Thursday, October 23, 2008

SPAM sent though Skype. Spyware, malware or virus?

This message just popped in Skype chat window today:


[7:17:24 PM] Online Notice ® says: WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected malware on your computer !

Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows NT Server 4.0
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below ! Failure to do so may result in severe computer malfunction.

http://www.registryscan.cc/?q=scan

Not surprisingly, the information rendered from whois database query makes it clearer that it’s not so legitimate site, just by looking at demographics and the registration date.

WHOIS information for: registryscan.cc:
[whois.enom.com]
=-=-=-=
Visit AboutUs.org for more information about registryscan.cc
AboutUs: registryscan.cc

Registration Service Provided By: Unpicked.com
Contact: support@unpicked.com
Visit: http://www.unpicked.com

Domain name: registryscan.cc

Registrant Contact:
Andrej Kazanski
Andrej Kazanski

Pod Nahorjem 150
Referral URL:www.unpicked.com
Prague, CZ 44300
CZ

Administrative Contact:
Andrej Kazanski
Andrej Kazanski (akazanski@europe.com)
+420.2495614
Fax: +420.2495614
Pod Nahorjem 150
Referral URL:www.unpicked.com
Prague, CZ 44300
CZ

Technical Contact:
Andrej Kazanski
Andrej Kazanski (akazanski@europe.com)
+420.2495614
Fax: +420.2495614
Pod Nahorjem 150
Referral URL:www.unpicked.com
Prague, CZ 44300
CZ

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 09 Sep 2008 10:39:09
Expiration date: 09 Sep 2009 10:39:09
=-=-=-=

What is it?
It appears to be another rouge program posing as security scanner. Scam!


Tuesday, October 7, 2008

Things you need to know before even considering 1and1 as your web hosting company

For some is probably old news that 1and1 hosting isn’t the best choice around for your business hosting and it might just be worth as a fart in a windstorm. I’ve heard some even say that 1and1 hosting sucks and not to use it for anything and so on.

I have been using 1and1 since around 2001 or so and I have a couple of hosting packages with the, one so-called 1&1 Professional Linux and 1&1 Business Package which I use for static sites hosting.

I have had may hiccups along the way and tolerated them somehow, but today's experience made me realize that I need to look for a new, reliable hosting company.

One of my sites’s been running very slow throughout the day and towards the end of the day I started to get network timeout messages and internal server error 500, etc. Eventually the site became totally inaccessible. No access via FTP either.

Now, even though the affected site isn’t mission critical yet, the fact that it was down for a few hours reflects negatively on the company, not to mention that it’s bad for search engine reputation.

Major problem with 1and1 technical support:

• When calling, especially after business hours, the chances are that you get transferred to their call center in India and these guys usually are not much help, except for documenting your case, opening a trouble ticket and escalating it at best
• Naturally, they’re never able to give you any ETAs for any problems
• Oftentimes the technical support staff you interact with doesn’t seem to have much of a tech background and who don’t know what they are talking about
• A couple of times I’ve been called names other than my own while communicating with tech support and just tonight I received an email follow-up to an issue that didn’t pertain to my account. That only tells me that tech support personnel somehow mixed up my account information with other customers. Scary. Eh?

Conclusion:
Web hosting packages offered by 1and1 are surely cheap, but the quality of their technical support continues to suffer despite all of the customer satisfaction surveys that they send around after closing every trouble ticket.

You get what you pay for.

Friday, October 3, 2008

Onforce discriminatory practices???

If you never heard about Onforce, they claim to be an online platform / marketplace that connects computer repair services and IT consulting professionals with the consumers needing those services. They work across the US and Canada.

Well, we decided to give it a shot and join just to explore the endless opportunities for business growth and just for networking possibilities. We signed up back in 2007.

A part of the provider account setup process is that you add your skills, verify any pertinent computer certifications and take their online tutorials about the service. In order to have your service profile activated you have to complete their platform 101 training and exam online. In essence, this platform 101 and 102 it’s just series of simple questions pertaining to their service features, rules, etc. Surprisingly they don’t even have their own credentialing system and use www.surveymonkey.com online survey service to collect and store this info. I found this very odd, especially that they call themselves a platform.

Long story short, I added all of my pertinent computer certifications (Microsoft, Comptia) to my service profile and to my astonishment I hit a roadblock when attempting to “pass” their 102 and 102 tests!?!

I followed their procedures to the T, took their online tests though survey monkey and after having waited a week I decided to follow up since there was NO signs of any confirmation of tests. I contacted them via email and they responded pretty promptly, but the robotic email just advised to go through online training and complete the platform 101 test AGAIN!
I emailed them back asking if they had any records of my test results, but I didn’t hear back at all. Oh well.

After a week, I took the bullet and decided to take the 101 test again and in order to get to it you have to go though the tutorial again. So I took another 30-45 min to do so. Then took the test and this time around I saved the survey monkey URL, which seems to be unique.

The very next day I followed up via email simply to ask if they received results of my test, but I didn’t get any replies this time. Go figure.

Perhaps what had happened to me is an isolated incident, but based on my experiences I will NOT recommend Onforce to any IT company or individual.

Coincidently, I stumbled upon Ripoff Report website on which there’s quite a few reports from various sources about Onforce being a rip-off, not treating its members fairly. Here’s just a few heading just to name a few:


• OnForce, Computer Repair, Jeffrey Leventhal, Ripoff Does Not Pay Contractor Taken For Large Amount Of Money New York New York Internet
• Rebuttal Onforce DO NOT USE ONFORCE EVER Lexington Massachusetts
• OnForce Blows No way can you make money with them ripoff New York New York
• OnForce ripoff Shady Unqualified Techs Internet

Take a look.



Update: 10/06/2008


Shortly after making this post (less than 24h) I had received a few apologetic follow-up emails from Onforce staff offering help with activation process. Not only they offered help with expediting activation of my profile but they have also acknowledged the failure of their training authentication system.

Frankly, I was surprised how seriously the issue was taken (at least how it was expressed in emails) and how many people were personally involved to eradicate the problem. That tells me that someone listens.

It didn’t take more than 12h and I received an email from Verification stating that my Onforce profile was active and available to buyers creating Work Orders. I just wish this was a bit easier :)

Let’s see what happens next.

Tuesday, September 23, 2008

M0re of West African Scam / Nigerian Advance Fee Fraud in Internet Web Mail Frauds and Email Letter Scams

I don't know how these guys are finding me, but is just received this email:

-----Original Message-----From: Bernie Immanuel [mailto:ankringan_tugu@hotmail.com]

Sent: Tue 9/23/2008 6:11 PM
To: xxxxx xxxxxxx
Subject: Inquiry


Dear Sir/Madam,

Good day,
I have visited your website. I'm quite interested on your products.If it is possible, I would like to order from you.
Do you have stock cisco product, - Type product : Cisco 7206VXR /NPE G2 - Qty Order : 1 Unit Can you ship this order to singapore via DHL or UPS Express?And term of payment for the item mentioned above, Will you accept to a credit card for payment in this transaction? I should be pleased if you could send me your new complete price list and other information. We would be grateful if you could send this information as soon as possible. We look forward to your replay and thank you for your coorporation in this matter.

Your Sincerely,

Bernie Immanuel _________________________________________________________________

It doesn’t take a genius to figure out that's another poorly executed African email scam.

Please, at least they should have come up with some Anglo-Saxon name, like: Adam Smith or John Brown that used email me wanting to pay lots of dough for our services…lol

I thought I warn those that never seen one before.

Friday, September 19, 2008

Unable to load google home page: 403 forbidden…


Google happens to be set to my home page in internet browsers I use. This afternoon, as soon as I launched IE and Firefox I was presented with this message: 403 forbidden…

We're sorry...


... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now.
We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software.
If you're continually receiving this error, you may be able to resolve the problem by deleting your Google cookie and revisiting Google. For browser-specific instructions, please consult your browser's online support center.
If your entire network is affected, more information is available in the Google Web Search Help Center.
We apologize for the inconvenience, and hope we'll see you again on Google.

To continue searching, please type the characters you see below:
(Here goes captcha window)













Well, since I’ve never experienced this before first thing I did was to scan that very PC for virus, spyware, malware infections. Of course Symantec Antivirus says that it’s up-to-date and everything is cool.

Using alternate virus detection programs rendered the following results:

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.


Restarted PC and after that things seems to be back to normal. I'm not convinced that the malware infection found was the cause here though. Anyone has any thoughts on this?








Thursday, September 18, 2008

SK Holdings Company Ltd. Domain Registration Center scam / spam email

Last night, we received a message from Lily Chen - someone who says they’re going to try to use our domain name in China, etc. or poses as a registrar just trying to get us to contact them to have those domain names secured through their company, etc. It sounds pretty vague and shady.

After spending a few min on research it turns out that it’s poorly designed and SPAM email Made in China :) and it can be safely ignored and deleted.


Here’s the body of message:


Dear CEO,

We are a domain name registrar centre in HongKong.and in charge of the registeration in Asia.We have something important need to confirm with your company.

On Sep 17, 2008,we received a formal application form from M-Super Corp who applies to register

internet trademark:kontech

And the domain names:
kontech.asia
kontech.cn
kontech.com.cn
kontech.com.hk
kontech.com.tw
kontech.hk
kontech.in
kontech.tw

During our auditing procedure we find out that the M-Super Corp has no trade mark, Intellectual property, nor patent even similar to that word.we have the duty to inform you this matter. If you do not know this company, we doubt that they have other aims to buy these domain names. Now we have not finished the registration of M-Super Corp yet, in order to deal with this issue better, please let someone who is responsible for trademark or domain name contact me as soon as possible.

Best Regards,
Lily Chen.
Auditing Director
________________________________________



Fax: + 852 8226 1055
Email: lily.chen@sk-network.org
Web: http://www.sk-holdings.net
________________________________________
Confidentiality Notice:This is a letter for confirmation. If the mentioned third party is your business partner or distributor in Asia please DO NOT reply. We will automatically confirm application from your business partner after this audit procedure.we have to notify you,and our registration organization are not responsible for any dispute questions about trade mark,intellectual property nor patent after they succeed in registration.hope you can understand.thank you.



09/23/2008

Thre goes a follow-up email from Lily flagged with high importance:


From: Lily Chen [mailto:lily.chen@sk-network.org]
Sent: Tuesday, September 23, 2008 9:13 AM
To: Kxxxxx Mxxxxxx
Subject: Re: Read: (To the CEO) Regarding Domain Name "kontech "Importance: High

Dear Sir/Ms,

We did not receive your reply until now. I have been helping you in the whole course, but we need your cooperation, We don't hope the domains be registered under your unknown.So we sent email to inform your company to protect your interest.Do you mean that you want to give up the registration? If so, we will sign the registration agreement with the third party . So please confirm whether you need to reserve your rights. Waiting for your further reply as soon as possible. If any question, do not hesitate to contact me.

Best Regards
Lily
Auditing Director



Safe to ignore/delete

Thursday, September 4, 2008

Email: UPS VIRUS - not ahoax this time

Email: UPS VIRUS - not a hoax this time



I received this email and was about to ignore it, but after a few min of research it turns out to be a real thing.

There's even a warning on UPS site about this virus threat.

If you get similar email I'd suggest that you delete immediately and permanently!


Subject: UPS VIRUS


The newest virus circulating is the UPS Delivery Failure. You will receive an email from UPS Packet Service along with a packet number. NOTE: The word packet is mis-spelled on this line. It will say that they were un-able to deliver a package sent to you on such and such a date. It then asks you to print out the invoice copy attached. DON'T TRY TO PRINT THIS. IT LAUNCHES THE VIRUS! Pass this warning on to all your PC operators at work and home. This virus has caused Millions of dollars in damage in the past few days.

Snopes confirms that it is real:


http://www.snopes.com/computer/virus/ups.asp