Email Scam Warning..

Help and Discussion

Moderator: The Mod Squad

Email Scam Warning..

Postby Karlsweldt » Fri Mar 08, 2013 6:23 am

Got an Email this morning, in my 'spam' inbox.
Was suspicious, so did the "save as" then "viewed" without opening.. the only safe means.

If anyone gets an Email from "Hk" with the notation "Confi1" it is a scam. Opening it may release a virus or track your habits! Delete it.
The message body requests "Can you assist? I want you to assist in claiming some funds belonging to a late client of mine. Details will be furnished."
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20661
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby evasive » Fri Mar 08, 2013 7:19 am

I have seen so many varieties of this one it's not funny. But thank you for the general heads-up...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby bdub » Fri Mar 08, 2013 8:05 am

just a question... how does simply opening email release a virus? i thought it happened on opening attachments in the actual email. is it because the web-browser automatically runs scripts or something than can cause the opening of attachments with the virus, or cookie that tracks, or what?
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
Samsung 840 EVo SSD 120 GB
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree
 
Posts: 3653
Joined: Wed Feb 19, 2003 2:12 am
Location: Washington D.C.

Postby evasive » Fri Mar 08, 2013 8:08 am

Depending on what email-client you use, they can use HTML for the markup. So in essence it's a webpage. And in the same way a webpage can contain an invisible script, so can an email. All you need is a leak inside something like Flash or Java, put in the code to call that vulnerability and you're done for. They don't even need to disable your virusscanner as it goes undetected and can implement a full-blown rootkit on your system including MBR infection. Seen this in the field. No fun to clean up.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby Karlsweldt » Fri Mar 08, 2013 8:42 am

evasive is right. When you actually "open" an Email, the HTML script may draw in some data 'bits' that later assemble into a virus or Trojan. The 'bits' pass under the scanner radar, and look innocent. But when assembled, too late!
For any Email that is not from a known or trusted source, never actually open it. But "save as" to a secure folder, then use a text editor to only view it. This way, you have little chance of activity.
Yes, many schemes to hook the unsuspecting Email recipient. Some ask only for your personal help.. but others want your bank account number and family members names! Or "please forward $xxx.xx amount to this account".
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20661
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby bdub » Fri Mar 08, 2013 9:25 am

yeah, not that i ever usually even open stuff that is unknown to me... but there are odd times i do, and usually with a client that has the bells and whistles turned off for unknown addresses (say, like thunderbird). but then again every once in a while i use webmail (browser based email, hotmail, yahoomail, etc.... you are saying if html is on for my browser, and i open an infected email, even OPEN it, that the computer can get virused?
that's pretty powerful stuff, there.
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
Samsung 840 EVo SSD 120 GB
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree
 
Posts: 3653
Joined: Wed Feb 19, 2003 2:12 am
Location: Washington D.C.

Postby Karlsweldt » Sat Mar 09, 2013 9:02 am

HTML script is actually a "live" page. You do not see any links that may call up a Web site or invite pop-up menaces, when you open it. But they will get you!
Whenever you open an HTML document or page, unseen script links automatically activate. And even if you hover over a URL to note statistics, you may call up a malicious link. Be especially wary if any suspicious Emails have an attachment!

More or less, we are "fish" in a big bucket.. and the hackers and phishers are out to get us.

We, as adults, should know better. But we are gullible. Yet youths are too curious, and unless we instruct them about caution with Emails, the computer may be bombed with malware.
Sometimes, an Email may look familiar.. from a friend or business. But if in doubt, save the link to a secure folder.. then use a file manager such as Total Commander from www.ghisler.com/ to safely view the contents. The full HTML text script can be seen, but there is no activation of content. Active script links would be highlighted with a different color. If you hover over those links, then you would note a long string for a URL source. Not advisable to do so, might be malicious! But the sender and date/time would be noted. There are scams relating to food and health products, plus legitimate business names. Even regular billing or bank notices!
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20661
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby bdub » Sun Mar 10, 2013 2:35 pm

what's a "secure folder"?
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
Samsung 840 EVo SSD 120 GB
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree
 
Posts: 3653
Joined: Wed Feb 19, 2003 2:12 am
Location: Washington D.C.

Postby Karlsweldt » Mon Mar 11, 2013 7:32 am

A "secure folder" could be a common folder, called "Web cache" or "Unknown" or any other name. Best not to be kept in the "Documents and Settings" folder! Kept a separate entity from the root directory, less chance it would be accessible to use by other programs or searches. Best to be on another drive partition. Adding the 'hidden' attribute to the folder would be additional security. You know it is there, but other programming would not find it. Putting same on the desktop or quick-launch is not a good idea!
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20661
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby bdub » Mon Mar 11, 2013 2:19 pm

so on another partition besides the system os... gotcha.
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
Samsung 840 EVo SSD 120 GB
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree
 
Posts: 3653
Joined: Wed Feb 19, 2003 2:12 am
Location: Washington D.C.

Next

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 0 guests