Posts Tagged: ‘Malware’

Scam of the day – August 5, 2015 – Free scan for Hacking Team vulnerabilities

August 5, 2015 Posted by Steven Weisman, Esq.

Following the embarrassing hacking and data breach at the Italian spyware company Hacking Team which sells spyware to governments, it has been learned that the release of the 400 gigabytes of files, source code and emails stolen and made public has enabled hackers and identity thieves to use that information to construct malware to exploit the vulnerabilities uncovered by creating zero day exploits which are malware for which there are no known security patches yet developed.  These zero day exploit kits are presently being sold on the black market to hackers and identity thieves around the world.

Now Rook Security, a computer security company is offering a free scan that can identify if your computer has already been infected by one of these new malware programs.  Here is the link to their website and the free scan.


Everyone should make sure that they have all of their computers, smartphones and electronic devices protected by anti-malware and anti-virus software and that your security software is constantly and automatically updated with the latest security updates.  The failure to update security software when new vulnerabilities are discovered and patched is a major factor in many data breaches and identity thefts.  In addition, the primary way that most data breaches and identity thefts are accomplished with malware is through phishing where victims are lured into clicking on links in emails and text messages containing malware.  The lesson is clear.  Don’t click on links unless you are absolutely sure that they are legitimate.

Scam of the day – July 28, 2015 – Lottery security chief convicted of rigging lottery

July 28, 2015 Posted by Steven Weisman, Esq.

Last week, Eddie Tipton, the former security director of the Multi-State Lottery Association was convicted of electronically rigging the Iowa Hot Lotto game enabling him to buy the winning 16.5 million dollar ticket.  The jury believed the evidence that indicated that Tipton used a  portable USB drive to install malware on to the computer that picked the winning number.  The computer is not accessible to the Internet in order to prevent tampering and only four people including Tipton had access to the room where the computer was housed.  The closed circuit camera that recorded activity in the room had been wiped clean.  In addition, the sophisticated malware used by Tipton was self-deleting and left utterly no trace on the lottery computer.  However, despite the lack of either photographic evidence showing Tipton actually tampering with the computer or evidence of the precise malware used, after a week’s deliberations, the jury found Tipton guilty of two counts of fraud and he is facing a potential prison sentence of ten years.


No computer system is foolproof, however this case does highlight vulnerabilities in the computer security systems used to protect the honesty of state sponsored lotteries.  Hopefully, not just Iowa, but other states using similar systems will revisit their own security systems to make sure that they are as strong as they can be.

Scam of the day – July 26, 2015 – Darkode cybercrime forum busted

July 26, 2015 Posted by Steven Weisman, Esq.

Hackers and identity thieves use underground Internet forums to buy, sell and trade malware, botnets, and information to commit cybercrimes around the globe.  Recently the Justice Department announced the dismantling of perhaps the most prominent of the approximately 800 criminal forums, Darkode and the arrest of twelve of its principals.  Among the charged defendants is the primary administrator of Darkode, 27 year old Johan Anders Gudmonds of Sweden.  An important aspect of this action against Darkode was that it represented the joint efforts of a coalition of law enforcement from 20 countries, which represents the largest coordinated international law enforcement effort ever brought against cybercriminals.

Darkode was a password-protected forum where cybercriminals would buy, sell, trade and share information, ideas and malware.  In order to become a member of Darkode, a criminal would first have to be recommended by a present member of Darkcode and would have to prove that he or she would bring new skills or products to the group.  In addition, prospective members  had to go through an extensive vetting process.


One of the key elements of Darkode and many other illegal cybercriminal enterprises is the use of botnets or infected zombie computers to spread the malware and avoid detection.  Cybercriminals would take over the computers of unwary individuals and use their computers to remotely send out their malware to their targets, such as banks or other commercial enterprises.  Many of you may actually be part of a botnet without knowing it.  Most people become part of a botnet when they unwittingly download the malware that permits the cybercriminal to remotely take over the victim’s computer.  Usually this is done through phishing emails in which the victim is lured into clicking on a link infected with the malware.  Even if you have the most up to date anti-malware software, you may be vulnerable because it generally takes the security software companies at least a month to catch up to the latest strains of malware.  So the lesson to us all is one I am constantly preaching, namely never click on any link or download any attachment until you have verified that it is legitimate.  Merely because it may be sent from a friend of yours does not mean that you can trust it.  Your friend’s email account may have been taken over by a hacker or your friend is unwittingly passing on malware without even knowing it.  Trust me, you can’t trust anyone.

Scam of the day – July 12, 2015 – New Amazon email scam

July 12, 2015 Posted by Steven Weisman, Esq.

Copied below is an email currently being circulated that is a good example of a social engineering phishing email designed to either get you to provide personal information or to click on a link that will download keystroke logging malware on your computer that will result in your data being stolen and used to make you a victim of identity theft.  The email appears to be an email from Amazon indicating that there is a problem with your account.  In order to remedy the problem, you are prompted to click on a link and either provide the requested personal information or just by clicking on the link you may unwittingly download the keystroke logging malware.  This type of phishing email is so effective because it looks so legitimate.  It also has a higher chance of being effective merely because so many people who receive it will indeed be Amazon customers.

Here is a copy of the email:  DO NOT CLICK ON THE LINK.


Confirm your Amazon account.

Hello ,

We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?.
To ensure that your service is not interrupted, please update your billing information today.

Or contact Amazon Member Services Team. We’re available 24 hours a day, 7 days a week.
If you have recently updated your billing information, please disregard this message as we are processing the changes you have made.

f you need further assistance with your order.


This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.

Copyright Å  2014 amzon, Inc. All rights reserved. amzon is located at 2211 N. First St., San Jose, CA 95131.


There are a number of telltale signs that this is a scam.  First and foremost, the email address from which it was sent has no relation to Amazon.  Also, the salutation does not refer to the person receiving the email by name.  Finally, there are some misspellings and typographical errors in the email.  However, the quality of this phishing email certainly is good, which is why it is so dangerous.  The key to avoiding becoming a victim of this type of social engineering phishing scam is to follow my motto, “trust me, you can’t trust anyone.”  Never click on a link or provide personal information unless you have absolutely confirmed that the email or text message received by you is legitimate.  In this case, if you had any thought that the email might be legitimate, you should contact Amazon directly at an email address or telephone number that you know is accurate.  Don’t respond to phone numbers or email addresses contained in the email itself.

Scam of the day – July 10, 2015 – Navy Federal Credit Union scam

July 9, 2015 Posted by Steven Weisman, Esq.

Below is a good example of a scam phishing email send by an identity thief attempting to lure the receiver of the email, (in this case, me) to download the attachment, which will then cause of one of two things to happen, both of which are bad.   Either by downloading the attachment, you will either unwittingly download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft or the download will, under the guise of providing greater security to you, require you to provide personal information that will be used to make you a victim of identity theft.  Here is a copy of the email I received.  DO NOT CLICK ON THE LINK OR DOWNLOAD THE ATTACHMENT.   You can see that the email looks quite legitimate and the logo looks real.  However, one good indication that this is a scam is that the salutation is “Dear Customer” instead of inserting a real name.


Dear Customer,

We’re writing to let you know that your online account has been temporarily

suspended due to recent access to your account from an unknown IP address.

To re-activate your account, download “Navy_Federal_Update_Form”

attached to this message and complete the process.

Thank you for helping us serve you .

Yours sincerely,
� 2015 Navy Federal Credit Union, All Rights Reserved.


My advice whenever you get an email or text message with an attachment or a link is not to download the attachment or click on the link unless you have confirmed that it is legitimate.  In this case, I am certain that this is a scam because, among other indications, I do not have an account with the Navy Federal Credit Union.  However, even if I did, I would not click on the link or download any attachment.  Instead I would call the Navy Federal Credit Union at a telephone number that I knew was accurate to check on this email.

Scam of the day – May 10, 2015 – Hackers with Ransomware targeting Hedge Funds

May 10, 2015 Posted by Steven Weisman, Esq.

In a frightening speech two days ago in Las Vegas to a convention of hedge fund managers that hopefully will serve as a wake-up call to those in the financial industry, John Carlin, the head of the Justice Department’s National Security Division warned his audience that hedge funds have become the target of a wide range of hackers including nationally sponsored hackers from Russia, China, Iran and North Korea as well as criminal groups from around the world and terrorist groups.  One of the primary attack methods is the use of Ransomware, about which I have written numerous times over the last few years.  Ransomware is a type of malware that when downloaded on to the victim’s computers encrypts and seals the victim’s data.  The victim is then informed that either the victim pays a ransom immediately or its data will be destroyed.  Already several hedge funds have fallen victim to this type of attack.


An important thing to remember about Ransomware as with most malware used by hackers and identity thieves is that in almost every case, the malware was downloaded through socially engineered phishing emails that tricked employees into downloading the dangerous malware.  Corporate America has not done a good job of either training employees as to how to avoid phishing emails or segregating and isolating important data from vulnerability to such attacks.

This story is not only important to the national and international economies, but also to all of us personally as Ransomware is being used against individuals as well as companies.  Once again, the best way to avoid downloading Ransomware malware is to follow my motto of “trust me, you can’t trust anyone.”  Never click on a link or download an attachment until you have confirmed that it is legitimate.  In addition, make sure that you keep your anti-virus and anti-malware software up to date although this is no guarantee of protection against Ransomware because the latest malware is always at least a month ahead of the security software companies.  In addition, make sure that all of your data is backed up either in the cloud or by other data backup methods.

Scam of the day – April 19, 2015 – American Express phishing scam

April 19, 2015 Posted by Steven Weisman, Esq.

Many people are reporting receiving the following email which appears to have been sent by American Express.  It reads as follows:

“Dear American Express customer:

We have recently detected that a different computer user has attempted gaining access to your online account and multiple passwords were attempted with your user ID. Hence it is necessary to re-confirm your account information and complete a profile update. You can do this by downloading the attached file and updating the necessary fields. Note: If this process is not completed within 24-48 hours we will be forced to suspend your account online access as it may have been used for fraudulent purposes. Completion of this update will avoid any possible problems with your account. Thank you for being a valued customer.”

American Express is a popular credit card with more than a hundred million cardholders worldwide so when scammers send out a blast of emails such as the one above, they are bound to find a considerable number of American Express cardholders among the people receiving this email.  This type of email scam, which is called “phishing” attempts to scare the person receiving the email into downloading the attachment or, in other instances, clicking on a link, in order to fix the problem described in the email.  Because the problem is both plausible and serious, many people fall for this scam and download the attachment or click on the link.  In this particular scam, the attachment downloaded malware that stole personal information from the computers of the people downloading the attachment and used that information to make them victims of identity theft.  In addition, the attachment also asked for personal information that also could be used for identity theft purposes.


Regardless of how legitimate an email or text message appears and regardless of how much it may appear to require immediate action on your part, you should never click on a link or download an attachment in any email or text message unless you are absolutely sure that it is legitimate.  In this case, the mere fact that the email is addressed to “Dear American Express customer” rather than to the email recipient by name is an indication that this is a scam.  In any event, the best thing to do, if you believe that the email might be legitimate, is to contact American Express directly at the phone number on the back of your American Express credit card to find out whether or not the email or text message was legitimate.

Scam of the day – April 17, 2015 – Mass email service hacked

April 16, 2015 Posted by Steven Weisman, Esq.

Many people may not be aware of SendGrid, but there is a good chance that you have received an email from them.  SendGrid is a mass email service that is used by 180,000 companies worldwide including Uber, Pinterest, Spotify and Foursquare when companies wish to send mass email messages to their customers, such as when a company wants to alert customers to a service update. When you receive an email from SendGrid or other such mass email services, it appears that the message is being sent by the company with which you have an account, but it actually comes from SendGrid or other mass email services.  Last week one of the companies that uses SendGrid had its SendGrid account hacked in an attempt to hack into the company’s account with Coinbase, a Bitcoin exchange.  Although the company, unnamed by SendGrid, had its account with Coinbase hacked,  according to SendGrid no Bitcoins were stolen.  Last year a similar attack aimed at stealing Bitcoins from another SendGrid client, ChunkHost was foiled because, Chunkhost used dual factor authentication, preventing the hacker from accessing the Bitcoins in Chunkhost’s account even after the hackers had managed to steal ChunkHost’s password.  More and more hackers are trying to hack into the accounts of users of mass email services such as SendGrid because it enables the hacker to make his or malware containing message appear to come from a trusted source.


Remember my motto, “trust me, you can’t trust anyone.”  Merely because an email or text message appears legitimate or appears to come from a trusted email address is no reason to trust the message and click on links contained in the email or text message or download attachments to such emails or text messages.  The risk is too great.  Never click on links or download attachments unless you are absolutely sure that they are safe and legitimate.  Even if you are protected by the latest security software, you are still not safe because the most updated anti-malware and anti-virus software is always at least a month behind the latest malware.

Scam of the day – April 8, 2015 – Tewksbury Police Department pays ransom to retrieve files

April 7, 2015 Posted by Steven Weisman, Esq.

The Tewksbury, Massachusetts Police Department became the latest in a long list of police departments that became a victim of ransomware, the malware that, generally through phishing, manages to become downloaded on to the department’s computers that locks and encrypts the victim’s files making them unusable.  In this particular case, the Tewksbury Police Department’s arrest and incident records were locked and a message appeared that read, “Your personal files are encrypted.  File decryption costs – $500.”  The particular type of ransomware used in this case has been called KEYHolder and despite the efforts of federal and state law enforcement agencies as well as two computer security companies, the data could not be retrieved.  Ultimately, the Tewksbury Police Department paid the five hundred dollar ransom electronically in bitcoins as demanded, making it pretty much impossible to trace.

In recent years, particularly since the development of CryptoLocker, one of the early ransomware malware programs, ransoming of computer data has brought criminals as much as 28 million dollars in ransom payments.  Many government agencies and police departments have been targeted along with the computers of ordinary citizens.  No one is safe.  The Colinsville, Alabama Police Department became a victim of ransomware last summer, refused to pay the ransom and lost their infected database of mugshots.  The Durham, New Hampshire Police Department also refused to pay a ransomware, but wisely had backed up its information so it lost nothing of value.  Other police departments, companies, government agencies and individuals have not been so fortunate, however and have either paid the ransom or lost their data in many instances.  Depending on the sophistication of the malware used, sometimes the ransomware can be defeated, but often it cannot.


Certainly you want to always keep your anti-virus and anti-malware software up to date on all of your electronic devices, however, you can never be fully confident that this will keep you safe because the latest viruses and malware are always at least a month ahead of the software security updates created to deal with these issues.  Since generally the ransomware is downloaded on to the victim’s computer by clicking on a link in an email, it is critical that you not click on links in emails unless you are absolutely sure that the link is legitimate.  Finally, it is very important to back up all of your data independently every day so that even in a worst case scenario, you will not need to give into the demands of extortionists.

Scam of the day – March 21, 2015 – College students and identity theft

March 20, 2015 Posted by Steven Weisman, Esq.

Recently, Javelin Strategy & Research issued its annual Identity Fraud Study and it is quite enlightening.   The study found that almost 13 million people were victims of identity theft last year at a cost of 16 billion dollars. One of the more interesting trends noted in the study is that while college age students are highly susceptible to identity theft, more than 64% of them said that they were not very concerned by fraud.  In addition, when college students became victims of identity theft, it took them longer to discover that their identity had been stolen and twice as long to remedy the problem than other victims of identity theft. College students are particularly susceptible to identity theft because of the close quarters in which they live where people may be coming into and out of their dorm rooms without much concern for security.  They are also vulnerable on their smartphones and other electronic devices as well as in their use of social media without often a concern for their privacy.


Identity theft is high tech, low tech and no tech.  It is necessary for college students and everyone else for that matter to protect themselves from all forms of identity theft.  Important papers should be kept locked in a secure container.  Documents with personal information should be shredded when being discarded rather than merely tossing in a wastebasket only to be retrieved by a dumpster diving identity thief.  The rules for intelligent smartphone use are the same for everyone.  They include using a strong password, installing the latest security software, only downloading apps from legitimate app stores and not clicking on links in text messages unless absolutely sure that it is legitimate.  Everyone should understand the privacy policy and privacy settings of the social media they use and limit the amount of personal information made available.  Finally, on social media as in any other form of electronic communications, never  click on links or download attachments regardless of how enticing they may appear unless you have confirmed that the link or attachment is legitimate.  Often the bait of a nude celebrity photo or some other lure is just a ruse to get you to download keystroke logging malware that will steal the information from your phone or  other electronic device and use it to make you a victim of identity theft.