Results tagged “Spam” from SpywareGuide Greynets Blog

Targeted Spam Ahoy

By
Christopher Boyd
on October 15, 2009 3:49 PM |
ftspamz1.jpg
Click to Enlarge

We're currently seeing a lot of reasonably clever targeted spam, which claims to be from the admins of your mailing service, customer / technical support etc with a rather convincing "we've updated your settings, click here to apply" blurb below it. Quite a few people at FaceTime had one (or more!) drop into their mailbox last night and today, and it's definitely doing the rounds. None of the links I've seen so far appear to be live, but if you hover over the live link in the mail you'll see domains like

nerrasssu.eu
oikkkkuy.eu
nerrasssp.co.uk
nerrassso.eu

As every domain I've seen so far appears to be offline I've no idea if these are attempted phish attacks or involve malware, but you might want to let people in your office know that these things are floating around. You'd be surprised how many smart people will happily trust a mail like this and click, click, click away...

/ Update - these domains are related to the Zeus Trojan, and should be treated with caution. Thanks to Kurt Wismer for the heads up.

Tags:

Spambot Fail

By
Christopher Boyd
on September 14, 2009 7:00 PM |
sbtfail.png

....whoops.

Hat-tip to Kevin Church for spotting the Bot!

Tags:

The Unfriendly Friend Request Part 2

By
Christopher Boyd
on September 7, 2009 10:16 AM |
Remember this spamming program? It seems someone decided they really needed MORE SPAM EVERYWHERE. With that in mind, a modified version of that application now lets you send infinite spam messages to up to four people at once.

spmz10101.jpg
Click to Enlarge

I've heard somebody devided to go one better, and there's now a tool that spams five lucky individuals. Wonder when we'll hit double figures...

Tags:

The Unfriendly Friend Request

By
Christopher Boyd
on August 28, 2009 2:04 PM |
Today we're going to look at a malicious program that seems to take its cue from the Facebook Freezers I've written about previously. In those cases, the aim is to get a Facebook account banned by repeatedly entering an incorrect password into the login form. Here, the intent is to make using your XBox the most annoying thing in the world.

Here is the program in question:

xboxfriend1.png

Don't be fooled by the whole "friend" thing. This is not your friend. Or at least, it isn't if it's pointing directly at you. Assuming the attacker fires it up - and they're not going to leave it sitting on the desktop doing nothing - this is what they'll see:

xboxfriend2.png

"Friend request spammer"? This isn't going to end well, is it? Sure enough, simply type in the name of the XBox Live user you want to target on the left, login to XBox Live with your own account using the button on the right and you can begin your mischief. We should see what some of those other buttons do first, though - let's check out the Avatar and Gamercard buttons. In any other program, these might be handy features - but given the "spam attack" nature of this executable it all takes on a slightly creepy stalkerish vibe.

With the Avatar Searcher, you can call up an image that the target uses as their Avatar on XBox Live, additionally giving you the ability to save said images.

Why would you do want to save these images? Who knows. Perhaps printing them out and pinning them to your wall, serial killer style is all the rage these days.


Avatar Searcher, originally uploaded by Paperghost.

The Gamercard Searcher performs a similarly creepy function, grabbing a list of your most recently played games and your gamerscore. Perhaps the potential spammer really wants to cackle with glee over every aspect of your gaming life before trying to ruin it.


Gamercard Searcher, originally uploaded by Paperghost.

Anyway, let's get to the reason we're all here - spamming. And lots of it.

Assuming the attacker knows your Gamertag, once they hit the "Spam" button, as long as your XBox is online you'll see a friend request appear at the bottom of your TV screen:

Rapidfire Spam Requests, originally uploaded by Paperghost.


Imagine your dismay, then, when it turns out the attacker has gone out for coffee, a hot date and a night on the town leaving the Friend Spammer switched on. It's not long before your mailbox notifier is repeatedly telling you that something is going horribly wrong:


My inbox, it's under fire, originally uploaded by Paperghost.

8 friend requests from the same person in about 30 seconds. Before the first minute is up, your XBox Live mailbox looks like this:


16 messages in under a minute, originally uploaded by Paperghost.

While it's somewhat touching that this person wants to be your friend so badly, it isn't doing your sanity - or your connection - much good. Based on comments we're seeing on numerous Youtube vids & hacking forums related to this program, the effects range from lag to the XBox dashboard slowing to a crawl or crashing altogether (mine didn't crash, for the record although it did become a little jerky when navigating menus). Additionally, some people report not being able to block communications with the spammers due to this happening when they try to do it:

xboxfriend8.png

...whoops.

Going into "Block Communications" will stop the messages from the user sending them to you (as long as you don't get the above error message) but one popular tactic seems to be queuing up multiple spam accounts in Virtual Machines then hitting you with a never ending series of spam messages. It seems setting your status to "Away" will also block these unwanted messages wholesale, so you might want to try that.

Hands up who else preferred it when gaming was just about shooting things in the face?

Tags:

Fake Retweets Lead To Spam

By
Christopher Boyd
on July 29, 2009 10:49 AM |
Fake Retweets aren't particularly new, but you might not have seen them before. In a nutshell, there is nothing stopping you on Twitter from placing "RT" at the start of a message then putting in whatever user you feel like after it. For example, if someone wanted to make it look like I was on a drunken insult rampage:

paperstinky1.gif

Of course, I never said that - and for a follower of mine to see this message, they'd have to be actively looking for "@paperghost" messages in the search feature so the chances of being horribly offended are slight. However, we can step it up a notch (with the permission of Rik Ferguson who agreed to let me use him for this next bout of fakery):

stinkyghost2.gif

...whoops. If I'm not someone who bothers to check the authenticity of a Twitter message, then I'm now chasing Rik Ferguson with a baseball bat under the misguided notion that he's smacktalking my mother (actually, he's taller than me so I'll probably just settle for pulling angry faces at the screen).

With that in mind, I saw this pop up in my Twitter feed earlier today:

fakeghostrt1.gif

...as you probably guessed, I didn't say that. Neither did any of these people:

fakertsspamz.gif
Click to Enlarge

What's the idea? Well, take a look at the links in the above screenshot. The profile is designed to lure Twitter users in with fake retweets (either the person being "retweeted" themselves, or users who follow mentions of that individual and are curious what they're supposedly talking about) and then hope they click one of the many spam / promotion links.

The fake retweets are quite crude, but with a little tweaking they could perhaps make the fake retweets more controversial or include a URL link with the fake message which would probably increase the clickthrough rate.

Remember - if something looks a little odd about a message sent out on Twitter from a contact, check with them that it's the real deal first...

Tags:

A Cure For Swine Flu?

By
Christopher Boyd
on June 3, 2009 9:21 AM |
Sadly, no. It is, however, a rather popular bit of Youtube chain letter comment spam currently doing the rounds:

sflu1.png

Sadly, touching your nose while saying a name isn't likely to be adopted by the World Health Organisation anytime soon...

Tags:

"Halo 3 Recon Armor" Chain Letter Spam

By
Christopher Boyd
on May 11, 2009 4:18 PM |
Not so long ago, I wrote about XBox Live Chain Letter Spam, and how it suddenly seemed to be the cool thing to do. Well, here's an interesting example of how unfounded rumours + pretty pictures = hours of wasted fun for all the family.

Halo 3 is one of the biggest titles on the XBox console - if you've never heard of the game, click here while the rest of us wait for you.

All done? Good.

One of the most intriguing features of the game is the ability to save screenshots & videofiles to allocated storage space provided by the game maker, then share those files with other gamers. It didn't take long before people started to abuse this system through a combination of believing anything they were told and the desperation produced by wanting something (almost) nobody else has.

The rare item in question here would be Halo 3's mythical "Recon Armor" - an insanely rare item given only to Bungee employees and people who perform near miraculous (or just stupidly impressive) feats ingame. To give you an idea of how coveted this ingame item is, here's a 583 page thread (!) dedicated to finding out how to get your hands on it.

Anyway.

It didn't take long before some jokers decided to make this armor the "feature" of endless chain letter spam taking advantage of the file sharing functionality.

Your XBox Live account can send and receive messages to other users, much like the PM system of a forum. Quite a lot of people - those who play Halo 3 all the time and those who have never touched it in their lives - will have been sent a message like this over the past couple of months, entirely out of the blue:

halrec1.png

...enigmatic, right? It becomes even more curious when after trying to read this message, you see the following:

halrec2.png

It's a good job I have Halo 3, or this would be a rather short writeup.

After digging out the disc, inserting it into the console and firing the game up I eventually worked out how the file share system works. Here's the body of the message I was sent (excuse the quality of the next few images, they're photographs of my TV screen):

halrec3, originally uploaded by Paperghost.

Note at the bottom it says "Check out this film clip". If you hit the "Go to" link, you'd sit through thirty seconds of pointlessness and wonder why you'd bothered, or (if the link was for an image) you'd be left with a pretty (but pointless) picture.

What were the film clips? Well, I can't show you those but I *can* show you the image spam, and once you see them this will all make sense:

halrec4, originally uploaded by Paperghost.

"If you recommend this to 50 people, you get Recon Armor".

As you probably already guessed, spamming these images to 50 people does NOT get you recon armor. It does, however, make you remarkably unpopular. There are a lot of variations on these image spam messages, here's another one:

halrec5, originally uploaded by Paperghost.

"Recommend this to 100 people to get Crystal Armor".

Well....as long as it's crystal.....

Tags:

"900": Chain Letter Spam Comes To XBox Live

By
Christopher Boyd
on April 25, 2009 9:57 AM |
If you use Facebook, Myspace or any other Social Networking site you'll no doubt be familiar with messages like this and this. typically, they all involve sending them to an endless stream of participants, lest you suffer bad luck in the form of being hacked, losing your job, dying horribly or being stalked by vengeful ghosts for the rest of eternity.

Of course, it's all nonsense.

Well, illustrating that you're not safe from these kind of chain letters regardless of which digital domain you happen to use, here we have multiple instances of chain letters making their way to the XBox Live gaming network.

Over the past few days, large amounts of people are reporting being sent messages from both friends and complete strangers over the XBox Live messaging system that contains nothing other than this:

ms9001.JPG

...enigmatic, isn't it?

However, it's not too hard to figure out. The symbol under the 900 is the symbol Microsoft uses for Microsoft points, which can be used to buy downloadable games / movies and music for the Zune player. Some wonderful individual has decided to spread word that if you keep sending the above message to people over XBox Live, then your account will be credited with 900 Microsoft points.

As you can imagine, there's more chance of winning the lottery ten times in a row without actually ever playing.

I look forward to being sent messages about viagra pills and rolex watches via XBox Live in the near future...


Tags:

Stop: Spammer Time

By
Christopher Boyd
on April 9, 2009 1:30 PM |
Awful title gag aside, it seems someone is having a little fun in MSN Messenger land.

They've gone out and phished a number of accounts, then added all the people on their contact lists into one single file available to download.

msnhrsz1.jpg

Why? So you can add all 976 of them to your contact list then start spamming / harassing them.

msnhrsz2.jpg

Of course, the "MSN harassment list" has one fatal flaw - you don't HAVE to accept that random friend request that just popped up on your desktop.

So don't :)

Tags:

Meetyourims.com - Spamtacular

By
Christopher Boyd
on April 5, 2009 2:25 PM |
It's yet another "login here to send all your contacts endless amounts of spam" website. This one is called

meetyourims.com

...and looks like all the other ones.

meeturim1.jpg
Click to Enlarge

Created on the 3rd of April 2009, there's also a curious addition to their (always changing) Terms & Conditions:

"You also understand that by temporarily accessing your msn account, CSS Management Inc. is NOT agreeing to MSN's terms of use and therefore not bound by them."

Comical...

Tags:

The Life And Death Of A Twitter Spammer

By
Christopher Boyd
on March 23, 2009 7:10 PM |
Say hello to "owOHRJ" - or as she likes to call herself, "Lauren".

owohrj1.gif

Lauren is part of a very particular digital plague - those wonderful spammers on Twitter who just cant wait to tell you about their "Free laptop, LOL".

By a strange quirk of fate, I was there moments after her creation and I would be there to witness her somewhat unspectacular demise. Here is the account, roughly ten minutes after it entered our digital world:

owohrj2.gif

Already, Lauren is busy following 149 people, and has picked up a solitary follower. Let's skip forward to her teenage years - roughly 20 minutes after being created:

owohrj3.gif

My, Lauren has been busy! She's pulled in a few more followers, but the amount of people she's going to follow is about to explode as she races headlong into middle age, some 35 minutes after the account went live:

owohrj4.gif

She's now bumped her followers to 20, and is chasing 812 people around Twitter. No doubt they've all been told about her free laptop, LOL. However, a bit of old age seems to be creeping in. We all have to slowdown sometime I guess, which would explain why...

owohrj5.gif

....she's still in the 800 range with roughly 45 minutes used in the name of spamming. Unfortunately for Lauren, the knees are going, the eyesight isn't what it was and then...

owohrj6.gif
Click to Enlarge

....the Great Banhammer From the Sky rains down upon her head.

However, with forty odd minutes on the clock and 800+ people now thoroughly sick of the word "laptop" I think our spamming friend has earned a trip to the next life.

With any luck, it'll be the one with all the brimstone and pitchforks...

Tags:

Twitter Blasted By Spam

By
Christopher Boyd
on March 14, 2009 6:54 PM |
You might not have heard of this "marketing tool", but Twitter Blaster is helping to generate a fair few messages that have a distinctive spammy look about them.

Here's an example of a marketing scheme cooked up with the aid of said tool.

First, the hook:

twitblast1.jpg
Click to Enlarge

Over $5,000 of free stuff just for sending out a message on Twitter? Sign me up!

Hit the "Click Here" link, and you're taken to this:

twitblast2.jpg
Click to Enlarge

As you can see, you're asked to enter your Twitter login details and the message you'll send is displayed in the "Message" box. This particular promotion seems to change the message every few days. There's also a pre-ticked box to follow the person who set the campaign up on Twitter.

This is smart for a number of reasons. Firstly, the campaign owner can see at a glance a good idea of how many Twitter users have sent out his message. Secondly, he can then send those people messages about other promotions at a later date. I'm willing to bet the people who submit their details to these kinds of things are unlikely to untick the checkbox. Also:

"We promise that your details are NOT stored anywhere on our servers".

There is, of course, no way to know that for certain with any of these websites. Moving on, once you hit the "Download Now" button you're taken to a page full of offers and freebies (to be fair, the example given above seems to link to genuine offers, if a little drawn out and stuffed full of link clicking and hoop jumping) and your profile sends out something like this:

twitblast3.jpg

Can't say I'd be hugely impressed if a contact sent me a message like that on Twitter. Are some (potentially useless) freebies worth losing a pile of followers?

Probably not. We'll likely take a look at Twitter Blaster itself in a future writeup...

Tags:

Free Laptop Spam Swamps Twitter

By
Christopher Boyd
on March 6, 2009 4:24 PM |
Over the past few days, if you were to take a sample of Twitter messages, you'd see a lot of increasingly annoyed people mixed in with inane laptop spam:

laptoplol1.jpg
Click to Enlarge

The site at the heart of this:

freestuff-now.info/cg2.html

...is a fairly typical "get a free laptop / phone / whatever" URL, and given the incredibly spammy nature of its promotion it seems fair game to advise avoiding it completely. Check out the fresh wave of spam messages from multiple accounts popping up on Twitter even as I'm typing out this blog entry:

laptoplol2.jpg
Click to Enlarge

If you're wondering, the spam accounts all pretty much look like this:

laptoplol3.jpg
Click to Enlarge

It's a little depressing that the spam profile above already has 148 people following it. Someone at Twitter needs to try and get a grip on this one before every other message sent out is FREE LAPTOP, LOL.

Tags:

Fake "Blocked By Mail Filter" Messages

By
Christopher Boyd
on January 10, 2009 10:19 AM |
A clever tactic used by spammers to get you to click their links: send an official looking email saying you "unsubscribed" to various services. If enough of them are sent out, eventually you're going to send them to someone who immediately wonders how they managed to unsubscribe from their favourite website / newsletter / whatever.

fakeunsub1.jpg
Click to Enlarge

In this case, hovering over the "Unsubscribe" hyperlink shows that it'll actually send you to

radiovary.com

Which is a fairly typical Viagra website:

viag1.jpg
Click to Enlarge

As always, be suspicious of random "Unsubscribe" messages sent via EMail. If in doubt, hover over the links and check the address it leads to at the bottom. If you're still unsure, just ignore the email and go directly to the website in question. The site here is fairly harmless, but the same technique could easily be applied to email address harvesting and sending you to infection sites.


Tags:

More MSN Login Harvesting...

By
Christopher Boyd
on November 27, 2008 7:51 PM |
Here we have the latest in a long line of scam sites wanting your MSN Login details so they can send URLs to everyone on your contact list. Here's a screenshot of one such message:

cpi1.jpg

Click the link, and you're taken to

crazy-party.info

cpi2.jpg
Click to Enlarge

Interestingly, the previous set of websites (all six billion of them) were supposedly run by a company in Panama, but as you can see here, the site was actually controlled by a group in China with ties to all sorts of dubious practices. This time round, the company isn't named as "TST Management", but "TP Limited". The information on the Whois data shows the site was registered fairly recently (7th of November 2008), and is registered to "Topyaa".

I'm sure we haven't seen the last of these...

Tags:

"Buy Cocaine" Spam

By
Christopher Boyd
on November 19, 2008 7:16 PM |
I've seen the following rather freaky spam on Blogs quite a bit lately:

bck1.gif

...yes, that does say "Buy cocaine".

Click the link, and:

bck1.jpg
Click to Enlarge

"Second thing that make our legal cocaine special is that risk free for you.Absolutelly no side effects and any dangerous after party effects.You can use cocaine absolutely free witout any problems.Just take your cocaine online and forget about everything just party star."

...um. Click yet another link, and you're taken to a vaguely surreal website with animated dancing characters all over the place, grooving to a terrible loop of what they probably hoped sounded a little like a rave in a nightclub (it doesn't):

bck3.jpg
Click to Enlarge

It turns out that this "Cocaine" is actually just a mish-mash of various chemicals that are supposedly harmless, though some of the Wikipedia links I've added do make me wonder a little:

Guarana      200 mg
Hawaiian Baby Woodrose     100 mg
L-Tyrosine     100 mg
Passion Flower     50 mg
Caffeine     50 mg
L-Arginine     50 mg
Green Tea     10 mg
Niacin     8 mg

I'd have thought you'd need to be insane to throw that lot together, but oh well. The person dropping these links has quite a lot of sites doing the rounds at the moment:

ck0.gif
Click to Enlarge

It's somewhat bizarre that "Hangover cures", "erection aids" and "anti aging cream" are mixed in with "Free party drugs", "Legal Cocaine" and "The Party Pills Shop" - I guess they'd probably need it after all those supplements and pills.

I'm alarmed to think that people still continue to sell things like this online because there are people out there willing to actually buy it. If you really want to take a chance and buy some random pills touted as a "legal form of cocaine" by some guy in Afghanistan dropping spam links on the net, then I'd suggest skipping Rehab and making do with the Asylum instead...

Tags:

Twitterspam...

By
Christopher Boyd
on November 10, 2008 8:13 AM |
This is fairly typical Twitterspam that's been seen doing the rounds since yesterday:

zsp1.jpg
Click to Enlarge

Click the link, and you're taken to a "sign your life away for a free laptop" deal:

zsp2.jpg
Click to Enlarge

What's really bizarre about this particular piece of advertising is that if someone tries to access this offer from outside of the US, a message will appear saying "Redirecting to an offer in your area" and instead of a free MacBook offer, you're taken to....

zsp4.jpg
Click to Enlarge

...Zabasearch, a US-centric people finder website. I'm sure there's logic in there somewhere, but I'm still trying to work it out. The account is now suspended, but not before it managed to pick up around 175 followers.

Whoops...

Tags:

Smart Alteration To Suspended Twitter Accounts

By
Christopher Boyd
on October 16, 2008 9:26 AM |
After yesterday's influx of Twitter spam, I couldn't help but notice that the freshly suspended accounts all looked like this:

twitcanx113.gif
Click to Enlarge

This is a huge improvement. Why? Well, previously when a rogue Twitter page was suspended it looked like this:

twitcanx111.gif
Click to Enlarge

The problem with that was although the Twitter messages containing rogue weblinks were now gone, any URLs placed into the Profile description bar on the right were still clickable.

This was, as you might imagine, not a good thing.

Replacing the entire content of a suspended profile is a welcome step in the right direction for Twitter. One small problem - though the profile content may now be entirely inaccessible, the suspended profiles are still viewable in Profile Search. Because of this, if you happen to come across an already suspended profile that harboured infection links in the Profile description....

twitcanx0.jpg

....you can still reach the infection pages via the search option. Hopefully Twitter will find a way to scrub the infection link profiles from the search feature, too.

All in all, a good move to combat the increasing amounts of rogue profiles clogging up Twitter - and kudos to them on waving the Banhammer at so many spam profiles overnight. Quite the bloodbath, from the looks of things...

Tags:

Large Twitter Spamrun Incoming!

By
Christopher Boyd
on October 15, 2008 3:35 PM |
All I've seen on Twitter this morning are comments regarding the absolute bombardment by Spammers promoting anything and everything they can think of (including porno sites). I had one follow me earlier too, which is unusual because I don't tend to get many spam followers (feel free to add me on Twitter, by the way).

The sites promoted are everything from ringtones and dating portals to porno, social networking sites and car insurance adverts.

Looks like someone bought Little Jimmy his first Spamming set as an early Christmas present...

Tags:

Interesting Example Of RSS SEO Spam

By
Christopher Boyd
on May 19, 2008 7:12 AM |
Comic writer and commentator Kevin Church notes a particular kind of spam attack over at a well known comics blog. Hadn't actually seen this in action before...

Tags:

More Skype Spam Promoting Rogue Antispyware

By
Christopher Boyd
on March 6, 2008 7:32 AM |

It seems Skype Spam promoting rogue antispyware tools is still going strong. This was sent to a colleague of mine yesterday:

soft_alarm.gif

Never visit the sites promoted by these kind of tactics. A world of popups and pushy marketing tactics will be unleashed upon your desktop if you do.

Tags:

Laziest Spam Ever

By
Christopher Boyd
on December 31, 2007 11:35 AM |

I guess the people behind this missive were too full of Xmas leftovers or something, because instead of plastering links all over the place, they're letting the forum regulars do all the hard work instead:

super_lazy_spam.jpg

That's right, YOU'RE supposed to "provide details" of XRumer (King of Spamming programs), which is sort of ironic considering the forum spammer likely used XRumer to post these messages in the first place.

http://blog.spywareguide.com/upload/2007/12/xrumakthebest-thumb.jpg
Click to Enlarge

231,000 results for the guy posting the spam message? I guess we can see XRumer really does work, though that's not exactly comforting....

Tags:

Stock Trading Spam Hits Flickr

By
Christopher Boyd
on December 19, 2007 1:49 AM |

Here's an interesting spam gimmick - do a search for something in Google / Yahoo / whatever:

http://blog.spywareguide.com/upload/2007/12/flickr_stock_spam_search-thumb.jpg
Click to Enlarge

.....meanwhile, the bad guy has stuffed a bunch of keywords into a Flickr screenshot page, then inserted one of those wonderful stock trading spam messages into the screenshot area. When people arrive at his Flickr page, they see this:

http://blog.spywareguide.com/upload/2007/12/stock_spam_flickr70-thumb.jpg
Click to Enlarge

....awesome. In fact, this particular profile is stuffed to bursting point with keywords galore leading to yet more trading spam...

http://blog.spywareguide.com/upload/2007/12/stock_spam_flickr_two-thumb.jpg
Click to Enlarge

......and a pile of Viagra / cheap software garbage, too:

http://blog.spywareguide.com/upload/2007/12/final_flickr-thumb.jpg
Click to Enlarge

What site will the spammers ruin next?

Tags:

Security Monitor Spam Continues

By
Christopher Boyd
on September 26, 2007 2:20 AM |

A while ago, I wrote about Spammers using Skype to send unsuspecting users messages that their "copy of Windows needed updating", only to be taken to a page promoting a rogue antispyware tool.

Well, it looks like they've returned, ditching their old usernames (security.monitor.noXX) in favour of

(security.monitor.njXX)

http://blog.spywareguide.com/upload/2007/09/secmonreturns-thumb.jpg
Click to Enlarge

As you can see, there are currently 21 of these accounts in Skype User Search. Do yourself a favour and ignore any messages from these accounts.

Tags:

Skype Spammers Promoting Rogue Antispyware Tool

By
Christopher Boyd
on September 14, 2007 2:08 AM |

There's an interesting bit of activity taking place on the Skype network lately. In fact, it seems to have been around for a couple of months in various guises, but things really seem to have taken off recently for this particular scam if the amount of complaints on forums and blogs is anything to go by.

Want to take a look?

Sure you do. If you happen to go searching on the Skype userlist, you might happen to come across something similar to this:

http://blog.spywareguide.com/upload/2007/09/secmon0-thumb.jpg
Click to Enlarge

That's an awful lot of people with the same username - if you happen to be using Skype and minding your own business, you might be surprised to find that the following text message is sent to you:

http://blog.spywareguide.com/upload/2007/09/secmon1-thumb.jpg
Click to Enlarge

As you can see, the message reads:

"WINDOWS REQUIRES IMMEDIATE ATTENTION
============================

ATTENTION ! Security Center has detected malware on your computer !

Affected Software:

Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Your system IS affected, download the patch from the address below NOW!"

Anyone clicking the link in the screenshot will actually be taken to a "patch" that (mysteriously) neither looks like a patch or indeed comes for free.

http://blog.spywareguide.com/upload/2007/09/secmon2-thumb.jpg
Click to Enlarge

....oh dear, that doesn't look good...

http://blog.spywareguide.com/upload/2007/09/secmon3-thumb.jpg
Click to Enlarge

That's even worse - because I have three entirely non-existent threats on my PC. However, if I decide to "remove" them....

http://blog.spywareguide.com/upload/2007/09/secmon5-thumb.jpg
Click to Enlarge

....my "patch" suddenly costs $19.95. "Scan & Repair Utilities" is on the Spywarewarrior Rogue Antispyware List. Steer clear of these messages and never download anything sent to you by random contacts, whether on Skype or anything else.

Tags:

Bored Spammers

By
Christopher Boyd
on August 21, 2007 3:39 AM |

You know, if you're a spammer then sure - you can be fancy and innovative and send your PDFs and your FDFs. But sometimes, it all gets too much. What do you do? Easy, take your foot off the gas and simply send me a URL which leads to....

http://blog.spywareguide.com/upload/2007/08/yfinance-thumb.jpg
Click to Enlarge

....a page on Yahoo Finance. Guys, please - you're just not trying hard enough this week...!

Tags:

Spam That Can't Make Its Mind Up

By
Christopher Boyd
on August 13, 2007 10:34 PM |

I think this EMail has some identity issues it needs to resolve. The top of the mail is designed to look like it's from EBay:

http://blog.spywareguide.com/upload/2007/08/ebaymailscam1-thumb.jpg
Click to Enlarge

....though the pills (instead of TVs and MP3 Players) sort of give it away.

However, scroll down and just under the plethora of pills, we have...

http://blog.spywareguide.com/upload/2007/08/ebaymailscam2-thumb.jpg
Click to Enlarge

.....a collection of entirely genuine links to EBay, which will teach you all about "protecting yourself from spoof (fake) EMails".

There's humour in there somewhere.

Tags: