, was instead cialis dosage an obfuscated Javascript program which would attempt to download an infection.

(I didn’t bother investigating what, exactly, that infection was.)

Another common type of e-mail fraud i s

called “phishing”. Basically, they pretend to be someone else, in an attempt to get you to reveal personal information, just as login and password, or your social security number. (Or both.) Many of these can be rather sophisticated, mimicking the real website down to the slightest detail.

Some, on the other hand, are so poorly done, you have to wonder why they bother. buy cialis online The reason is simple… because people fall for it. When you send out a million phishing e-mails, it only takes a very small fraction to fall for it to make it worth their effort.

Here is a recent example of a “so poorly done, it’s gotta be obvious that it’s a fake” phishing e-mails:

Subject:  Business Online Banking Account Alert!

—–

You must submit verification documents to continue using your account without interruption. To view the details of this request and submit the required information, click on the following link (or copy & paste it into your web browser):

http://[elided]/Upload_documents_blank.exe

We thank you for your assistance in this matter.

So, let’s take the 30-second “what red flags does this raise” tour:

• There’s no mention of what “online banking account” it’s supposedly referring to.
• There’s no mention of what bank it’s supposedly from.
• There’s no mention of any details of whom it’s supposed to be written to. (Anything from my bank has my name, or the name on the account, in the e-mail. Anything from my credit card company includes the name on the card, and the last 4 digits of the account.)
• The link is not to any bank’s website.
• The link is to download a Windows executable. No legitimate financial institution will include an executable file. (And if you ever get such an attachment from your financial institution without asking for it, complain to them… Loudly, and in no uncertain terms.)

So, once again… Why do they “waste their time” on such “obvious” fake e-mails? Because someone, somewhere, will fall for it.

In this particular instance, the website owner apparently found and deleted the executable which was somehow put on their website, so I can’t tell you what “bad things” would have happened if you did fall for the scam. But, you can be sure that it probably asked you for some personal information, which it would have sent on to “the bad guys”. And, while it was at it, it probably would have installed some nasty bit of malware at the same time.

I just got another “you won the lottery” spam e-mails.

 This one was supposedly from “MICROSOFT CORPORATIONS”(sic), and contained the following message:

You have been awarded the sum of £1,625,000.00GBP in the MICROSOFT EMAIL PROMOTI
ON AWARD 2010.Cont  Mr Mark Anderson with your names,address,phone and Country to
[elided]@w.cn.cn or call +4470-[elided] for moreinformation on t
his award.

With the exception of removing the username part of the e-mail address, and the rest of the phone number, that is the exact contents of the e-mail, spelling and line breaks as-is.

With so many obvious “this isn’t real” warning signs, I find it hard to imagine that people still fall for this. Yet they do.

• The “from” with “MICROSOFT CORPORATIONS”(sic).
• The e-mail address this was supposedly “from” is an Italian domain, ending in “.it”.
• I am in the United States, yet the supposed award is in British Pounds.
• I never entered a “MICROSOFT EMAIL PROMOTION AWARD” promotion.
• The e-mail address I am supposed to reply to isn’t the “from” address.  (It should at least be the same domain name.)
• The e-mail address I am supposed to reply to is a Chinese domain (ending in “.cn”).
• The phone number starts with +”4470″.  This is a UK prefix that can forward anywhere in the world.  See  here for more information.
• The numerous spelling errors, typos, improper word breaks, and so on.

And that’s just a quick 30-second look.

The easiest way to know this is fake is this…  If you didn’t cialis online enter your e-mail address into some online promotion, it’s not real!

Three men have been indicted in what the FBI described as an international cybercrime operation that sold $100 million in rogue antivirus software to victims in more than 60 countries.

us bank ach department

Can cialis you imagine the number of victims, and the number of infected systems, from $100 million in sales?

Remember, if you get a popup from a program you don’t remember installing, with a link to buy a program to clean the infection, it’s probably a scam.  Don’t click on the link!

She went up against two high-brown belts (the highest belt before black), and beat the first one.  And, while she defended herself quite well against the buy cialis second, getting out of several near-submissions, it wasn’t enough to win.

She’s looking forward to December’s tournament.

http://www.ChallengeOfChampions.com

Well, you’d be wrong.

According to a recent Wired.com article:

LifeLock CEO Todd Davis, whose number is displayed in the company’s ubiquitous advertisements, has by now learned that lesson.

us bank ach department

He’s been a victim of identity theft at least 13 times, according to the Phoenix New Times.

The article also goes on to point out:

The company was fined $12 million in March by the Federal Trade Commission for deceptive advertising.

Lifelock promised in ads that its $10 monthly service would protect consumers from identity theft. The company also offered a $1 million guarantee to compensate customers for losses incurred if they became a victim after signing up for the service. The FTC called the claims bogus and accused LifeLock of operating a scam.

So, what does this mean to you?  Pretty much what we’ve been saying all along about identity theft, spyware, viruses, and so on…  Educate yourself.  Do your homework.  If a service comes with a “$1 million guarantee”, read the fine print.

If the company can’t even protect price cialis it’s own CEO’s identity, what does that say about the service you would be getting?