Faux-CNN spam blitz uses legit sites to deliver fake Flash
Computerworld.com.au, 7 August 2008
More than a thousand hacked Web sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said Wednesday.
The bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected, and tells users they needed to update to a newer edition, said Sam Masiello, vice president of information security at Colorado-based security company MX Logic.
One distinguishing feature of the attack, Masiello added, is the endless loop it uses to frustrate victims. If user clicks "Cancel" in the dialog that prompts for an update, another pop-up appears, said Masiello, that tells the victim that they have to download it to view the video. Clicking "Cancel" there returns the user to the first dialog.
"It puts you in this perpetual loop, so your only options are to kill your browser [session] or be brow-beaten into installing it," said Masiello.
MX Logic has detected more than 160 million spam messages in the fake CNN.com attack in the last 48 hours, he said. "It's not slowed down at all."
Tuesday, Bulgarian security researcher Dancho Danchev reported finding more than 1,000 hacked sites hosting the fake Flash Player update.
Hackers are getting brazen, he added, and apparently aren't afraid to disclose URLs of the sites they've compromised by embedding them in the spam they're spreading. "Malicious attackers have been building so much confidence in this risk-forwarding process of hosting their campaigns, that they would start actively spamming the links residing within low-profile legitimate sites across the Web," Danchev said in a blog post Tuesday.
Adobe is aware of the malware posing as its Flash Player, and on Monday warned users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc.). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."
People who okayed the download of the bogus flash.exe file, said Danchev, instead received a Trojan horse -- identified by multiple names, including Cbeplay.a -- that in turn "phones home" to a malicious server to grab and install additional malware.
Masiello said MX Logic is still investigating, and has not been able to pin down what malware -- other than the fake Flash Player -- was actually installed on victims' PCs.
"Romance scams are the big new threat - we're seeing a great deal of energy being put into victimising people through online dating websites", says Detective Superintendent Brian Hay, operations commander of Queensland's Fraud and Corporate Crime Group.
People looking for love online have proved particularly easy prey - mainly because dating website profiles provide personal information and preferences that allow scammers to tailor their approach.
But "Mr Right" or the Russian bride hopes to dupe the lovelorn into becoming a money-launderer or drug mule, Det Supt Hay warns.
"We know romance victims have been set up as mules for the transportation of heroin into Australia, or persuaded to transfer stolen funds or property, generally under the guise of doing a favour for a friend," he said.
"You know, 'I've just bought a laptop that I can't get in Nigeria, I'll have it delivered to your address, can you please on-forward it to me in Lagos?' Of course, the laptop would have been purchased over the internet using a stolen or compromised credit card.
"Often, people are asked to take a suitcase back with them 'for a friend', and it's been lined with heroin. And there are instances where people have been asked to cash cheques to pay for a visit. Of course, it's a faked cheque, and several months down the track the victim discovers it's fraudulent and the financial institution wants them to refund that money."
Det Supt Hay said romance victims were "on a hiding to nothing".
"Not only may they lose their savings, assets and possessions, but the experience is extremely traumatic," he said.
"There may have been an online relationship for six months before the actual sting, so people end up emotionally destroyed and there's whole of social impacts such as loss of self-esteem or ill-health."
Unsolicited Telstra share purchase offer on the loose
IT News, 2 May 2008
Telstra has warned its shareholders they may receive an unsolicited offer to purchase Telstra shares at a heavily discounted price.
The potential offer, from a company called Share Express, could see some shareholders invited to sell their shares for just $2.72, or just 59 per cent of the closing May 1 Telstra share price of $4.62, said Telstra Company Secretary, Carmel Mulhern.
According to Mulhern the offer has no association with Telstra, the Government's T3 Sale Company or with the final payment required to be made by holders of T3 instalment receipts.
"We understand that this offer has been mailed to less than one percent of our shareholders," she said. "We recommend that any shareholder who receives the offer should not accept it without seeking independent financial advice, because the offer price is far below the current market price."
South Australians are being warned about a group of door-to-door salespeople posing as overseas students who are scamming people into buying paintings.
The Office of Consumer and Business Affairs says the fraudsters are claiming to be struggling art students trying to raise money, and are ripping off buyers selling mass-produced paintings for exorbitant prices.
Consumer Affairs Minister Jennifer Rankine says households in the South East are currently being targeted.
SCAMwatch is warning members of Australia's Chinese community to beware of scammers posing as market researchers from Hong Kong.
SCAMwatch understands that scammers are cold-calling Australians
with Asian-sounding names and asking them to participate in some market
research. The scammers tell many stories, but often say they are
considering opening new branches of their electrical, investment or
travel businesses in Australia.
As a reward for participating, consumers are entered into a lucky
draw with the chance to win great prizes. Several days later, the
scammer contacts the consumer again to notify them that they have won a
cash prize and tell them what they must do to claim it. Sometimes this
involves checking a website or attending a function, but it nearly
always involves making an upfront payment to have the prize money
released. The payment could be to cover anything from taxes, to
insurance, to legal fees.
But the scammers don't just ask for one upfront payment – they will
continue to ask for more payments, only stopping when consumers realise
they have been scammed. Unfortunately, many victims have already sent
thousands of dollars and very personal details before they realise.
The scammers have already snared victims across the country and
SCAMwatch urges you to warn your family, friends and colleagues who
might be at risk. SCAMwatch has also issued this scam alert in Chinese
to help raise awareness. While the scammers are reported to speak
Mandarin and Cantonese, even if you speak fluent English, you could
still be a target.
If you have received a prize offer and
suspect it could be a scam, or if you have sent money to claim a prize
which you now realise is a scam, you can report a scam through SCAMwatch or call the ACCC Infocentre on 1300 302 502.
CAR buyers should watch out for recycled internet car advertisements designed to dupe consumers out of their money, the New South Wales Government warns.
NSW Fair Trading Minister Linda Burney said scammers are copying car advertisements and then lowering the price on their fake ads to draw buyers in.
"These con artists don't have the advertised vehicle in their possession, they are simply after your hard-earned cash and the actual owners of the vehicles are unaware of their advertisements being duplicated,'' Ms Burney said.
Police information shows makes advertised in the scams include Lexus, BMW, Honda Odyssey, Ford Focus, Ford Falcon, Toyota Landcruiser and Volkswagen Golf, all of which have been advertised for less than $10,000.
A NEW ZEALAND man accused of leading an international cybercrime network was convicted of computer hacking after pleading guilty to six charges.
Owen Thor Walker, 18, known by his online name "AKILL," was involved in a network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims' bank accounts.
The case against Mr Walker is part of an international crackdown on hackers who assume control of computers and amass them into centrally controlled clusters known as botnets. The hackers can then use the computers to steal credit card information, manipulate stock trades and even crash industry computers, authorities said when the case first surfaced in late November.
Newly-listed private health insurer NIB Holdings Ltd has warned its shareholders against a fresh round of unsolicited offers from David Tweed.
"NIB shareholders that have received an offer from Australian Share Purchasing Corporation, or may receive an offer from one of the other companies associated with Mr David Tweed, should read the documentation carefully and seek independent financial advice," NIB managing director Mark Fitzgibbon said.
"NIB shareholders who accept an unsolicited offer will be at a significant financial disadvantage relative to what they would obtain if they sold their shares on-market."
Tuesday's warning follows a similar one from NIB last month over the activities of Hassle Free Share Sales.
Companies associated with David Tweed have previously made unsolicited offers to shareholders at Insurance Australia Group Ltd, AXA Asia Pacific Holdings Ltd, AMP Ltd and IOOF Ltd, NIB said Tuesday.
Victims of cold calling scams are very real, according to the Australian Securities and Investments Commission (ASIC), which says despite regular warnings, "far too many Australians are still falling for the lure of these scams".
One such man is Malcolm, who lost $30,000 last year after he received a cold call from "Cambridge Capital Trading", a fake company.
The Sydney resident was called at home, "just out of the blue", with a get-rich scheme related to trading the Australian dollar against its US counterpart.
While surprised, the offer seemed legitimate - the caller had a British accent, the company was based in London and doing business in Dubai, both recognised financial hubs, and websites, billing addresses and contact details were readily provided.
"I was a bit dissatisfied with the returns I was getting for the money I had in the bank on term deposit."
So Malcolm twice deposited money into a Malaysian bank account and dreamed of the waiting profits as the Australian dollar climbed from 77 to 84 US cents in a matter of weeks.
But it was not to be.
"I should have woken up because he had a hotmail address and I had to send money through Western Union," Malcolm said.
"If Western Union is involved be very, very wary."
The scheme unravelled after it came under scrutiny from authorities in Dubai and the Malaysian account was frozen.
Malcolm wanted his experience - the stress of losing so much money saw him lose five kilograms "in a matter of days" - to serve as a warning about the dangers of cold calling fraudsters.
"It does have a profound effect on the people who do get stung - you become suicidal, you just don't know what to do," Malcolm said.
CANADIAN fraudsters have ripped off National Australia Bank customers who used an ATM in one of Sydney's busiest shopping districts last year.
National Australia Bank began ringing customers today who used a Bondi Junction ATM on Saturday, October 27 last year to warn them a skimming device had been used on the machine.
A NAB spokeswoman said the device was only on the machine for a few hours on October 27. As a precaution ATM cards that were used on the day have been stopped.
She said so far fraudulent transactions have only been found on two NAB accounts, totalling a few thousand dollars. She said the fraud had been traced back to Canada.
NAB will refund any money that was unlawfully taken from its customers' accounts.
Customers who have had their ATM cards stopped will have new cards sent to bank branches rather than home addresses as a security precaution and will have to present photo ID to pick them up.
What is skimming?
Card skimmers are devices installed on ATMs to illegally copy card and customer information, including the PIN number. That information is used to produce a cloned card with the customer’s details on it . This means charges can be run up on their account. In other cases, the information has also been used to take out loans in the customer's name.
Nigerian moneymen are yesterday's rip-off. Say hello to the 1900 flim-flam men. It might be a fake courier's card or cheap car for sale in the paper. The caller rings the number and is stuck on hold while the minutes tick by and the bill mounts.
CSL Limited Warns Shareholders of Unsolicited Share Offers
The Age, 14 February 2008
IN AUSTRALIAN business parlance, it's called bottom-feeding — the practice of sending out unsolicited offers to buy shares at well below their real market value.
The term was first coined to describe David Tweed who has made a career, and a fortune, out of trawling through the share registries of listed companies on the lookout for small shareholders.
Now, it seems, he has a copycat.
The names Patrick Dromi, and his company Share Buying Group, have popped up on Full Disclosure's radar before.
In March last year Bendigo Bank took time out from poring over Bank of Queensland's takeover bid to warn its shareholders to reject a $10 offer from Dromi's Share Buying Group.
Bendigo Bank's shares were trading at a shade above $17 at the time.
Then, in August, IAG shareholders received unsolicited offers from Share Buying Group offering $2.67 for each IAG share. They were trading on the exchange at $5.24 at the time.
The latest is a crack at CSL shareholders, who last week were offered $16.01 per share for their stock, which was trading above $34.
The letter sent by Share Buying Group to CSL shareholders looks suspiciously modelled on one of Tweed's old share shonks.
Stamped at the top are the words "this is a letter that requires your immediate attention".
Then follows a banner headline that promises a sum of money for your shares, to be paid within 10 days of handing over your security holder reference number (SRN).
Preying on small shareholders is an interesting sideline for Dromi, aged 50, who is the former manager of Inflation nightclub in Melbourne's notorious King Street district.
Demutualised and privatised organisations often have many small shareholders who never paid for their holdings, and are often unaware of how much the shares are worth.
They are easy prey for Tweed, Dromi and their ilk.
A Gold Coast woman has lost thousands of dollars in an online romance scam.
Patricia Allan has told Queensland police she met a man claiming to be an Australian on a dating website four months ago.
The two developed an online relationship before the man, known only to Ms Allan as "David", told her he had been robbed and could not access his Australian bank account from Nigeria.
Ms Allan took out a loan for $8500 and sent the money to Nigeria in three separate payments.
Officers from the Fraud and Corporate Crimes Group are investigating the scam.
Fraud Victims Lose More Than $1.2 Million to Nigerian Scam
US Department of Justice, 30 January 2008
Nigerian Scam - this is how it works:
The scammers sent “spam” e-mails to thousands of potential victims, in which they falsely claimed to control millions of dollars located abroad. Attempting to conceal their identities, they used a variety of aliases, phone numbers, and email addresses.
In one scenario, the scammers sent emails purporting to be from an individual suffering from terminal throat cancer who needed assistance distributing approximately $55 million to charity.
In exchange for a victim’s help, the scammers offered to give a 20% commission to the victim or a charity of his or her choice.
Subsequently, as part of the ruse, the scammers would send a variety of fraudulent documents, including a “Letter of Authority” or a “Certificate of Deposit,” making it appear that the promised funds were available, and pictures of an individual claiming to suffer from throat cancer.
One of the scammers also telephoned victims, disguising his voice to give the impression that he was suffering from throat cancer.
After obtaining their victims’ trust, the scammers asked them to wire-transfer payment for a variety of advance fees, ostensibly for legal representation, taxes, and additional documentation. In return, the victims received nothing.
In a variation of the scheme, if the victims said they could not afford to pay the advance fees, the scammers would send them counterfeit checks, supposedly from a cancer patient, to cover those fees. Many victims deposited the checks and then drew on them to wire-transfer the advance fees. Subsequently, when the checks did not clear, the victims suffered substantial losses.
The death of actor Heath Ledger has prompted cybercriminals to trick unsuspecting fans into downloading malware via infected Web sites, a security company has warned.
Fans who click on malicious links, explained Wilson, would be "led to a search engine optimised keyword-riddled page" and then automatically redirected to another site that requires users to download a "new version of ActiveX object".
"This is just the beginning of a series of redirections that end in the download of different malicious files to the user's computer," he said, adding that users should only visit "established and verifiable news sites" and make sure their Internet security software is up to date.
According to Trend Micro, malware authors had similarly exploited Web users during the aftermath of the assassination of former Pakistani Prime Minister and prominent opposition party candidate Benazir Bhutto last month.
Insignia NS-DPF10A digital photo frames, which connect to PCs via USB, were "contaminated with a computer virus during the manufacturing process" according to a notice posted on the company's website.
Retail giant Best Buy is the exclusive vendor of Insignia products, and has said it is trying to contact customers who have purchased the 10.4 inch picture frames.
Other consumer gadgets to have been affected by virus infections in the past include the TomTom satellite navigation device and Apple Video iPods. In 2006, the Japanese subsidiary of McDonald's recalled 10,000 MP3 players after discovering that they had been infected by a spyware Trojan horse.
The Beselo.A and Beselo.B worms are in the wild, looking to lure Symbian S60 phone users into clicking on their incoming malicious files, according to a warning issued on Tuesday by F-Secure.
The Beselo worms are tricky, in that they use common media file extensions, rather than a standard SIS extension, in sending their malicious payload.
Because this worm uses a common media file extension, such as beauty.jpg, sex.mp3, or love.rm, users are more likely to click "yes" to an installation prompt when opening the file, notes F-Secure.
F-Secure offers this word of advice: just say "no" to such a request.
"There is no reason for any image file to ask installation questions on the Symbian platform, so any image or sound file that does something else than play immediately is without question something else than it claims to be," warns F-Secure.
A DISABLED pensioner who was duped out of $11 has helped bring down an alleged internet scammer from the Northern Territory.
NT Police believe 22-year-old Brent Mack conned almost $5000 out of buyers on the auction website eBay.
But the alleged scam artist might still be operating if not for the efforts of Ralph Johansson.
Mr Johansson, of Busselton in Western Australia, was so incensed at being ripped off in February 2005 he set up a website detailing the incident.
He soon contacted several other eBay users who had suffered a similar fate.
Some had been scammed out of several hundred dollars.
Mr Johansson, 63, who suffers from diabetes and heart problems, said he first informed his local police but they showed little interest.
When the observant pensioner noticed Mr Mack was allegedly operating from an address in Winnellie, he contacted the NT Police and the Australian Crime Commission.
Detectives from the fraud squad soon contacted him and he passed on his dossier.
Mr Johansson said police were unaware of Mr Mack's alleged activities before he contacted them.
"People like that need to be taken out of circulation," he said.
Mr Mack appeared in the Alice Springs Magistrates Court in November charged with five counts of deception.
AFTER years of watching his shareholders being ripped off, Axa Australia Pacific boss Andy Penn is set for a legal showdown with share-scammer David Tweed over access to the company's share register.
The Corporations Act requires all listed companies to provide a copy of their share register at a reasonable cost to anyone who requests it.
But Mr Penn yesterday said his company would not be handing over any shareholders' details to Mr Tweed, who has repeatedly made unsolicited offers to buy Axa shares from investors at less than their true market value.
Mr Tweed engaged a debt collection agency to buy a copy of Axa's share register on January 7, only to drop the request a week later when Axa refused to provide the information.
One of Mr Tweed's own companies, Direct Share Purchasing Corporation, then approached Axa this week with an identical request for a copy of the register.
"We propose to take it to court to resist giving it to him ... it's important that we take a stand to protect our shareholders against the misuse of their details," Mr Penn said.
Mr Tweed, a former stockbroker who changed his name in the late 1980s from David Otmar Tschernitz, operates via a number of private companies including National Exchange Pty Ltd, Country Estate and Agency Company, Australian Capital Alliance and National Share Purchasing Corporation.
His de facto partner and "head of settlements", Donna Newman, even registered National Mutual Pty Ltd as a business in 2003, but surrendered it when Axa threatened legal action.
His scams have netted him up to $10 million a year from shareholders in companies including ABB Grain, Commonwealth Bank, Aevum, AMP, IAG and OneSteel.
Dozens of victims - many of them aged pensioners - who attempted to pull out of the deals after realising they had been ripped off have found themselves being sued in Melbourne Magistrates Court.
Luis Molinaro is a Commonwealth Bank customer who lost $2000 in a phishing scam. In May 2006, he clicked on a hoax email that asked him to update his blocked bank account and was directed to a fake website where he entered his security passwords - the golden key that gave a Sydney scammer entry to his savings account.
He only knew something was wrong when he received a legitimate email notification from his bank about a $2000 withdrawal he knew nothing about.
A recent survey commissioned by eBay showed that a staggering 93% of Australian internet users don't know what phishing is, with 72% of us engaging in online behaviour that puts us at risk of an online scam.
Last year, the NSW police brought down one phishing ring that robbed 61 Australians of more than $600,000, charging 14 Sydney school students, including Trinity Grammar School graduate Jonathan Carnie Mullally, who was sentenced to two years in prison.
Symantec's technical product manager Robert Pregnell says the
latest version of its anti-virus software uses five different
security technologies, including behaviour-based monitoring, to
intercept scammers. But he says anti-virus protection is no longer
enough to keep us safe.
"Good practice online, like not using the same password
everywhere or asking yourself, 'Do I know this person and did I
expect this email?' is as effective as the best technology you can
buy," he says.
ASIC warns investors to be wary of high return investment schemes
ASIC, 15 November 2007
The Australian Securities and Investments Commission (ASIC) is urging consumers to be wary of investment schemes promising high returns and high levels of security.
ASIC recently received information about an entity known as Asset Lender Australia (ALA) that was publicising an ‘Investor Guide’ that attempted to seek investment from the public promising up to 24 per cent annual returns.
In addition, ALA claimed to have a ‘100% record – no capital loss EVER’, yet subsequent enquiries by ASIC indicated that there had not in fact been any actual investments made with ALA.
Further, ALA did not hold an Australian financial service licence (AFS licence).
ASIC encourages investors to be alert to the potential
risks with schemes offering high returns and recommend that investors
carry out a number of quick safety check:
Insurance Australia Group Ltd (IAG) and Adelaide Bank Ltd confirmed on Tuesday that some of their shareholders had received unsolicited offers for their shares.
Such offers were made infamous by share market opportunist David Tweed, who was involved in a number of below-market offers to shareholders of companies such as IAG, AXA, AMP and Rinker.
Adelaide Bank said on Tuesday it had heard reports that its shareholders had received a letter from a company called Hassle Free Share Sales offering to buy shares at $7.79 per share, compared to a market price of $15.08 on Tuesday.
On 28 August 2007, Share Buying Group offered $2.67 for each IAG share, which were trading on the exchange at $5.24 at the time.
IAG and Adelaide Bank have written to shareholders, warning them of the advances.
Latest News Stories
