How to know if the scareware warning is real or not:

I got an email from someone who wants not to be named asking how do I know if these sites that I have talked about like Defenderpageblock.com, Spywaredomainlist.com, adwaredomainlists.com, badwaredomainlists.com, browserdefenderlist.com, malicioussitesblock.com, and browserliveprotection.com are fake warning sites because of how the site handles the URL presented.   Let me give you a few example urls to see what I mean:

http://defenderpageblock.com/block.php?id=2006-54&url=http://tech-linkblog.com/scareware-adviser-from-defenderpageblock-com/

http://browserliveprotection.com/block.php?id=2024-4&url=http://tech-linkblog.com/2008/12/microsoft-readys-to-layoff-around-15000-workers.html/

http://malicioussitesblock.com/block.php?id=2006-54&url=http://tech-linkblog.com/2009/08/list-of-malware-sites-for-aug-24-2009.html/

http://spywaredomainlists.com/block.php?id=2018-2&url=http://tech-linkblog.com/2009/08/scareware-adviser-from-spywaredomainlists-com.html/

http://adwaredomainlists.com/block.php?id=2031&url=http://tech-linkblog.com/2009/04/pc-speedscan-pro-a-bad-idea.html/

Now as you can see al these have an identification number probably like an affiliate link and then the url of the site that is supposed to be bad or have malicious in some way.  So what do you do when you see these types of warning pop up and you would like to know if this real.   Here are some things to try to see if it is real or not:

• change the url it is going to, try Google or some other site that you know isn’t malicious and see what happens.   You will notice it will say the same exact same thing.
• Check out Stopbadware.org –  Google uses this service for there search results so this would be more reliable and check out the warning domain to see what it says then also check out the domain and website in question.

List of Fake AV sites for Aug 22, 2009

If you know anything about the Malware writers they are always registering new domains and here is the newest ones they are using:

Personal Antivirus Scareware Site:

• antispywarebestscanner.com
• professionalvirusscanv3.com
• professionalcomputerscanv2.com
• scan-your-pc-now.com
• professionalspywarescanv8.com

Internet Antivirus Pro Scareware:

• hopest.info
• suffic.info
• cressy.info
• unowed.info
• inclin.info

Rogue Antivirus scareware sites:

• securitytoolsite.com (Fake Scanner)
• webscansecurepc.com (Fake Scanner)

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Malware sites for Aug 21, 2009

It has been kinda busy today for the Antivirus scareware sites but here they are.

Personal Antivirus Scareware Site:

• check-for-malwarev3.com
• safeonlinescannerv4.com

Internet Antivirus Pro Scareware:

• fatuus.info

Rogue Antivirus scareware sites:

• antivirusplus2010.com
• mybestantivirusplus.com
• internetantivirusplus.com
• antivirusplus09.com
• antivirus-plus-now.com
• yesantivirusplus.com
• goodantivirusplus.com
• i-antivirusplus.com
• nextantivirusplus.com
• antivirusplus-ok.com
• getavplusnow.com
• antivirusplusnow.com
• getantivirusplusnow.com
• realantivirusplus09.com
• freeantivirusplus09.com
• addedantivirusstore.com
• addedantivirusonline.com
• myplusantiviruspro.com
• yourcountedantivirus.com
• easyaddedantivirus.com
• addedantiviruslive.com
• addedantiviruspro.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Twitter Spam for Cari-weightloss

I was doing my usual checking out what people are talking about and I see Cari-Wieghtloss.net, Cari-Weightloss.com, and Cari-Weightloss.org.

Going to the Pages I see:

I already once talked about the Acai Berry Twitter spam, but this talks about another product that is part of the Plan call “ColonCure” which if you look into they have had some complaints about them.   I even found more from the Rip-off Report’s, talking about taking the money out of your account.  There are two links in this page that point go to these products.  They both come from the domain meet-google.com, which I must warn you is not associated with Google.com.  I did more research on Acai Berry but I will let you read what people have to say about that.

Each of those sites have a clause where they have not be evaluated by the FDA(Food and Drug Administration).   Also they either say out right that you will have to pay for shipping or don’t say at all.   If anything says anything about these companies until they have been tested by the FDA, I would recommend people not try these products because of the possible side effects or complications that may result in the combination of the two drugs.  I’m not a doctor but I can tell there is something fishy with at least on product and if I find one there will usually be more.

Canadian Pharmacy at it again : ownsouthme.com

I received an email that got past my email settings and here it is:

Hi there,

Because of the economic crisis, things are not going well for online business. So here is a pharmacy which sells % 60 cheaper than other stores on the net. If you have pharmaceutical needs, try them before they go out of stock. You may read the advertisement below if you are interested :

No doctor needed anymore! Get what you want easy and faster than ever before!
We have all the best medicines of the industry packed and waiting for your order!
Of course we got the best blue men’s friends and we sell them with the hugest discount right now!
More about us:
- Man’s Health, Anti-Depressants, Antibiotics, Cholesterol, Diabetes, Diuretic medicines
- Pain, Sexual Health, Erectile dysfunction, Sleep Aids and Weight Loss medicines
- Worldwide shipping
- % 60 cheaper than other pharmacies (limited with stocks)
- Always full anonymity
- Always making you a happy customer!

Choose us and you will feel well: Always!

hxxp://www.ownsouthme.com

Antivirus System Pro — Just another Scareware

In One of my Previous rants I talked about Antivirus System Pro.  I finally found a site that tried to scare me into downloading critical software updates.

As you can see this site is Spyware-scan-for-free.com but what is most important is that it actually tells you the truth before you install it.   “Some Security Vulnerabilities detected with High probability.  It May damage your files or steal you person and financial information.”  This one site is trying to you make you think you are install critical updates but in reality it is probably do what it states  by clicking the OK.

Although I talked about how to remove this, I would like to talk about just how bad it is to download “Critical security updates” from unknown or untrusted sites. Although most people usually do Google for keywords like “Antivirus System pro” or “Spyware-scan-for-free.com. I will tell you that if you think you have a security problem to go to the Windows update and see if there is an update that need to be applied.

Threat to System : Moderate

Rating:

Spoof Spam from Skype users

I got a strange email from Skype:

As you can tell this is spam but it got through my spam filters because the spammers are actually spoofing the email address.  Upon further inspection of the headers of the message I have found this came from a Black Hole IANA.org name server.   Then when I did some even more investigation on this, I found that they are seeing more and more of Email Spoofing for Skype. Which if you went to that URL (Websweetness.com) you will not like what you see.   IT is an Adult site but that is besides the point.  I am betting the spammers are trying to fool the spam filters to make sure this get through.  I talked about the Skype Bots before and this seems to be another way they are using Skype for there spam campaigns.

Skype is getting to be used by almost everyone who has internet so this is a good bet that people will get even more spam from spammers who are trying to get around the spam filters.  Until Skype fixes this problem, you can go into Email settings and uncheck “Skype can contact me when someone adds me as a contact”.   Although I would like to prevent this totally until they add a way for me to only receive messages from people on my contacts through email this will always be problem until they do that.

Those get rich quick schemes are doubtful

I was on Twitter and I saw this message from someone I am following.   Talking about how to make 171,161.08 a month.

Ok before we go any further you would have to see the name Oprah Winfrey (see Above for Photo of Account) just like the name of the one who just came on to twitter.    Now is this a true name or just a fake account?  I’ll let you decide that because it looks like it is just random tweets with the same URL.    This to me is looking more and more like spam.  Back to the site, it is call Maverick Money Makers.

As you can tell this is like every other get rich page I’ve seen trying to tell you will make insane amount of money in a few minutes a day.  So I decide to go to another page unrelated to this page and you will get.

The behind the scenes of the bad guys

Have you ever wondered how they find out your Email address or even find out your name or so called shipping address.   I’ve been wondering that for quite some time and have went researching online for the reason.  You see I’ve been getting spam email with my name and address  like this “Possible Check Pending [Last Name] [Mailing Address] Sender : Pam [Last Name]”

That email was a “Kevin Hoeffer” scam that advertise getting you money from Google, called the Cash Secret club.   Suffice it to say that the Rip of Reports all say this is a scam.  Seems they try to fool you into paying $1.99 and then charge an extra $98 after you give them your information.  The Domain that I looked up is protected by Whoisguard.com.  So I reported to them about this spam, this is a sure way to get off there list.  Reporting spam will black list you from getting spam because to there major providers.  That cost them money, if everyone did that the spammers would be stopped.  Although I think society as a whole isn’t even trying to fight the spam this way they just try to keep it under control.  I believe that if 10% of the spam is reported then we are making the spammers and scammers  pay for their misdeeds.

Canadian Pharamacies not from Canada!!

I got an Email that happen to get past the spam filters and wanted to talk about it.   The Email goes like this:

Hi there
Hey where have you been recently ? I could not get any news from you for a long time. Anyway, I found a decent pharmacy store from google last week. I decided to give a shot because it was Canada Licensed Drugstore. Well the prices were % 65 cheaper than the local pharmacies in my region. So I took a chance. I took my medicines in my hand 3 days after i ordered and they were packed very well as they claimed that they provide full anonymity. Needless to say medicines are legit and they give me what i want If you need any medicine without any prescription, give it a try until the discount ends.
Take care of yourself. I included the url below. See you later.

http://www.guidefabledme.com

Several things makes me wonder where it stands out that this is just spam. Here are some examples:

• the word Google — It isn’t capitalised and that should be capilitized.
• Bad Grammar — This shows me this isn’t even close to Canada, I’ll explain later in this article.

Blog Success Spam — What not to Do!!

Lately I’ve been getting spam emails with the titles:

• Earning thousands blogging? You could be.
• Bloggers Paid for Posts
• Bloggers Wanted
• Learn to blog for paychecks using this freebie video.

Each link sends me to blogsuccess.com, and looks like this:

“Blog Success founders Jack Humphrey and Peter Lenkefi created this to help bloggers make money.”  This is what I read in searches.    I’ve got to wonder if this is so successful they why do an email spam?   Most emails lately have been about scams and virus exploits.   I am going to stick to the only way you should advertise by getting people to click links to come to my site.

According to Symantec:

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets –networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam.

Twitter and the Acai Berry Spammers

Well According to Sopho’s There seems to have been some hacking going on for the Acai Berry spam. Some of the messages were:

It seems to be a random http://random.CN domain but we’ve talked about this in the past.  Sopho’s isn’t sure how this happen but I have a suspicion that it was a Phishing attack done on the facebook users recent weeks that have the hackers going to other social sites and trying those passwords.

Although I agree with Sopho’s on making sure not to have a dictionary word, I also think users should take care of all your online accounts.   As most people will become aware of is most users use only one password for all their accounts online or only have 3 different passwords for 20 different sites.  This is something that needs to change and you can do that with Roboform to keep your passwords safe and also to make sure they can’t guessed.

If you have been compromised on t witter and only use one password, you can bet all you other accounts have been compromised as well.  You should change your passwords as soon as possible.   You should also make sure in the future not to be tricked into giving out your password which is called Phishing, in which a site with a different url is made to look like Twitter, Facebook, and Myspace log in page.

Upgrading to Twitter Pro — ztrx.net Phishing attempt in the wild!!

I just got this alert from a friend of mine and I thought I would share it with you.  It looks like there is a new phishing attempt going on with websites try fool it’s users into going http://ztrx.net and From the looks of it. It looks like this:

The message some users got were:

Upgrade to Twitter Pro – Visit http://bit.ly/[CENSORED] to upgrade your account

It seems that if you get this message on your account you should report it to @Spam and let them know. If you happen to get given out your password it is strongly recommended that you reset your password to prevent any further unauthorize access to your accounts. You should change your password as soon as possible. This is the first attempt they have tried this this weekend so be on the look out for more phishing attempts.

New Spam Campaign for Cooltweeting.com

I got an Email that shows that people are giving out there twitter accounts password for a Free Mac book air. I did a Search for cooltweeting.com and well you take a look.

The Site Cooltweeting.com looks to be a phishing for your information by wanting you to do this:

As you can see this looks pretty simple and some users would think this is true. I do wonder how I am going to receive email from them if they don’t have my email in the first place? You have to read the fine print on this one here I will make it bigger:

You agree to receive emails from trusted 3rd parties containing special offers and promotional emails.

Powered by BrandGivewayCentre.com. BrandGivewayCentre.com is an independent rewards program and not associated with any of the above listed merchants or brands. The above listed merchants or brands in no way endorse or sponsor BrandGivewayCentre.com’s offer and are not
liable for any alleged or actual claims related to this offer. The above listed trademarks and service marks are the marks of their respective owners. BrandGivewayCentre.com is solely responsible for all Gift fulfillment. In order to receive your gift you must: (1) Meet the eligibility requirements (2) complete the rewards bonus survey (3) complete the number of sponsor offers in the redemption instructions
(4) Follow redemption instructions.

Spyware : Michelle Obama’s Ta’s Ta’s Video

I love this one, I was reading the Sans Report about Michelle Obama Ta’s Ta’s on Video.  I wanted to investigate this a little further so I went searching around.  I found some comment spam links to a site I will not talk about the links directly.  The site however had a fake video on it :

It looks like if you hit Cancel or Details it keeps trying to tell you need to install an ActiveX Object.   It also makes the user think that there is only one option to use right now.   As you can tell  it makes you think you can’t cancel or get details but I did.  I tried to cancel and it kept on popping up trying to get you to install this active X installer.   AVG detects it as:

TweetTornado and What that means to Twitter

I had an interesting person follow me today and I want to talk about How Twitter Needs to fix this problem:

In my previous post, I talked about Twitter needing to fix spam problems and here’s why.  It’s Called Tweet Tornado and you pay $100 for this program a Month.  On the Page,  they talk about downloading this software and using it:

Now as you can on there website this plainly states this is SPAM.   I wouldn’t install this software or even use it because  of the possibility of having a Virus, Trojan, or even Malware attached to the program.  I can say now that what I’ve seen of this website is that Twitter needs to come up with a way to fix this problem.  I must warn you that if you do start using this software, you might end up with not internet or even worse if Twitter decides to come after you for damages to bandwidth.   This  software violates Twitter TOS:

You must not abuse, harass, threaten, impersonate or intimidate other Twitter users

You must not modify, adapt or hack Twitter.com or modify another website so as to falsely imply that it is associated with Twitter.com .

Come on Twitter add Tweet filters — Ways to prevent twitter spam!

So I am on twitter tonight and I find some common themes:

• Have you ever heard about paid surveys ? I’m making way over $4000 per month working part time .www.hothotjoboffers.com [Keyword]
• Visit www.nakedoncam.info for 100% FREE LIVE CAM GIRLS! #Lobster Jeremy Mayfield Wolverine #startrek Happy Mothers Day

As you can see this is starting to get bad.   I don’t know why Twitter can’t fix this, by making filter rule that prevent new users from posting the same thing others have or even putting in some Captcha’s and Email verification.  This would stop it really quickly but I am sure I would hear from people that these wouldn’t stop them from coming.  Yes that is true but it would stop some to a lot of them from posting.   They want people to come to there site and they are abusing the Twitter.

On any given day you can search for anything with twitter and come up with some valuable information.  Now this seems to be more and more spam.   There needs to be a way for twitter to stop this but I guess they dont’ want to ruin the experience for new users.

Hothotjoboffers equals Twiitter Spam

Saw this on the Twitscoop API and had to talk about it:

If you go to the site Hothotjoboffers.com you will be redirected to:

Now I know more about this then anyone.  I see these types of scams where you can make money by doing survey’s but there are some common princples to consider.  Although I have real doubts to this site because when you try to exist it displays:

I always wonder why spam and other sites alike try to persuade you to stay and look.  When that happens I am thinking to myself, “Yes I am sure and that little box really makes me mad”.   I assume someone bot is making the post to twitter and I wish Twitter would create a rule for this.   This would stop this type of spam from getting to us and others.   Same Text coming from newly created accounts less than a hour with let’s give it 5 max should be prevented from posting until they are verified by either email or other such ways.

Not so, Realbabesonline on Twitter! Twitter do something about this!

I posted a blog about the NSFW spam. This happened to be coming from a domain realbabesonline.com and when you visit this site you see:

As you can see it will say “Hi, I am single girl living in [your Local area].”  That was the tip off, since I am on a rotating IP and visiting the site tells me that it puts in the ip location where you are.    Seems this has been created on Aug 22, 2008 and probably this started the last few weeks.  Some of the more common tweets are:

• is desperate and dateless! Pics (NSFW) and profile here ->[Insert Tinyurl] for anyone interested!
• Finally gave in and joined a dating site [Insert Tinyurl] Pics (NSFW) in my profile under [Twitter name]
• Uploaded some new NSFW pics to my AM profile here ->[Insert Tinyurl]  My username is [Twitter Name].Let me know what you think:)
• My Previous article : “See the NSFW pics twitter deleted from my profile here [Insert Tinyurl]- My username [Twitter account]“

I would bet This type of spam would of been easily filtered if Twitter would just automatically suspend the account if they tweet these.    I wouldn’t want my Son or daughter to go to this site.   No age protection or anything.   This looks to be a site that has put up a pic of a girl.

Twitter would you please do something about these tweets, anyone can find them if they search for NSFW.   They are constantly being tweeted on new accounts.

Twitter Spam attempt: “See the NSFW pics twitter deleted from my profile here”

Looks like this might have been a improper adult content or maybe a Malware attack:

If people are wonder what NSFW means:

Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]

It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install Free Anti-virus and Free Firewalls to help prevent from getting Viruses or Malware.

Dear Friend Spam Emails from Yahoo

The email from our old friend has come back into now compromising Yahoo accounts by sending out this email:

Dear friend:
What are u doing these days?I am going to recommend a Eshop to you.Yesterday I found a web of a large trading company from China,which is an agent of all the well-known digital product factories,and facing to both wholesalers, retailsalers,and personal customer all over the world. They export all kinds of digital products and offer really competitive and reasonable price and high quality goods for their clients,so i think you will make a big profit if you did business with them.And they promise they will provide the best after-sales-service.If you are interested to do business with them,in my opinion, you can make a trial order to test that.
Their Web address: www.nekcn.com

In what seems to be the way of this advertisment company, it seems they have been doing what they did with Hotmail.  Deleting your contact list and emailing your friends with this message.  Now I am thinking it is being done by them Phishing for the password and Account name, they probably set up an web page to look like Hotmail or Yahoo.  One thing to remember to do is check to see that you address bar looks like this:

Hotmail accounts get compromised!!

I received an email on a list and wanted to warn people:

Dear friend,
i would like to introduce a good company who trades mainly in electornic products. Now the company is under sales promotion, all the products are sold nearly at its cost. They provide the best service to customers,they provide you with original products of good quality,and what is more,the price is a surprising happiness to you! It is realy a good chance for shopping.just grasp the opportunity,Now or never!
The web address: http://www.nekcn.com

Seems this is being sent from Hotmail accounts. There are a number of ways someone could be getting a hold of your email address. According to Microsoft forums this seems to delete your email contacts and also send out this in the same time. This seems to be a new spam campaign for this one company. I would guess someone bought advertising from this company and the advertiser is doing some really unmoral things.

New spam Campaign — Casino Anyone?

Looks like there is a new Campaign going on with regards to having VIP access.

So I go to the site:

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

• This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]
• It also Changes your Autoexec.bat file.  (Not good)
• Changes access flags on several different program (not good either)
• It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.
• It looks like it connects to the servers every time you boot up!! (Not good either)

Spam email : Patients can access our chemist via the Internet 24/7

In today time Spammers are really trying to get people to open emails.  I was checking my spam folder making sure I didn’t have anything in there that shouldn’t be when I saw this email.  I was curious like everyone else who see’s this message, because why would yu need a chemist?  So for fun I open it up and find the message.

For instants:

The Link leads me to this:

Now I know some people are needed these types of pills to keep the Mojo going, but I must warn people that these sites are dangerous.  Just like this email the spammer used something so unusal and still kept the truth in the header.   I’m not sure I’d want to buy anything from Russland, Or Sosonovy Bor.

I will tell you this, from my own experience with these types of drugs, you must be careful what you prescriptions you take.  One drug can interact with another drug and make you sick or possible even kill you.   That is why it is so important to see your doctor and get the right medication for you needs.  These mojo drugs can increase blood pressure or have some side effect that you can’t handle or tolerate.  So when these spammers want you to buy Cialis or Vigra, I encourage you not to.  You will be far better off going to your doctor and getting the right presicription then buy these over the internet.  Who knows if they are this shady with emails, would you trust them with your credit card?  I wouldn’t, that is for sure.

I hate Snopes Spam

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

• Is it completely True?
• Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)

Rogue Fake Codecs on the Rise

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

Oh My I got the Presidents Attention!!

I just got an email telling me:

Barack H Obama (PresidentBarak) is now following your updates on Twitter.

So I go to the click the link and I see this:

Wow, I didn’t know I was this influental to get the Presidents attention(NOT).

http://www.economygrantprogram.com/

After checking out the profile I see that it has a link to a site that basically asking for your personal address and your email account. After I go check the site I see in really small catch you have to pay 3.95 for Shipping and Handling. Well You know what they say, nothing ever is Free. This looks to be a way to get email addresses to spam in the long run. I wouldn’t give them any information because this is looking to be a scam and I hate scams. You best bet is to go on with your life and report this spam to twitter. This however got my attention because of the who it was, and that is probably why they chose the name. It is however quite funny.

Being a Bad BOT!

I had the strangest thing happen today, Seemed a Bad Bot was Crawling my pages. I was getting at least 60 page views an hour from this bad Bot!! The individual IP’s of this Bad Are:

65.208.151.112
65.208.151.113
65.208.151.114
65.208.151.115
65.208.151.116
65.208.151.117
65.208.151.118
65.208.151.119

After the first initial hour of this going on, I started wondering what this bot was doing.   I did some more research into this little bot.   I did find out it is owned by Kintiskton LLC.  (Twitter Search)

Anyways It bothers me that when you do a Google Search for this company, it comes back with no company.  Some people have already did there research and have come up with very little.

I dug even more and some are saying this might be Homeland Security, and I have my own thoughts on this.   I might be paranoid myself but if there is no company out there and the IP keeps coming back, I assume it is BAD mojo.  Some people worry that it is a hacker probing for vulnerabilities and that worried me.

I decided with the Help from Godaddy, to ban the lot of IPs.  I figure someone is trying to get information or trying something they shouldn’t, I’ll stop it myself.   If you have Wordpress and are also having problems with this ip, you can ban it by adding this to your HtAccess file:

Careless Facebook profiling can lead to Identity Theft!

I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn’t believe what I saw:

As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity.   You shouldn’t be broadcasting your DOB and who your married to to your friends, just in case they get hacked.

Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their “walls” – personalized message boards.

[Via Computing.Co.UK]

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.