Spam

This week I have seen a resurgence of the “MSN Featured Offers” scam, this time from Canadian Pharmacy, pushing Viagra and other pharmaceuticals.

Previous Certifiedbug alerts:
Infector Spam ‘Free Update Windows XP,Vista’
Fake IE7 email Spam
Spam posing as MSN Featured Offers

Domain Name: xhtnnfx.cn
Created: 2008-10-28
Expires: 2009-10-28
Whois Server: whois.cnnic.net.cn
IP Location: Latvia - Latvia - Vdhost Ltd

Domain Name: progressconsider.com
ICANN Registrar: 35 TECHNOLOGY CO., LTD
Created: 2008-11-05
Expires: 2009-11-05
Updated: 2008-11-05
Domain servers in listed order:
srv1.reachfarm.com
srv2.reachfarm.com
ZHANGJIE
JIANSHELU263
TS,HB,CN 063002

hxxx://ler.rightachievement.com
Canadian Pharmacy

hxxx://myx.poseindependence.com
Canadian Pharmacy

hxxx://xkx.rightachievement.com/
Canadian Pharmacy

Those are just an example, the links will change frequently.

Fake pharmaceuticals on-line, buyer beware

{ 28 comments }

Judy Devenow pleaded guilty to fraud and conspiracy charges Tuesday in federal court in Michigan, admitting she had sent millions of spam e-mails a day helping spam kingpin Alan Ralsky.

Devenow said she was paid US$150,000 to send e-mail and manage others from January 2004 through September 2005. She, Ralsky and nine other people were charged in January 2008. Thomas Dukes, who specializes in computer crimes at the U.S. Justice Department in Washington DC, is quoted as saying that Ralsky sent tens of millions of e-mails over a 20-month period - and that’s a “conservative number,” Dukes told the judge. We agree; Spamhaus regularly sees spammers like Ralsky and his gang sending tens of millions of spam e-mails each day. They use innocent people’s virus infected PCs to do this and also forge the addresses of innocent people onto the spam’s “From:” line (”spoofing”) causing untold damage and costs.

Spamhaus

{ 0 comments }

A U.S. district court has ordered a halt to the operations of a vast international spam network that peddled prescription drugs and bogus male-enhancement products. The network has been identified as the largest “spam gang” in the world by the anti-spam organization Spamhaus. The Federal Trade Commission has received more than three million complaints about spam messages connected to this operation, and estimates that it may be responsible for sending billions of illegal spam messages. At the request of the FTC, the court has issued a temporary injunction prohibiting defendants from spamming and making false product claims, and has frozen the defendants’ assets to preserve them for consumer redress pending trial. Authorities in New Zealand also have taken legal action, working in tandem with the FTC.

According to papers filed with the court, the defendants deceptively marketed a variety of products through spam messages, including a male-enhancement pill, prescription drugs, and a weight-loss pill.

The defendants include two individuals – Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith of Texas – and four companies they control: Inet Ventures Pty Ltd., Tango Pay Inc., Click Fusion Inc., and TwoBucks Trading Limited. The FTC’s complaint alleges that both Atkinson and Smith are liable for the spamming. It holds Lance Atkinson responsible for all product claims, and Smith liable for claims made for the pharmaceutical products. In June 2005, the FTC obtained a $2.2 million judgment against Atkinson and another business partner for running a similar spam affiliate program that marketed herbal products.

News Release: http://www.ftc.gov/opa/2008/10/herbalkings.shtm

Civil Action No. 08-CV-5666
FTC File No. 072 3085

Complaint for Injunctive and Other Equitable Relief
http://www.ftc.gov/os/caselist/0723085/081014atkinsoncmpt.pdf

Memorandum Supporting Plaintiff’s ex parte Motion for a Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsonmemo.pdf
Interesting read. Snippet:

SanCa$hSupport i guess so… they’ll never find you
sancashl well they bought me up, but nothing linked to me, most i do is provide services for spammers

O what a tangled web we weave when first we practise to deceive.
(Sir Walter Scott. Marmion, Canto VI, Stanza 17)

Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsontro.pdf

Certifiedbug: March 30, 2007.
Fake pharmaceuticals on-line, buyer beware

{ 0 comments }

Email spoofing basically is when someone forges the header information making the email appear to have originated from somewhere other than the real source.

One such spoof is doing the rounds falsely claiming to be from Steve Lipner at Microsoft urging recipients to install an attached update.

The email is not from Microsoft, the malicious attachment contains Backdoor:Win32/Haxdoor, and of course you should not open it.

The Microsoft Security Response Center (MSRC)

First and foremost, we never, ever, ever send attachments with our security notification e-mails. And, as a matter of company policy, Microsoft will never send you an executable attachment. If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof. You can think of our security notification e-mails as a notification for you to go the security bulletin to get the updates from the link in the bulletin to the Microsoft Download Center http://www.microsoft.com/downloads. You should always get our security updates from the links in the bulletins or through our deployment tools such as Microsoft Update or Windows Update, Windows Software Update Services (WSUS) or Systems Center Configuration Manager.

Article: Microsoft Security E-mail Spoofs with Malware

{ 0 comments }

Another rogue spreading fast. If your computer has been infected please seek assistance with removal at one of the security forums, short list in right side column.

Domains on the same IP.

1. Antispyware2008b.com
2. Antivir–2008.com
3. Antivirus2008proxp.com
4. Directnameservice2008.com
5. Mediatubeforme1.com
6. Onsafepro2008.com
7. Smart-antivirus-2009-buy.com
8. Smart-antivirus-2009.com
9. Smart-antivirus-2009buy.com
10. Smart-antivirus2009-buy.com
11. Smart-antivirus2009.com
12. Smart-antivirus2009buy.com
13. Smartantivirus-2009-buy.com
14. Smartantivirus-2009.com
15. Smartantivirus-2009buy.com
16. Smartantivirus2009-buy.com
17. Smartantivirus2009.com
18. Smartantivirus2009buy.com
19. Traff-drive.com
20. Viruswebprotect2008.com

SmartAntivirus2009
Registration Service Provided By: ESTDOMAINS INC
Domain Name: SMARTANTIVIRUS2009.COM
Dates: Created 22-aug-2008 Updated 29-aug-2008 Expires 22-aug-2009

Certifiedbug:
Spamhaus Report, Cybercrime’s U.S. Hosts

Edit
Harry Waldon has a nice article Malware Close Encounters - Close Pop-ups using Task Manager to safely exit which could help users to exit a pop-up install before too much damage is inflicted.

{ 0 comments }

Blog comment:

Please, do not delete the given message. Money obtained from spam will go to the help hungry to children

Uh huh.

Link tested in a VM (virtual machine).

Spam in the mailbox was always an annoyance, look what it can do to you now.

{ 0 comments }

So there I was at Photobucket looking at images when this popped up.

I clicked No and was redirected to the site anyway. In other words my browser was Hijacked.

WOT edged in to say no no no.

http://www.mywot.com/en/scorecard/consumergain.com

Site Advisor also flags consumergain.com
http://www.siteadvisor.com/sites/consumergain.com

Press release January 30, 2008 by the Federal Trade Commission (FTC).
Online Advertiser Settles FTC Charges. “Free” Products Weren’t Free; Settlement Calls for $200,000 Civil Penalty

According to the FTC, Member Source Media LLC, doing business as ConsumerGain.com, PremiumPerks.com, FreeRetailRewards.com, and GeatAmericanGiveaways.com, and the company’s principal, Chris Sommer, used deceptive spam and online advertising to lure consumers to its Web sites. For example, Member Source Media used e-mail subject lines such as, “Congratulations. You’ve won an iPod Video Player”; “Here are 2 free iPod Nanos for You: confirm now”; “Nascar Tickets Package Winner”; “Confirmation required for your $500 Visa Gift Card”; or “Second Attempt: Target Gift Card Inside.” The company’s Web-based ads contain similar representations: “CONGRATULATIONS! You Have Been Chosen To Receive a FREE GATEWAY LAPTOP.”

http://www.ftc.gov/opa/2008/01/media.shtm

The FTC should take another look at Consumergain.com.

Of secondary interest, Photobucket uses the ASK searchbar.

The searchbar can be used to perform an internal search of the website, and as with the ASK pre-checked toolbar that is offered for one’s browser during the installation of certain programs, a search still comes with plenty of sponsored results.

http://certifiedbug.com/blog/tag/ask/

{ 1 comment }

Too many users still open spam, click on links and get infected. So beating on the drum, this is what this particular spam in your mailbox may look like.

Totally bogus, this is SPAM and NOT from Microsoft. The usual install.exe to infect the computer was hidden under “Free Update Windows XP,Vista”.

Spam posing as MSN Featured Offers

{ 0 comments }

Users who retaliate to phishing attacks by telling off the phisher are being targeted with exploits designed to hijack their computers.

Joe Stewart at SecurityWorks Inc. The Phish That Bites Back

Mother’s advice not to talk back meant more than we ever knew.

{ 0 comments }