December 2008 Archives

These are currently being sent to random people on the Microsoft XBox network:

scm1.jpg
Click to Enlarge

scm2.jpg
Click to Enlarge

"Hello we are a company called Microsoft Rewards. We have an overstock on Xbox Microsoft points. We are now giving them out but hurry because everyone on Xbox Live will be getting this message.

If you want points all you have to do is send us your username, email and password. After that we will log in and give you the points."


As you might have guessed, it's a scam...
It's yet another fake warning from a rogue security product, this time claiming...well, take a look for yourself:

fakewar.jpg


A fake timer counting down till they shut down your computer, to "protect it" from some imaginary threat. Nice of them. Would the average user even be able to hit the download button, install the program and run it in the panic-filled 30 seconds they claim is all you have left?

Doh. Do yourself a favour and add this site to your blocklists, if you don't already have it:

registrydoctor2008.com

Another Viral Spam Link...

| | Comments (0)
Here we have another variation on a piece of viral spam originally aimed at videogamers. The execution is somewhat different, but it follows the same pattern. One can only assume this method of "getting people to click things and send it to everybody" is a bright idea someone dreamed up on a marketing forum.

Here's the site:

xbh1.jpg
Click to Enlarge

...and here's the babble underneath, this time claiming clicks will earn you "free stuff" (500 clicks for a free EBay US Sellers account, and 5000 for "free entrance to moneymaking black hat school"): 

xbh2.jpg
Click to Enlarge

I hope people didn't bother to send the links and click like mad, because the "moneymaking black hat school" seems to be currently offline...

(Hat-tip).
Throughout this year, there's been random outbreaks of mails claiming you've won a fortune, courtesy of Microsoft.

Naturally, it's a scam - and it looks like it's back yet again. Here's what's currently doing the rounds:

mpt1.jpg

"Your lucky winning number falls within our Africa booklet
representative in West Africa as indicated in your play coupon,"


Yes. Of course it does.
As many of you probably know, I like my videogames. I also really like videogames where you get to shoot thousands of crazed zombies in the face, with a pump action shotgun. With that in mind, I was particularly interested in a collection of files that surfaced about a week or so ago, in relation to the popular videogame Left 4 Dead.

See, in theory it's supposed to be extremely difficult to mess around with XBox videogames. You might be able to exploit a few glitches here or there, but actually altering the game itself? Sorry, no can do.

Except....it's not quite that straightforward. Someone decided to hook their PC up to their XBox360, take files from the XBox Hard drive, patch them with custom-built software that looked like this:

l4d2.jpg


......and then put the altered files back onto the XBox Hard Drive. Once this was done, the game was open to all sorts of abuse. You could make the characters giants, spawn thousands of guns, generate an endless amount of zombies, fly.....you name it, it was probably do-able. The exploit was quickly fixed, and the files are now supposedly useless.

However.

The bit that really interested me was that in many threads on unrelated forums, some people were claiming that using these programs on their PC had resulted in Steam accounts being stolen.

Despite testing these various programs for what seems like an age, I'm no closer to having my Steam account stolen than I was last week. It's possible that people are having their Steam account taken via an unrelated method, and in the rush to work out the cause this hack / mod is taking the fall. With that in mind, if anyone reading this tried the above hack (or knows someone that did) and you think your account details for Steam were taken as a result of using these files, please leave a comment and let us know exactly what happened.

More Habbo Fakery...

| | Comments (0)
fifp0.jpg

Whenever I see a video on Youtube that repeatedly urges me to "visit a link" in relation to Habbo, I'm naturally suspicious. As it turns out, to fool people into handing over their Habbo logins, all you need to do is pretend you've created an awesome program that manipulates every aspect of Habbo you can think of....

fifp1.jpg


fifp2.jpg

...and then post up a link to a third-party website. Once you enter your login details, you'll gain access to the wonderful program.

Honest.

No doubt a lot of people have fallen for this already, but if they'd only taken the time to examine exactly where the .tk domain redirects to....

fif1.jpg

..."Fishingisfun"? Call me suspicious, but I don't think I'll be entering any login details onto that website anytime soon...
According to this article in Globes Online:

Sources inform ''Globes'' that online media company Zango Inc. has closed its R&D center in Tel Aviv and fired all 50 employees. In June, the company laid off 75 employees, including 20 in Israel because of a drastic slide in the number of users and revenue, which forced the company to revamp its business plan.


There's a little more information here at the Zango blog.
If you like shooting zombies in the face - and who doesn't - then you may well have already purchased Left 4 Dead, a videogame pitting four survivors against a relentless zombie horde.

Well, it appears to be a popular target for scammers. An EMail popped up in my mailbox over the weekend, claiming I'd received a "guest pass" that would let me play the full game "for a limited time". Here's the mail in question:

fake4dead.jpg
Click to Enlarge

"The steam support has invited you to use a free guest pass for Left 4 Dead on Steam, the leading digital distribution platform for PC games.

Once you've installed Steam (or if you already have an account) click here to accept steam supports invitation to a full game of Left 4 Dead."


Of course, the link for the "guest pass" doesn't take you to an official site - it takes you to

steampovvered.co.cc (note that's steampo v v ered, NOT steampowered)

At that point, if you enter your Steam password, you've potentially lost it for good. The site is currently offline, presumably because it's already been reported ("This domain is under examination at the moment, it will be finished within 24 hours"). However, there are probably more Phishing scams out there attempting to capitalise on the popularity of this particular game.

Now if you'll excuse me, I have to prepare for the coming Zombie Apocalypse...
Yes, our least-favourite Facebook "friend" is back on the scene, infecting PCs as it goes. This time round, the scam involves taking you to a fake Youtube page (that actually looks more like a Myspace player...doh), claiming it's a "Secret video from Tom". Click the video, download the supposed "Flash player update" and run it to ruin your weekend.

If you want to go down a different route however, when you see a message like this from your friend:

kf1.jpg
Click to Enlarge

Delete it, and let your friend know they have a problem that needs fixing in a hurry! As you can see, most of the messages in this latest wave play on the fear of being seen in "mysterious" videos being spread across the web. The main one being publicised at the moment is a message with the title 'You look just awesome in this new movie.' However, there are plenty more variations out there - the one above, for example, says "Don't worry; the whole Net will see this video".

For the curious, the fake video player page will look something like this:

kf2.jpg
Click to Enlarge

We detect this as Koobface, rather unsurprisingly!


Here's a fairly typical website (giveawaycafe.co.uk) designed to give you "free" vouchers worth 250 GBP, in return for signing up to a number of offers. Typically, these offers could range from taking out a trial with EMusic to signing up to a bookclub for a year. So far, so good, nothing particularly sinister. Look, there's a smiling woman on it and everything:

gwc2.gif.jpg
Click to Enlarge

However, I must admit I was rather surprised when I checked out the Terms and Conditions after a friend mentioned the site to me. From the T&Cs, under the heading "Marketing Partners":

If you have indicated your consent to receive marketing messages, we may share, license or sell your information to third parties for various marketing purposes, including their online (e.g., e-mail marketing) and offline (e.g., telemarketing, cell phone text messaging, skip tracing (emphasis mine), and direct mail) marketing programs. If you would like to be removed from these programs at any time, click here and follow the opt-out instructions.

Note that they don't mention who these marketing partners would actually be, but enough about that. What is skip tracing? From Wikipedia:

Skiptracing (also skip tracing) is a colloquial term used to describe the process of locating a person's whereabouts for any number of purposes. A skiptracer is someone who performs this task, which may be the person's primary occupation. The term comes from the word "skip" being used to describe the person being searched for, and comes from the idiomatic expression "to skip town," meaning to depart, perhaps in a rush, and leaving minimal clues behind for someone to "trace" the "skip" to a new location.

Skip tracing tactics may be employed by debt collectors, bail bond enforcers (bounty hunting), private investigators, attorneys, police detectives, journalists or as a part of any investigation that entails locating a subject whose contact information is not immediately known.

Effectively, social engineering tactics in the real world used by people who hunt potential criminals down for a living. Here, people are giving permission for nameless third parties to leave that same option open, in return for some gift vouchers.

Records that "skiptracers" use may include phone number databases, credit reports (including information provided on a loan application, credit card application, and in other debt collector databases), job application information, criminal background checks, utility bills (electricity, gas, water, sewage, phone, internet, and cable), social security, disability, and public tax information. These methods don't break any law because the information is freely available due to the nature of the business, whether it be debt collectors, bounty hunters, or other "skiptracers".

Anyone else think this is hugely OTT? When did advertisers decide to start policing / tracking their customers in such a potentially heavy-handed manner?

Couldn't we just go back to the occasional mailshot instead?

This was sent to a colleague of mine a day or so ago from one of her friends on Facebook:

fs1.jpg
Click to Enlarge

The text reads:

"It has come to our attention that some people are using facebook for purposes other than that for which it was intended. Certain people have been using software called "post bot". Therefore we will require that you forward this to all your friends. We will then log your account information to separate you from the people that are running automatic post bots on our site.

If you fail to forward this, it may mean that your account will be banned.

Thank You
Facebook Staff"


This is (of course) a chain letter doing the rounds on FunSpace. When I tried it, I got this:

fs2.jpg

...so at least someone is keeping an eye out for these things. Rest assured, if you see a message like this sent to you via a Facebook application, you can safely delete it. Nobody is going to come knocking over fictitious threats related to "posting bots".

This is a particular favourite of Phishers - a page claiming to give you free Microsoft Points for XBox Live, only to take your login and do what they want with it (which could range from using the credit card stored against your account to buy lots of games you don't actually want to just trashing your gamer profile).

With that in mind, then, here's the offering for today:

freemspoints4all.blackapplehost.com

step1.jpg
Click to Enlarge

The "3.1" in the bottom right hand corner is particularly humorous. Anyway, hit "Click here" and you're taken to a standard fake Live login page:

step2.jpg
Click to Enlarge

If the unwary visitor should enter their details, some code in a .php file will stash the login for the Phisher to grab later while immediately redirecting you to the following (entirely fake) message on a blank page:

step3.jpg
Click to Enlarge

If you get to the stage where you see this message, you should be thinking about logging in as quickly as you can and changing your password. Top tip for the day - any website that offers "Free Microsoft points" should be avoided like the plague. I've yet to see a genuine one, and I think I can safely say I'll be waiting for quite some time before I do...
I recently posted about this, regarding videogamers inexplicably spamming a moneymaking link to all their friends.

The same site is being posted to everything from Reddit to Digg, and assuming this isn't the grandest "hack every type of account known to Man and post autospam from it" scam I've ever seen (which is unlikely), we have to draw one conclusion - half the Internet has taken leave of their senses in the mad rush to see some incredibly tame pictures of a semi-naked woman.

It's a conclusion that has a fair amount of evidence lying around to back it up - here's an explanation from someone who posted it to a forum, only to have their original post edited by a Mod:


seetherest.jpg
Click to Enlarge

"I'm just really shallow and want to see the rest".

...amazing that people are so eager to post this everywhere when if they really wanted to, they could see as much naked flesh as they want in about three seconds or less. Apparently it's easier to annoy your friends with spam and ruin your reputation on forums you've been on for a long time.

Whoever came up with this idea must have a swimming pool filled with money.
Someone, somewhere has decided to make a lot of money and apparently use gamers to achieve that goal. How are they doing this? Well, the last couple of days a certain weblink has been appearing on numerous gaming websites and forums.

emil1.jpg
Click to Enlarge

"Rumour has it "Sexy" Emilie is being cast as a fifth character replacing one who will die for new downloadable content already planned for 2009! Her site even has a story on it!

sexyemilie.com"


There are two strange things about this spam. The first is that it's not the usual "Click here for pills" spambot speak - it's relevant to the forum it's been posted to, a real live person has sat down and typed it out. The second is that it isn't "one post and you're banned" spam accounts posting the link - in most cases, it's people who have been on their respective forums for some time (the person posting above is on the official XBox forums, and has a high gamerscore and reputation).

The accounts haven't been hacked - people are willingly posting this link up. Each time the link is posted, people are attaching an affiliate link which is even more suspicious. Visit the site, and we see some rather clever tactics being employed. At first, it looks like any other "Check out these pictures of my ex-girlfriend" porn website:

emil2.jpg
Click to Enlarge

However, scroll down and you see eight of these boxes:

emil3.jpg
Click to Enlarge

And this, which gives the game away:

emil4.jpg
Click to Enlarge

If you want to "see more", you have to send the link to as many people as possible. According to the text, more pictures will be unlocked as people click your link to reach the page - however, this is where it all starts to fall apart. It doesn't matter how many times you click the link from any of the sites it's been posted to - the counter that tells you "how many of your friends already clicked the link" always said zero for us when testing. Regardless of what the page says, you can hit F5 as many times as you like and it never goes up.

Despite this, there's a counter at the bottom of the page that says the number of people who've been there today is "204,781".

emil5.jpg

Over two hundred thousand people have been there, and not one person has arrived via these spammy affiliate links? Does that sound plausible?

Of course not. The gimmick is that the creator of the site is hoping people don't want to wait for pictures that will likely never actually reveal themselves (they certainly won't when the counter registering clicks doesn't seem to work), and phone up a $2.50 1-900 number to get a "special access pass".

emil6.jpg

Interestingly, when we visited the page via a proxy, we were randomly presented with a page displaying all ten images - presumably this is the page shown to the user if they're willing to phone and pay up.

Also of note is the following:

"Hot tip:  If you use ICQ, MSN, AIM, and other instant messengers to send your personal link to your friends, you will have the video in no time!"

If you see this site sent to you via a friend on Instant Messaging, don't worry - they haven't been hacked, they've just been convinced that sending this URL to all their friends is a good idea. The reality is that someone, somewhere decided to exploit gamers to go spread this link virally, and they're practically falling over themselves to promote it.

emil7.jpg

The site is now inevitably starting to move away from gaming sites and into other areas -
it's being posted to everything from Yahoo Answers ("Can you please tell me what sexyemilie.com is? my friend keeps telling me to go there but I don't what what it is, even though I have an idea") to Twitter (note the person who posted it there is a gamer too).

People will try to justify posting it:

emil8.jpg

...sadly, they're missing the point. People don't find the website "offensive" because they lack a sense of humour; they find it offensive because gamers are silly enough to keep posting it while making someone a lot of money at the same time. At this point, we're not sure how they convinced a whole bunch of gamers to start posting this link everywhere - but it definitely seems like a tactic that's paying off...

About this Archive

This page is an archive of entries from December 2008 listed from newest to oldest.

November 2008 is the previous archive.

January 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.