Un Chien Bleu

“Hiiiiiiiii! This is Ashley . . .we did not see you in our wedding . . . Well, here I’m sending you a few pics taken in our wedding . . . http://www.FAKEURL.com/photos/ashley/wedding.zip

It’s so easy to click the mouse button on an email like this. Who doesn’t know an “Ashley”?

“Was I invited to a wedding? I wonder what her dress looked like?” The rest of the internal dialogue is less benign, “Oops, that was a .ZIP file, wasn’t it? Hey, that was weird. YOW! My computer — Oh sweet mother of GOD!”

Note that the link in this email was to a .ZIP file format. Spammers like .Zip spam because many email spam detectors and anti-virus programs don’t scan compressed files. It’s a popular way (in certain double-plus-not-good crowds) to slip in BotNet software to turn your computer into a zombie remote processor or open a door to your banking passwords. Possibilities are only limited by a Russian teenager’s imagination.

eWeek reports an uptick in the number of infected .ZIP file spam recently:

Anyone who makes the mistake of opening the attachment is greeted with a Trojan.

[The Trojan] downloads further malicious code from the Internet,” explained Graham Cluley, senior technology consultant at Sophos. “Obviously the nature of the code it downloads can be changed at any time, but the usual suspects would be spyware code to steal your log-in details, turn your computer into a bot, etc.”

Microsoft’s “Security Intelligence Report” blog explains more about BotNets and “Drive-by Download” sites” — websites where vulnerable computers can be infected with malware simply by visiting it, even without attempting to download anything.

The moral of today’s Tale of Terror is “Don’t doze off at the reins while the horses are moving.”

• Never EVER click on a link from an email.
• Always keep your browser, operating system and hardware drivers up to date.
• Don’t rely on a single anti-virus or anti-malware product. No one product will detect everything.
• Avoid Windows Internet Explorer if you can.
• Don’t assume that just because someone has your email address, they are your new best friend.

It may seem daunting, but it wasn’t all that hard to do

I have DIGG on my iGoogle homepage, and every once in a while something catches my eye there. Today it was Do you need a DNS upgrade?. The article was just an overview explaining what Domain Name Servers (DNS) are, and the GeekBoy comments could really make you crazy if you tried to parse every one — BUT I got enough info to speed up my computer’s internet response time fairly easily.

After chasing a few red herrings in the comments, ILLBEBACK actually offered something useful: a link to DNS Benchmark. This is a really free, well-crafted program written by Steve Gibson. The documentation is ultra-detailed, but the basic thing you need to do is download and run the program to find which DNS’s out there work best for your computer and location. Once you have them, change your TCP properties and you’re good to go.

Your mileage may vary, Google your particular configuration if you need to. I have a home network with both Windows 7 and XP wireless computers with an ATT 2wire420 modem/router.

Amazon.com asked me to verify my email address for something called “Amazon Delivers” a kind of opt-in spam delivery service sponsored by Amazon. I’m not an opt-in kind of person. I didn’t ask for it. According to my Amazon communication settings, I do “do not have any Amazon.com Delivers e-mail subscriptions as yet” and I can’t get any until I opt-in. Fine and dandy, says I.

What’s confusing me is that Amazon’s email asks me to click on a link to verify. I didn’t fall off the banana boat yesterday—I never, never, ever click on a potential phishing link in an email.

We have received a request to verify that the e-mail address fake-email@yyyyy.com belongs to you. Please click on the (Valid Amazon.com link removed) below to complete the verification process.

Please (valid Amazon.com link removed) confirm your e-mail address to continue.

Once you have verified your e-mail address, you will be subscribed to:

• (valid Amazon.com link removed) category

Alternatively, you can type or paste the following link into your Web browser:
Valid Amazon url link removed

Amazon’s anti-phishing help page reaffirms it. So what’s the deal? Who gets the blame for this? Third party contractors? Inattentive interns? Lack of internal controls? A turn toward the dark side? I’d like to know.

If you receive an unsolicited e-mail that appears to be from Amazon.com that requests personal information (such as your credit card, login, or password), or that asks you to verify or confirm your Amazon.com account information by clicking on a link, that e-mail was sent by a “phisher” or “spoofer.” Amazon.com will never ask for this type of information in an e-mail. Do not click on the link.

My Daddy came in all excited about an incident he heard about,

where an elderly couple were killed in a Florida home invasion.

Daddy, being elderly and all, wanted more information. Me being co-dependent (and online at the moment,) Googled “home invasion murder elderly couple florida 2009″.

The first return linked to an Italian-sounding URL: http://www.gabineteorellana.com/ but the text was right

FLORIDA COUPLE KILLED
Jul 13, 2009 … Pregnant Woman, Baby Killed in Florida Home Invasion, . … Up to 8 People Involved in Murder of Florida Couple With 16 Kids

And I so wanted to please Daddy, so I clicked it (Google being so reliable and all). I was immediately taken to securefolderscannerv6.com where Personal Antivirus took over. Confusing pop-ups told me “Windows Web Security” found malicious software. I should download a program. Do I want to download it? No? “Don’t close this window if your want you PC to be protected”[sic]. Close the window. Do I want to cancel? Yes? If you really don’t want to cancel click OK. OK? Oops. Not Ok. Stop. Help. Rinse and repeat.

Thanks to BleepingComputer.com Personal Antivirus is :

. . . a rogue anti-spyware created by company named Innovagest 2000 and is a clone of General Antivirus and Internet Antivirus Pro. This program is advertised through the use of Trojans that display fake security alerts on your computer. These alerts will contain messages stating that your computer is under attack or that malware has been detected running on your computer. When you click on these alerts, Personal Antivirus will be installed on your computer and automatically be configured to run when you start Windows. When running, it will scan your computer and display a variety of infections that cannot be removed unless you first purchase the program. In reality, though, these infections are all fake and are only be shown to scare you into purchasing the program.

Removing it is not simple. Here’s how.

A friend once got suckered into installing this POS and paid a local repair company $150 to remove the trojan. Gosh. Too bad. Local PC repair company discovered he hard drive was failing. She needed a $300 external drive and a forensic repair to move her data to it (including the Trojan, as it so happens).