Clean Your Computer

“Buy Cocaine” Spam

Christopher Boyd — Wed, 19 Nov 2008 19:16:33 +0000

I've seen the following rather freaky spam on Blogs quite a bit lately:

...yes, that does say "Buy cocaine".

Click the link, and:

Click to Enlarge

"Second thing that make our legal cocaine special is that risk free for you.Absolutelly no side effects and any dangerous after party effects.You can use cocaine absolutely free witout any problems.Just take your cocaine online and forget about everything just party star."

...um. Click yet another link, and you're taken to a vaguely surreal website with animated dancing characters all over the place, grooving to a terrible loop of what they probably hoped sounded a little like a rave in a nightclub (it doesn't):

Click to Enlarge

It turns out that this "Cocaine" is actually just a mish-mash of various chemicals that are supposedly harmless, though some of the Wikipedia links I've added do make me wonder a little:

Guarana     200 mg
Hawaiian Baby Woodrose     100 mg
L-Tyrosine     100 mg
Passion Flower     50 mg
Caffeine     50 mg
L-Arginine     50 mg
Green Tea     10 mg
Niacin     8 mg

I'd have thought you'd need to be insane to throw that lot together, but oh well. The person dropping these links has quite a lot of sites doing the rounds at the moment:

Click to Enlarge

It's somewhat bizarre that "Hangover cures", "erection aids" and "anti aging cream" are mixed in with "Free party drugs", "Legal Cocaine" and "The Party Pills Shop" - I guess they'd probably need it after all those supplements and pills.

I'm alarmed to think that people still continue to sell things like this online because there are people out there willing to actually buy it. If you really want to take a chance and buy some random pills touted as a "legal form of cocaine" by some guy in Afghanistan dropping spam links on the net, then I'd suggest skipping Rehab and making do with the Asylum instead...

The New Testing PC Dance

Christopher Boyd — Wed, 19 Nov 2008 12:58:59 +0000

There comes a time when every testing PC has to be consigned to the virtual dustbin. A while ago, my main testbox was apparently pushed so hard it decided to catch fire and melt overnight. Pretty hardcore I guess, especially as I was able to keep testing on it for a few months more while I scoped out a replacement.

Sadly, my trusty testbox is no more and I've spent the last week or so shopping around for a replacement. Eventually, I found the one I wanted, but it came with Vista and there was no way to have them replace it for something else like XP.

Now, I'm not hugely perturbed by using Vista. My only previous experience of it was using it on a fairly hopeless laptop which is a recipe for disaster - on a desktop, I can't say I have any issues with it. The biggest stumbling block I hit was when it came to the main purpose of the PC - testing!

Little did I know, but VMWare Workstation 5 has issues (of the "it doesn't work" variety) with Vista. After a fair bit of Googling around, I couldn't find any information as to whether specific versions of Workstation 5 would work on it, and if so, which ones.

With that in mind, I thought I might add it here for future reference in case someone else doing testing (and running Workstation 5) needs to combine it with Vista. There's quite a few versions to choose from, but 5.5.8 seems to work fine. The only slight problem is that you can't drag and drop files from your real desktop onto your virtual one, but that's easy enough to get around with CDs and USB keys. Oh, your real desktop tends to freeze up for a minute or so when you launch VMWare too, so don't worry - your PC hasn't crashed.

I note a new version seems to have appeared in the meantime - 5.5.9 (at least I think it has. I certainly didn't see it when I downloaded 5.5.8 so maybe I'm just not very observant). If you've tried 5.5.9 with Vista, let me know what kind of results you've had.

Oh, and in case anyone was wondering, I did consider wiping it and replacing with XP - but the only version of XP I currently have to hand is in Hebrew. Long story...

Magic EBay Money

Christopher Boyd — Tue, 18 Nov 2008 20:21:52 +0000

This particular program we're about to look at is currently being promoted via videos on sites such as Youtube. The program is touted as an "electronic Paypal hacker" - supposedly, it reaches right into Paypals systems and simply "creates digital money", despositing an amount of your choice into your Paypal account. There now follows some cod-technospeak as the creator attempts to define this supposedly "victimless" crime:

"All verified accounts are stored on a verified server. That's where all the cash gets sent. When people send cash, they send packets. When you have $10 or more, that means you have enough packets for the hack to execute. When people send the fake PP cash, I grab their packets and it adds to your account. It is completely legal, Paypal money is electronic so no harm done to ANYONE!"

....sigh. Well, there's no harm done except to anyone foolish enough to fall for such a scam. In time honoured tradition, this is what the EXE looks like on your desktop:

Look, a moneybag! It has to work! Fire the program up, and...

Click to Enlarge

Very slick looking. Hit the "I Agree" button, and you'll see this:

Click to Enlarge

...you're presented with a rather fetching interface. In the spirit of making you think they're doing you a favour, you can find an MP3 player built in, links to popular networking sites along the bottom (along with a few hacking sites for good measure) and a big blank browser window.

How does this program work?

Yes, amazingly that's all there is to it. Honest. Hit "Connect", and you'll see some random messages appear in the Status Display - just to make you feel more like you're really doing something hacker-ish:

With programs like this, who needs to watch The Matrix? Anyway, the previously empty browser window now fills up with the Paypal website:

Click to Enlarge

Our wannabe hacker still hasn't actually hacked anything yet, but fear not - hit the "Add Cash" button (after selecting an amount of either 100 Dollars or Euros), the following screen appears:

Click to Enlarge

"Choose the amount you want, then login in this TPPH Login page to receive the money into your account. Attention: This will not work if you don't have a valid (verified) Paypal account containing $10".

Of course, anyone familiar with Paypal will know that this popup is not from the official Paypal website - it's something the creator of the application has put together. Let's see - they want you to "Submit" your Paypal login details somewhere....they want you to have a Verified account....and they request that you already have a minimum amount of cash in there when you submit the information.

Does that sound like you're going to get free Paypal money? Or does it sound more like you've just sent your Paypal login details to a complete stranger in an overly elaborate fashion?

We detect this as PPHack.

(Thanks to Senior Threat Researcher Chris Mannon for additional research).

“Verify Your Hotmail Account now To Avoid It Closed?”

Christopher Boyd — Mon, 17 Nov 2008 19:13:39 +0000

Not the newest scam on the block, but it does seem to be currently doing the rounds so it's worth highlighting. If you're sent an EMail with the same title as this article, with content that looks like this (usually sent from a random Hotmail account):

Click to Enlarge

...then delete it, it's a scam.

Spin?

Christopher Boyd — Mon, 17 Nov 2008 09:39:34 +0000

From an article where the net is listed as a threat to "National Security":

"He said: "We have to recognise that on the net you can practically get the full DNA of the First World War flu that killed 24 million people."

...that is quite possibly one of the most bizarre things I've ever read in relation to why the Internet poses a threat to security. I don't own a chemical lab, nor am I an expert at creating killer viruses on my lunch break so can someone enlighten me with regards how much of a threat the above actually is?

I have my suspicions, but I'd like to confirm them...

Paypal Phish Wants Your Social Security Number

Christopher Boyd — Mon, 17 Nov 2008 09:02:12 +0000

I'm not sure why, but I'm being sent an awful lot of Phish mails this month. The latest one takes you to

home.doramail.com/spade526/

The page is a typical Paypal phish, though they're not actually interested in obtaining your Paypal login in the slightest. They're after something a little more personal.

Click to Enlarge

Note that in addition to your name and address, they're also asking for your social security number. Not a particularly new idea for a scam, but still not a good thing. The creators have made some basic errors which will cost them potential victims, though - they assume the victim receiving the mail lives in the United States, and they also have a few typos in there - enough to set off alarm bells for those not specifically targeted, with any luck.

Something I’ve Noticed…

Christopher Boyd — Mon, 17 Nov 2008 08:48:27 +0000

In the last few days while randomly clicking around Facebook, I was surprised to see
this appear when clicking an external link:

Click to Enlarge

Not sure when they started doing this, but definitely a good move as more and more people continue to target Facebook. Of course, Myspace have been popping up a "You are about to leave..." page for quite some time - out of interest, does anyone out there know of other types of website (non social networking ones) that have to resort to this kind of thing? Or is it only the 2.0 sites that have to pop up these warnings all the time?

I think we know the answer to that one...

Another “Danger Mouse” on the UK Roads!

AndyAtHull — Fri, 14 Nov 2008 18:30:08 +0000

Yup, I have finally passed my UK Practical Driving Test! It has come finally after my second attempt.

This has been long over due as I have been putting it off for sometime. In fact some years. I’ve always been satisfied to take public transport as a young adult. However with other real life commitments it was about time I needed to do this.

So for everyone in the UK you better watch out! Discuss it here in our forum if you have comments on the UK or even other countries driving tests.

Like this article? Share it with others!

Give Me Your Login, Please

Christopher Boyd — Thu, 13 Nov 2008 18:38:14 +0000

When I saw the name of this website - "The Habbo Movie" - I thought it might be quite inventive. Alas, it appears to be a more standard type of "enter your login and hope you get something for free" affair.

The domain is

everyoneweb.com/thehabbomovie

Here's a screenshot:

Click to Enlarge

According to Google Translator, it says something vaguely similar to this:

Habbo's best,

We now have furniture in Habbo Free! Because, Habbo is just 4 Years! But, how do you say those things receive Free? There is a solution devised by Lotus! We have placed below a Mail Form! Fill in your details and what you want to receive! You can pick only 1 thing! We have to HC and Things and Super Normal Rare stuff! What are you waiting for? Fill the form quickly! YOU RECEIVE THE FURNITURE now!

Doesn't sound very convincing so far, does it? Enter your Habbo login, and this appears:

It says:

Notice of Habbo Staff:

YOU ARE PLACED CREDITS! SEE YOU SOON!

Regards,
Habbo Staff

Lotus

And, just like that, you've handed over your login to a complete stranger. I wouldn't bet on getting any free furniture...

Twitterspam…

Christopher Boyd — Mon, 10 Nov 2008 08:13:25 +0000

This is fairly typical Twitterspam that's been seen doing the rounds since yesterday:

Click to Enlarge

Click the link, and you're taken to a "sign your life away for a free laptop" deal:

Click to Enlarge

What's really bizarre about this particular piece of advertising is that if someone tries to access this offer from outside of the US, a message will appear saying "Redirecting to an offer in your area" and instead of a free MacBook offer, you're taken to....

Click to Enlarge

...Zabasearch, a US-centric people finder website. I'm sure there's logic in there somewhere, but I'm still trying to work it out. The account is now suspended, but not before it managed to pick up around 175 followers.

Whoops...