Category Archives: Spam and scams

Google beefs up protection against unwanted software

A recent post on Google’s Online Security Blog describes security improvements to the Chrome browser, Google’s search engine, and Google’s advertising platform. The changes should make it easier for users to stay away from web sites known to contain unwanted (and presumed harmful) software.

Chrome now detects when you are about to visit a web site known to contain unwanted software, and displays a large red warning message.

Google’s search engine now decreases ranking for sites known to contain unwanted software. That means these kinds of sites should be less likely to appear in the first few pages of Google search results.

Google now checks all advertisements provided by its AdWords system, and disables any with links to sites with unwanted software. Additional details are available on Google’s Advertising Policies site. Google’s primary source of income is AdWords, so it’s comforting to see that they’re willing to take a financial hit (however small) to protect users.

Tax-related scam emails appearing

I just received email purporting to be from Revenue Canada, telling me that I have overpaid my taxes in recent years, and urging me to claim my refund by clicking on a link.

The link actually goes to a Cloudflare-hosted web site, epathchina(.com). The site has nothing to do with Revenue Canada, and exists to trick unsuspecting people into divulging private/financial information to the site’s operators.

Currently, the site shows nothing untoward in Sucuri site check: it’s not on any blacklists and malware scans show nothing. But that’s likely to change.

With tax time nearing, we should expect email like this to appear in our inboxes. As a general rule, it’s a bad idea to click links in email. Of course, if you’re certain the source is legitimate, the risk is far less, but it’s still possible that the ‘legitimate’ source has been compromised. In this particular case, a much safer approach is to simply go to the Canada Revenue web site and log in.

Clues that this was a scam email:

  • The Return-Path address (refund AT server.whitetails.com) is unrelated to Revenue Canada.
  • The From address is to a domain that appears to be related to Revenue Canada (craarc.gc.ca), but doesn’t actually exist, as confirmed by any IP checking service like WhatMyIP.
  • Like most effective cons, it offers money for nothing.
  • The recipient is urged to act quickly.
  • The message is poorly formatted.
  • The recipient is instructed not to contact Revenue Canada by telephone.

Recommendations: configure your email client to display email in plain text format and display all headers. This will make your inbox less entertaining, but a lot safer, since it will much easier to spot suspicious links and headers.

Here’s the body of the email:

Dear Applicant:

Following an upgrade of our computer systems and review of our records we
have investigated your payments and latest tax returns over the last seven
years our calculations show you have made over payments of 226.99 CAD

Due to the high volume of refunds due you must complete the on line application,
the telephone help line is unable to assist with this application.

To access the form for your tax refund,please click here
Your refund may take up to 3 weeks to process please make sure you complete the form correctly.
As we are upgrading our records we require the completed form showing your full current details by 10 February 2015
Please complete the form to confirm the refund.
A. B. Marions
Senior Manager
Canada Revenue Agency

————————————————————–
© Copyright 2015, Canada Revenue Agency All rights reserved.
TAX REFUND ID: XXXXXXXXXXXXX

Brian Krebs recently reported on another tax-related scam affecting Americans, in which stolen credentials are used to post fraudulent tax returns.

CryptoWall update

Despite the demise of CryptoLocker, ransomware is still prevalent, mostly in the form of CryptoWall, now in its ‘improved’ 2.0 version.

Security researchers recently deconstructed CryptoWall 2.0 and shared their findings in a post on a Cisco security blog.

The researchers discovered that the malware uses a variety of techniques to obfuscate itself on target systems. It’s also able to infect both 32 and 64 bit Windows systems. And it can detect whether it’s running on a virtual machine, making it more difficult to analyze. The command and control servers are apparently in Russia.

A Windows computer can become infected with CryptoWall in a variety of ways, including as part of an e-mail ‘phishing’ attack, through a malicious website, via malicious PDF files, or in a spam e-mail disguised as an ‘Incoming Fax Report’.

Ars Technica has additional details.

Even the crappiest computer is worth hacking

If you’re like a lot of other typical users, you may believe that nothing on your computer makes it a worthwhile target for malicious hackers. You may even feel that this means you’re relatively safe from hackers. Think again.

To a malicious hacker, the Internet is a vast, mostly untapped ocean of computing resources, ready for them to compromise and put to work in numerous ways to help them and hurt you.

Brian Krebs created and posted the image below to remind people of all the ways their computers can be secretly used for nefarious purposes. Although the post is a couple of years old, it’s still relevant.

Hackers can use your computer for dozens of nefarious activities.
Hackers can use your computer for dozens of nefarious activities.

Holiday season warning: beware phony ‘order confirmation’ emails

Brian Krebs recently posted an excellent article about a specific kind of malicious email currently showing up in inboxes everywhere, just in time for the holiday shopping season.

Most web stores send email order confirmations when you buy something, and that’s a good thing. Unfortunately, these emails can be faked easily enough, and the unwary recipient may not notice that the sender’s address doesn’t look quite right, or that the language in the message is somewhat unprofessional. Clicking a link in one of these emails is an extremely bad idea, since it’s likely to lead to browser hijacking, malware, or both.

Fake Windows Support companies shut down

The US Federal Trade Commission, working with law enforcement in Florida, has shut down several companies offering fake computer support services.

The companies involved are PC Cleaner Inc., Netcom3 Global Inc., Inbound Call Experts LLC, Advanced Tech Supportco. LLC, PC Vitalware LLC, Super PC Support LLC, Boost Software Inc., Vast Tech Support LLC, OMG Tech Help, OMG Total Protection, and others.

These scammers made money by tricking Windows users into paying for expensive and unnecessary repairs.

Unfortunately, since this type of scam can be lucrative, similar companies are likely to appear before long, making this yet another game of ‘whac-a-mole‘ for law enforcement.

Windows Store cleanup underway

If you’re using Windows 8.x, you’re familiar with the Windows Store, because it’s the main source for Windows 8 applications. Unfortunately the store hasn’t been at all well curated, and it’s filled with scammy and misleading apps.

After a series of complaints, Microsoft is finally doing something about it. At least 1500 scammy apps have been removed from the store. Apps must now (and retroactively) comply with more strict rules on app naming and icon use.