Posts Tagged: ‘botnet’

Scam of the day – July 26, 2015 – Darkode cybercrime forum busted

July 26, 2015 Posted by Steven Weisman, Esq.

Hackers and identity thieves use underground Internet forums to buy, sell and trade malware, botnets, and information to commit cybercrimes around the globe.  Recently the Justice Department announced the dismantling of perhaps the most prominent of the approximately 800 criminal forums, Darkode and the arrest of twelve of its principals.  Among the charged defendants is the primary administrator of Darkode, 27 year old Johan Anders Gudmonds of Sweden.  An important aspect of this action against Darkode was that it represented the joint efforts of a coalition of law enforcement from 20 countries, which represents the largest coordinated international law enforcement effort ever brought against cybercriminals.

Darkode was a password-protected forum where cybercriminals would buy, sell, trade and share information, ideas and malware.  In order to become a member of Darkode, a criminal would first have to be recommended by a present member of Darkcode and would have to prove that he or she would bring new skills or products to the group.  In addition, prospective members  had to go through an extensive vetting process.

TIPS

One of the key elements of Darkode and many other illegal cybercriminal enterprises is the use of botnets or infected zombie computers to spread the malware and avoid detection.  Cybercriminals would take over the computers of unwary individuals and use their computers to remotely send out their malware to their targets, such as banks or other commercial enterprises.  Many of you may actually be part of a botnet without knowing it.  Most people become part of a botnet when they unwittingly download the malware that permits the cybercriminal to remotely take over the victim’s computer.  Usually this is done through phishing emails in which the victim is lured into clicking on a link infected with the malware.  Even if you have the most up to date anti-malware software, you may be vulnerable because it generally takes the security software companies at least a month to catch up to the latest strains of malware.  So the lesson to us all is one I am constantly preaching, namely never click on any link or download any attachment until you have verified that it is legitimate.  Merely because it may be sent from a friend of yours does not mean that you can trust it.  Your friend’s email account may have been taken over by a hacker or your friend is unwittingly passing on malware without even knowing it.  Trust me, you can’t trust anyone.

Scam of the day – May 13, 2015 – What to do if your email is hacked

May 13, 2015 Posted by Steven Weisman, Esq.

Yesterday I told you about a scam which starts when you receive an email that appears to come from one of your friends, but in actuality is coming from a scammer who has hacked into your friend’s email account is sending out messages that appear to come from your friend touting a product.  We have all received these emails and hopefully, you just immediately delete them after informing your friend that his or her email account has been hacked and scam emails are being sent to everyone on his or her email address list.

But what do you do if you are the person whose email has been hacked?

TIPS

1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact the people on your email list and tell them you have been hacked and not to click on links in emails that appear to come from you. 5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from www.annualcreditreport.com. Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
7. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on Scamicide.com

Scam of the day – May 12, 2015 – FTC halts weight loss scam

May 11, 2015 Posted by Steven Weisman, Esq.

How could Oprah ever steer you wrong?  A company, Sale Slash, which sells phony weight loss products such as Premium Green Coffee, Pure Garcinia Cambogia, Premium White Kidney Bean Extract, Pure Forskolin Extract and Pure Caralluma Fimbriata Extracts thought so too which is why they would send spam emails, often from hacked email accounts of your friends who were made part of a botnet of computers sending out emails appearing to come from friends with messages, such as “hi, Oprah says it’s excellent.”  The message would also have links to phony news sites with videos of phony celebrity endorsements.  Obviously, neither Oprah Winfrey nor your friend whose email was hacked are endorsing these phony weight loss products.  Now the Federal Trade Commission (FTC), has obtained a court order halting the actions of Sale Slash and other affiliated companies as well as freezing their assets.

TIPS

The truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly without dieting or exercise.  You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements.  It is also important to remember that no cream that you rub in your skin can help you lose substantial weight and no product can block the absorption of fat or calories.  The best course of action when considering a weight loss product is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.

Scam of the day – March 2, 2015 – IRS phishing email

March 2, 2015 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes, as many others do, from my own email.  It is a phishing email currently being sent to people purporting to be from the IRS that attempts to lure people who receive the email into clicking on links in the emails in order to update their income tax information.  Unfortunately, when you click on the link one of two things will happen and both of them are bad.  In some instances, you will be prompted to provide personal information that will be used to make you a victim of identity theft.  In other instances, by clicking on the link, you will download keystroke logging malware that will steal information from your computer or other electronic device and use it to make you a victim of identity theft.

TIPS

The first indication that this is a phishing email is that although it purports to have been sent by the IRS, the email address from which it was sent is not that of the IRS.  Most likely the email address indicated is that of an innocent person whose email has been hacked into and taken over by an identity thief and made a part of a network of zombie computers used to send out such phishing emails.  This network is called a botnet.  In addition, the email asks you to validate your electronic filing status, which the IRS will never ask you to do.  If you need to get an Electronic Filing PIN in order to file your tax return electronically with the IRS, you will need to go to http://www.irs.gov/Individuals/Electronic-Filing-PIN-Request where you will be prompted to provide information to verify your identity before receiving a PIN.  In regard to the Form 1098 T that this phishing email describes, that is a form that educational institutions file with the government in regard to reimbursements or refunds of qualified tuition and related expenses.  The IRS would not be providing that form to you.

The most important thing to remember is that the IRS will never initiate contact with you on any matter by an email or text message so whenever you get one that purports to be from the IRS, you should just delete it.  If you have the slightest thought that any such communication is legitimate, you should merely contact the IRS directly to inquire about it.

Scam of the day – January 20, 2015 – Apple phishing scam

January 20, 2015 Posted by Steven Weisman, Esq.

I receive the same phishing emails that you do and so when I do get one, I like to pass on a warning to everyone.  Today’s scam email came with “Please confirm your identity” on the subject line.  The email purported to be from Apple and, like all phishing emails, its goal was to lure the victim into either directly providing personal information or to get the potential victim to click on a link in the email that will download keystroke logging malware that would enable the identity thief to steal personal information from the victim’s computer or other electronic device.  Unlike many other phishing emails which are easy to spot because the email address from which it is sent carries the email address of an unwary computer user whose email account has been hacked and used as a part of a botnet to send out these phishing emails, this one came from a legitimate appearing email address of “online@Apple.com.”  However, as you can see from the email, which is reproduced below, the email itself hardly reads as a legitimate communication from Apple nor did it contain any logo or appear official.  If I had clicked on the link where it indicates “Verify Now” I would have either been prompted to provide personal information that would be used to make me a victim of identity theft or, as I indicated earlier, I would have downloaded keystroke logging malware that would steal that and other information from my computer and use it to make me a victim of identity theft.  Here is a copy of what I received.  DO NOT CLICK ON THE LINK.

“The following information for your Apple ID was updated on

Shipping and/or billing address

Please confirm your identity today or your account will be Disabled

due to concerns we have for the safety and integrity of the Apple Community.

To confirm your identity, we recommend that you go to:

Verify Now >”

TIPS

Because you can never be sure when you receive an email that asks for personal information or requires you to click on a link for whatever reason that the email is legitimate, the only course of action to follow is to not click on the link or provide any information in direct response to the email.  In this case, it was obvious that this email was a scam so I just ignored it.  If, however, you have any thought that the email might be legitimate, you should merely go directly to the real website of the company or person sending you the email or call them on the phone at a number that you know is legitimate to confirm whether or not the email is legitimate.

Scam of the day – August 26, 2014 – Sony PlayStation Network hacked

August 26, 2014 Posted by Steven Weisman, Esq.

Over the past weekend, Sony’s PlayStation Network was hacked and taken offline by a group of hackers identified as Lizard Squad.  The PlayStation Network is used by 53 million gamers around the world to play games with other people in a virtual environment.  The PlayStation Network was brought down by a simple, but still effective tactic called a distributed denial of service attack (DDOS) by which  hackers utilize a botnet to overwhelm and clog the network with artificially high traffic.  A botnet, as you may remember is brought about when hackers infiltrate the computers of unwary users and take over those computers, using them to send malware, spam or other harmful material.  Often the people whose computers are part of this botnet of what is often called zombie computers are not even aware that their computers are being used for these purposes.  In this case, all that Sony suffered was a minor embarrassment, however in 2011 the PlayStation Network was hacked and the personal information including credit card information of 77 million people was stolen.

TIPS

Although this particular hacking of Sony did not result in the personal information of any users of the Sony PlayStation Network being compromised, the security of Sony and the other online gaming network companies remains vulnerable.  It is for this reason that you should limit, as much as possible the personal information that you provide these companies to protect yourself in the event of a data breach.  Also, do not leave your credit card number on file with any company as a convenience.  Provide the number anew each time you use it online at any company so that it is not stored by the company and vulnerable to a data breach.  Also, as I constantly remind you, never use your debit card for any retail purchases.  Limit its use to ATMs.

Scam of the day – June 4, 2014 – Justice Department halts massive hacking scheme

June 4, 2014 Posted by Steven Weisman, Esq.

Earlier this week, the Department of Justice revealed that it had broken a massive hacking scheme and taken over the computer servers that spread two major types of malware about which I have warned you previously.   The two types of malware are GameOverZeus and Cryptolocker.  GameOverZeus steals banking information from victims’ computer which the hackers then used to empty their victims’ bank accounts.  Cryptolocker is a particularly insidious type of malware that when installed on the victim’s computer encrypts all of the data contained on the computer.  After the encryption was accomplished, the criminals then notified the victim that their data would be destroyed unless a ransom payment was made.  This type of malware, has, appropriately been deemed ransomware.  Law enforcement officials estimate that as much as 100 million dollars was stolen by the gang operating these malware programs through a botnet.  Members of the gang included Russians, Ukrainians and British criminals.  Through the joint efforts of the FBI and law enforcement agencies in ten other countries, the computer servers of the hackers were seized and the alleged ringleader of the group, Russian Evgeniy Bogachev was indicted.  American authorities are in contact with Russian authorities to have Bogachev extradited to the United States for trial.

TIPS

This story is important for many reasons.  Certainly is not only good to see law enforcement cracking criminal hacking crimes, but also seeing international cooperation in the law enforcement effort.  However, ultimately, law enforcement is not going to be able to prevent you from becoming a victim of hackers seeking to steal from you through the use of malware such as GameOverZeus and Cryptolocker.  Instead the burden of protecting you from these attacks falls on all of us individually.  In all cases, these malware programs ultimately found their way to their victims’ computers when the victims invited them in by clicking on tainted links in emails or downloaded tainted attachments from phishing emails.  The first line of defense is not to ever click on emails or download attachments unless you are absolutely sure that they are legitimate.  You should also make sure that you have constantly updated anti-virus software and anti-malware software on all of your electronic devices.

The United States Department of Homeland Security has  issued a warning about the GameOverZeus malware that contains links to a number of effective anti-malware programs that can help protect your computer and other electronic devices from infection and remove the infection if it occurs.  Here is a link to that warning which, in turn, contains a link to the anti-malware software programs: https://www.us-cert.gov/ncas/alerts/TA14-150A

Scam of the day – May 31, 2014 – AOL customer support scam

May 31, 2014 Posted by Steven Weisman, Esq.

Millions of people still use AOL and so scammers and identity thieves will often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is a good counterfeit, however, the repeated faulty grammar is a strong indication that this is a scam.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve an emergency.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.  This particular email appears to be signed by Bud Rosenthal, who actually is an AOL officer, however, the email address from which it is sent is that of a student at a university whose email has been hijacked and made a part of a botnet of zombie computers used to send out the scam emails.  Here is how the email appears.  DO NOT CLICK ON THE LINK:

 

 

AOL
Due to the recent signed in of your Account from an unknown location, you are advice toClick here to confirm the validity of your  AOL® Online Account.Thanks once again for choosing our service.

Bud Rosenthal
Bud Rosenthal, AOL Membership Group CEO

Privacy Policy | Customer Support
©2014 AOL, Inc. All Rights Reserved.

 TIPS

There are numerous reasons not to trust this email.  The email address from which it was sent has no relation to AOL.  It is not addressed to you personally.  It contains faulty grammar.  It is an obvious phishing email and its only purpose is to lure you into either providing personal information or downloading malware.  As I have warned you many times, never click on links or download attachments unless you are absolutely sure that the email is legitimate.  In this case, if you even had a slight thought that it might be legitimate, all you would have to do is to call the real AOL to learn that this was a phishing scam.