Sponsored by..

Friday, 23 July 2010

"TOYOTA CAR LOTTERY" scam

A ridiculously long and horribly written scam email about winning a Toyota, email relayed through 60.251.190.235 in Taiwan, but apparently soliciting replies to an email address in Hong Kong while claiming to be based in Thailand. It is (of course) some sort of Advanced Fee Fraud. Incidentally, the +(66)896734792 telephone number is Thailand and is well known for being connected with scams.

From: MR.PAUL WILTON <info@yahoo.com>
Reply-To: organizelottoint39l@yahoo.com.hk
Date: 23 July 2010 10:18
subject: TOYOTA CAR LOTTERY
   
Toyota Car Lottery International Promotions Thailand,
Customer Service Department
Toyota Motor Corporations, Thailand.
92/48 Sathon Nua Rd.
Fl 17 Sathorn Thani 2 Bldg Silom,
Bang Rak,Silom, Bangkok 10500,
Thailand.


                                             TOYOTA  MOTORS CORPORATION INTERNATIONAL
                                             PRIZE NOTIFICATION 2010 NEW CARS PROMOTION

We are pleased to inform you of the result of the just concluded annual final draws held on the IST OF January,2010  by Toyota Motor Company in conjunction with the Japan International Email Lottery Worldwide Promotion,your email address was among the 20 Lucky winners who won US$1,000,000.00 each on the Toyota Motors Company Email Promotion programme dated as stated above.This is from the total price of $20 million United State Dollars ($20,000,000.00usd)shared among the 20 lucky winners,you are therefore approved for a lump payment of US$1,000,000.00 Dollars,in cash ,including a Toyota car which is the winning present /amount for the Second category winners.

However the results were released and declared on the 5TH OF MAY 2010, and your email address attached to ticket number 4500542188(TMPWAYZ20051), with serial number  454-17 drew the lucky number 3,8,13,22, 5, 0,27,41 and bonus number 12,your Reference Number:FLS433/453L/GMSA. The online draws was conducted by a random selection of email addresses from an exclusive list of 35,031 E-mail addresses of individuals and corporate bodies picked by an advanced automated random computer search from the internet. However, no tickets were sold but all email addresses were assigned to different ticket numbers for representation and privacy to make sure the money reaches you.

The selection process was carried out through random selection in our computerized email selection machine (TOPAZ) from a database of over 250,000 email addresses drawn from all the continents of the world. This Email Lottery Promotion is approved by the Japanese Gaming Board and also Licensed by the The International Association of Gaming Regulators (IAGR).This lottery is the 3rd of its kind and we intend to sensitize the general public about toyota motors 2010 new cars(Toyota motors 2010 latest cars).As indicated by the computerized selection machine,your lucky winning number falls within our Asia booklet representative office here in THE KINGDOM OF THAILAND as showed in the coupon.

For security reasons, you are advised to keep your winning information confidential and private until your claim is processed and your money remitted to you in whatever manner you deem fit to claim the prize money and the toyota car your winning present.This is part of our precautionary and security measure to avoid double claiming and unwarranted abuse of this program.In other to claim your US$1,000,000.00 winning prize,which has been deposited with THE MANAGEMENT AND BOARD OF UNITED TRUST BANK BANGKOK BRANCH THAILAND, Remember to indicate your reference Number (FLS433/453L/GMSA) to make sure the  winning  prize US$1,000,000.00 and the Toyota car reaches you intact and complete.

The toyota car shipping documents will be forwarded to you to claim ( A toyota car which is the winning present  for second category winners) in any port of your choice,once your winning amount US$1,000,000.00 processed and transfer to you.
However,you are required to fill the form below,together with the name of the port where your winning present a toyota car should be ship to and send it to the online promotion manager of THE TOYOTA MOTOR CORPORATION for verification and then you will be directed to the paying bank above for immediate process and approval of your winning fund and shipping of your (TOYOTA CAR) where the sum of US$1,000,000.00 has already been deposited in your favor under your email address.

FILL THE FORM BELOW;
NAME:.....................................
AGE:........................................
SEX:........................................
ADDRESS:(RESIDENT ADDRESS ONLY)...............................
YOUR OTHER EMAIL:....................................
PHONE:...................................
OCCUPATION:.........................
AMOUNT WON........................
COUNTRY:...............................
NAME AND ADDRESS OF THE PORT FOR SHIPMENT OF YOUR WINNING CAR ......................
SHORT COMMENT ON OUR PRODUCTS .............................................

Please you are adviced to complete the form and send it immediately to our Promotion manager through email for prompt collection of your fund
(CONTACT PROMOTION MANAGER)
TOYOTA MOTORS FOREIGN SERVICES MANAGER
NAME: Dr. Wong Lee
TELEPHONE: +(66)896734792
EMAIL:organizelottoint39l@yahoo.com.hk

WARNING !!

You are to keep all the winning information away from the general public especially your ticket number and ballot number.(this is important as a case of double claiming will not be entertained) Staff of Toyota Motor Company and the Japanese International Lottery Company are not to partake in this Lottery. Accept my hearty congratulations once again! for being selected among the 20 lucky winners .

Yours faithfully,
MR.PAUL WILTON
(V.P FINANCE)
TOYOTA MOTORS CORPORATION LTD.
www.Toyota.co.th

Thursday, 22 July 2010

amanda.lee@blackberry.co.za is not offering a free BlackBerry

A variation on this hoax email analysed at Hoax-Slayer indicates that someone has a grudge against Research in Motion (who make the BlackBerry range of smartphones) in South Africa.

There's a watermarked image stolen from Mobile Gazette to go with it (who are nothing to do with the hoax).. now with a blurry couple of photos from people claiming that they have their free BlackBerry.

This is just a hoax.. nobody is going to send you a €400 smartphone (about 3800 rand) for forwarding a few emails. It probably just exists to harass the company or whoever "Amanda Lee" might be. Don't forward it.

Dear All,
 
Blackberry is giving away  free phones as part of their promotional drive.
 
All you need to do is send a copy of this email to 8 people; and you will receive your phone in less than 24 hrs.
Please note that if you send to more than 20 people you will receive two phones.
 
 
Please do not forget to send a copy to: amanda.lee@blackberry.co.za 
 
With Regards,
 
Amanda Lee (Marketing Manager)
Office Number: 0117838512 


Someone has added to the email:
Hi guys,

This is real we got our phones today , the previous email, had the incorrect email address, should be @blackberry.co.za, and not @blackberry.com

And there are a couple of pictures no doubt ripped from the web:


My best advice is that if you get one, tell the sender that it is a hoax and point them to this post or Hoax-Slayer.

Wednesday, 21 July 2010

Hotbar.com deceptive installation.. again.

Hotbar.com probably needs no introduction as an unpleasant piece of Slimeware, picked up from the ruins of Zango by a Washington State company calling itself Pinball Corporation. Traditionally, companies like Zango and Pinball work on a pay-per-install basis for their software, and recruit affiliates to get the software installed on end user's machines. Anyone who deals with affiliate marketing knows that the actions of your affiliates reflect on the company itself.. you don't want dodgy affiliates tarnishing your reputation.

This particular affiliate of Pinball Corporation does seem to be pretty deceptive though, targeting naive users who don't check what they are downloading properly.

Here is an example, coming up on a search for Google Earth:

The first result reads:
G.Earth Free Download
EarthI0-3D.com/GEarth-Download      New G.Earth. A True 3D Digital. Fly Anywhere On Earth. For Free!
Is earthi0-3d.com Google? Of course not! But it relies on users not to check before they click through..

Google's logo is displayed prominently on the landing page, the whole page really does look like it is from Google, but scrolling down reveals the truth.. in pale grey text on a white background to make it difficult to spot:



This website has no partnership whatsoever with the owner or manufacturer of this software program, and provides ONLY a link to the program.
New computer users should find our services valuable, and a time saver. If you are an advanced computer user, you probably don't need our services. 
Well, it doesn't just provide a link to download the program.. clicking "Free Download" reveals the payload of a mixture of HotBar, ShopperReports, Blinkx and QuestDNS adware.

..but you have the read the small(ish) print. The Google Earth logo is still prominently displayed, along with a great big "Start" button. Now, to be fair it is all spelled out in black and white with links to the EULA, but displayed in a much smaller and less prominent manner than the Google logo.

The download is pretty widely detected as adware by many AV programs. Some of the components are particularly insidious, including QuestDNS that installs all sorts of operating system hooks.

It's not just Google Earth that is targeted in this way, the server that hosts earthi0-3d.com, 174.121.90.107 [ThePlanet.com], also hosts a shedload of other domains that masquerade as well-known applications. (Sorry, it's a long list.. but there's more after it).


0perai0.com
7zip2010.com
Adaware10-uk.com
Adaware10-us.com
Adawarepro10.com
Adobereader10-pro.com
Adobereader2010.com
Adobe-readeruk.com
Adobe-reader-uk.com
Adobe-readerus.com
Adobe-reader-us.com
Ares10.com
Ar-proversion.com
Audacityi0.com
Babelfish10-uk.com
Babelfish10-us.com
Bearshare10-prodownloads.com
Bearsharefast.com
Bit10-cometpro.com
Bitcometfast.com
Bitcometi0.com
Bitcometpro.com
Biti0-latest-comet.com
Bitlordfast.com
Bitlordi0.com
Bitnewcomet.com
Bit-new-comet.com
Bitnewlord.com
Bit-new-lord.com
Century21games.com
C-new-cleaneri0.com
Convertxtodvdpro.com
Corelpaint2010.com
Descarga-activex.com
Divx10-uk.com
Divx10-us.com
Div-xi0.com
Downsoftloads.com
Earth-20i0.com
Earthi0-3d.com
Emulenouveau-fr.com
Eplig.com
Fastnewlime.com
F-frostwirei0-pro.com
Flash-playerdownloads.com
Flashplayernew2010.com
Flashplayernew-uk.com
Flashplayerpro10.com
Flashplayeruk.com
Flashplayer-us.com
Freezonlinetvpro.com
F-reviewfrostwirei0.com
Frost10-prowire.com
Frost10-wire.com
Frostfreewire.com
Frost-profrostwire.com
Frostpro-wire.com
Frost-pro-wire10.com
Frost-prowire-2010.com
Frost-review.com
Frost-us-prowire.com
Frost-us-wire.com
Frostwire10-frostdownloads.com
Frost-wire10-pro.com
Frost-wirei0-frostpro.com
Gamescentury.com
G-earthi0.com
Getactivex.com
Getdirectx.com
Getnetframework.com
Girlstar-fun.com
Googleearth10.com
Internetdownmanagerpro.com
Irfanviewpro.com
Itunespro10.com
Jetaudiopro.com
Justfree-screensavers.com
Kidstoys-fun.com
Latestopenoffice.com
Limewireeasy.com
Live-messenger-windows.com
Live-msn10-messenger.com
Live-newmessenger-promsn.com
Liveprodownloads.com
Liveprotube.com
Live-torrents.com
Livetube-pro.com
Livetvnowpro.com
Messenger10-livepro-newmsn.com
Messenger-msni0-live.com
Messenger-msn-live.com
Messengerplus-live-msn10.com
Messengerpro-live-msn2010.com
Monfirefoxonline.com
Msn10-live-messenger.com
Msn-live10-messenger.com
Msn-messenger-new.com
Msn-messenger-windows.com
Myfrostwire10.com
Myfrost-wire10-pro.com
Mylimewire10.com
Mylimewirepro10.com
Mylivelimewire10.com
Mymariobrosfree.com
Mymessenger-live-promsn.com
Mymsn-live-newmessenger10.com
Myworldlime.com
Ner0-burni0.com
Newadobe-proreader.com
Newadobe-readerpro.com
Newadreaderpro.com
Newbit-comet-2010.com
Newbitcometi0.com
Newbittornado10.com
Newbit-torrent10.com
Newcoreldraw2010.com
Newdivxpro10.com
Newfastlime10.com
Newflash-playepro.com
Newflash-proplayer.com
Newlimefast.com
Newlimefree.com
Newlimeworld.com
Newmessenger-live-promsn.com
Newoffice10.com
Newopenoffice2010.com
Newopen-proofficeuk.com
Newopen-proofficeus.com
Newovernet10.com
Newphotoscape2010.com
Newpicasapro.com
Newshareaza10.com
Newsoulseek10.com
Newutorrent-free.com
Of-suite3-officei0.com
Openi0-latest-office.com
Openoffice10-officedownloads.com
Openofficenew2010.com
Openofficenewuk.com
Openofficenew-uk.com
Openofficenewus.com
Openofficenew-us.com
Playlegends.com
Play-mario-free.com
Play-mario-now.com
Proadobe10.com
Proadobereader10.com
Proadvancedsystemcare.com
Proaudacity10.com
Probitcomet.com
Probitcomet10.com
Probitlord10.com
Procamfrog10.com
Proccleaner10.com
Proflvplayer.com
Progommediaplayer.com
Proicq2010.com
Pro-lime-wire.com
Prolivetvnow.com
Promirc2010.com
Promocion-aba.com
Pro-nero-10.com
Pro-newutorrent.com
Proopenoffice10.com
Proorbit10.com
Propowerdvd.com
Proquicktime10.com
Prosopcast10.com
Prospybot2010.com
Pro-utorrent10.com
Pro-web-solutions.com
Prowinrar10.com
Prowinzip2010.com
Proytdownloader.com
Quicknewtime.com
Quicktime10-uk.com
Quicktime10-us.com
Rankdriven.com
Schnellfirefox10.com
Seo-sem-worldwide.com
Skype10.com
Smartdefragpro.com
Speedylime10.com
Suite3-office.com
Suite-office3.com
Suite-office3.net
Suiteprooffice-2010.com
Superlime10.com
Teamviewerpro2010.com
Trilliani0.com
Ufreetorrent.com
Uklimefree.com
Uprotorrent-2010.com
U-reviewbitcomet.com
U-reviewfrostwire.com
U-reviewsuiteoffice3.com
U-reviewtorrent.com
U-review-torrent.com
Uslimewire10.com
Utorrent10-udownloads.com
Utorrent-free.com
Utorrenti0.com
Vafdrivers.com
Vafscanner.com
Vaftv.com
Virtualdjpro-uk.com
Virtualdjpro-us.com
Virtualnewdj.com
Virtual-new-dj.com
Virtualnewdj.info
Virtual-newdj-2010.com
Virtuals-dj2010.com
Vlcmediaplayerpro.com
Vlcpro-vdownloads.com
Vlc-videolan-fr.com
V-virtual-prodj.com
Winamp10-uk.com
Winamp10-us.com
Winmediaplayer-fr.com
Winmoviemaker.com
Winrar10-uk.com
Winrar10-us.com
Winzip10-uk.com
Winzip10-us.com
W-media-player.com
Wmedia-playerdownloads.com
W-media-playerpro.com
Worldlime10.com
Youfreetube-loader.com
Youlive-tube.com
You-pro-tube.com
Ytdownloader-uk.com
Ytdownloader-us.com


Most domains have some sort of anonymous registration, but not all.. and one points the finger at a company in the Canary Islands:

Company: Payments interactive S.L.U
Name: fuentes martins de souza vicente alan
Address: camino de la fallera 1
City: santa cruz de tenerife
Country: CANARY ISLANDS
Postal Code: 38789
Phone: +34669061555
Fax:
Email: daniel.hylander@paymentsint.com
We can track down paymentsint.com to a server at 67.19.106.170 [ThePlanet.com] and there are a whole load of other domains you might want to avoid too.. (another long list, sorry)

Apuestadeporte.es
Audiobooks21.com
Bestfarmvilleapp.com
Bestfarmvilletoolbar.com
Bestfarmvilletricks.com
Bestwebhostingtop.com
Casinosypoker.es
Conocer-gente.es
Debelleza.es
Deseguros.es
Easyfarmvilleapp.com
Easyfarmvilletips.com
Easyfarmvilletoolbar.com
Easyfarmvilletricks.com
Economiayfinanzas.es
Emule10-italy.com
Emule10.com
Emule2010site.com
Emulenow.com
Evonynow.com
Farmappextreme.com
Farmtipsrextreme.com
Farmtoolbarextreme.com
Farmtricksrextreme.com
Fastestbrowsers.com
Fastfirefox10.com
Firefox-us.com
Flashgames2010.com
Flashplayernew.com
Flaviocoiro.com
Freenewares.com
Freenewutorrent.com
Freeopenoffice10.com
Freewinrar10.com
Fungamesgirls.com
Generar-ingresos-extra.com
Getfarmville.com
Haiti-foundation.org
Idolnew.com
Isoftware.es
Lastopenoffice.com
Latestnewinternetexplorer.com
Megauploadpro.com
Melollevo.net
Melosllevo.com
Melosllevo.es
Mininovaonline.com
Morpheusnow.com
Msnmessenger-fr.com
Mybitcomet10.com
Mybitlord10.com
Myedonkey10.com
Myexploreronline.com
Myfirefox10.com
Myfirefoxfast.com
Myfirefoxworld.com
Myfrostwirepro.com
Mygnutella10.com
Mymorpheus10.com
Napsternow.com
Neuenfirefoxonline.com
Newadobepro.com
Newadobereader.com
Newadobereaderpro.com
Newares10.com
Newbabelfish.com
Newbearsharepro.com
Newbitcomet.com
Newbitlord.com
Newbittorrent.com
Newedonkeypro.com
Newfarmville.com
Newfarmvilleapp.com
Newfarmvilletips.com
Newfarmvilletoolbar.com
Newfarmvilletricks.com
Newfirefoxpro.com
Newfirefoxworld.com
Newgnutellapro.com
Newgoogleearth10.com
Newrapidsharepro.com
Newreaderpro.com
Newskype2010.com
Newtvidol.com
Newutorrent10.com
Newvcdplayer.com
Newvirtualdj.com
Newwindowsmediaplayerpro.com
Ofertaturismo.es
Outlet-foto.com
Outlet-sport.com
Paymentsint.com
Photofiltrenew.com
Proadobeflashplayer.com
Proadobereader.com
Prolimewirenow.com
Prowirelime.com
Qualityblogs.es
Quecompras.es
Registryscanner-pc.com
Reviews21.com
Revistatv.es
Solococina.es
Solosalud.es
Speedyfirefox10.com
Theluckyhoroscope.com
Thunderbirdnow.com
Todoinfantil.es
Topconsolas.es
Topillsreviews.com
Tuguu.com
Tvtopchannel.com
Uklimefast.com
Usfirefoxbrowser.com
Utorrentfast.com
Vafdriver.com
Virtualdjnow.com
Virtualgirlfree.com
Web-uk-hosting.com
Web-us-hosting.com
Wmediaplayernow.com

You can probably safely block these IPs and all of these sites, there doesn't seem to be anything of value here.

This is definitely a somewhat deceptive approach to installation, but it does rely on a fair degree of user stupidity too. However, any IT person will probably tell you that there are a hard core of users who really are daft enough to fall for something like this, and really the best thing that you can do it pre-emptively block the whole lot.

There is a very questionable use of trademarks here, and perhaps some of those trademark owners might like to take some action of their own...

Saturday, 17 July 2010

"Pollux Enterprise Ltd" money mule scam

Pollux Enterprise Ltd appears to be a genuine company in Hong Kong. This email claims to be from Pollux Enterprise Ltd, but isn't.. it's a Money Mule scam which is basically money laundering. Email originates from 95.154.240.2 which appears to be Turkish, not Hong Kong. Avoid.

From: Pollux Enterprise Ltd pollux.recruit@gmail.comReply-To: pollux.recruit@gmail.com
Date: 17 July 2010 20:15
subject: Job and recruitment available ( Your present job not affected ).
   

If you have access to a computer, and have up to three hours spare time per-
week, would you like to work part or full time online from
home and get paid weekly? If yes, then please read carefully.
_____________________________________________________________________
ABOUT US
______________________________________________________________________
Pollux Enterprise Ltd was Established in 1999 in Hong Kong and we specializes
in worldwide export of fashion accessories, hair ornaments and fashion jewelry.
We strive to market chic and trendy accessories that intrigue fashion-conscious
ladies around the globe.

Backed by the vast manufacturing base in China and the East-West sensibility
uniquely found in Hong Kong,
______________________________________________________________________
JOB POSITION
_______________________________________________________________________
We are currently seeking part/full time employees for our ever-growing
Foreign Payment Receiving Officer. Through extensive demographic research, we
have discovered a wealth of untapped human resources that, for one reason or
another, need the freedom to work from home and consider becoming part of our company.
as part of our ongoing Multi Level Marketing Network, we seek capable individuals to work for
us as our representative.You can easily make $500 - $2,000 or more in a week by
working for us as Sub-contractor in your geographical location, you will be in charge
of collecting payment on behalf of our affiliates and Smallbusine ss organizations
that are registered under us. Note that no form of investment is needed from you and this job will take
only 1-3 hours of your time per week.
______________________________________________________________________
JOB RESPONSIBILITY
_______________________________________________________________________
The position of Foreign Payment Receiving Officer entails the following duties:
coordinate payments from our clients, receive payments which come in form of Certified
Check, process payments at your local bank, and forward 90% of funds
received to the proper branch office, as instructed.
The remaining 10% is your gratuity. Since this position
is need-based, you will have plenty of free time while enjoying a good income.
_______________________________________________________________________
RENUMERATION
_______________________________________________________________________
Ev ery assignment in form of payment received from clients, you're entitled to
10% which excludes the cost of processing western union to any regional office
accountant Also you get a monthly salary of $1500 which comes at the end of every
month, plus other incentives and benefits that accrue, which includes tax holidays.
________________________________________________________________________
INTERESTED APPLICANTS (HOW TO APPLY)
________________________________________________________________________
Interested applicants should reply with:

Full Name:-
Contact Address:-
Gender:-
Occupation:-
Phone Number(s):-
E-mail Address(Optional):-

Our Human Resource Managers can contact you via email, with further details if the management
decides you're a successful candidate.

We look forward to working with you.

NB: Ignore this mail if you are not interested in this offer.

Mr. Alfred Tsang
Unit 7-9, 6/F Yale Industrial Centre
61-63 Au Pui Wan Street, Shatin

Mystery Shopper Scam from "Shoppers Guide Ltd"

Mystery shopper scams aren't exactly rare, but they're not as obvious a scam as some others. The basic idea is that once you get roped in, then eventually the sting will come with you laundering stolen money or an advanced fee fraud. There are some details about typical mystery shopper scams here.

The spam originates from 82.128.2.21 in Nigeria.

From: ADAM SCOTT mystery.shopperonline33415@yahoo.com
Reply-To: mystery.shopperonline33415@yahoo.com
Date: 17 July 2010 15:39
Subject: JOB OFFER

Hello,

         We are a company that conduct surveys and evaluate other companies. We get hired to go to other peoples companies and act like customers in order to know how the staffs are handling their services in relation to their  customers. once we have a contract to do so, you would be directed to the company or outlet, and you would be given the funds you need to do the job(either purchase things or require services), after which you would write a  comment on the staffs activities and give a detailed record of your experience

Examples of details you would forward to us are :

1) How long it took you to get services.
2) Smartness of the attendant
3) Customer service professionalism
4) Sometimes you might be required to upset the attendant, to see how they react to clients when they get tensed.

 And we turn the information over to the company executives and they would  carry out their own duties in improving there services.

   Most companies employ our assistance when people give complains about their services, or when they feel there are needs for them to improve their customer service. your Identity would be kept confidential as the job states (secret shopper) you would be paid $300 for every duty you carry out, and bonus on your transportation allowance, and funds would be given to you if you have to dine as part of the duty.

  Your job will be to evaluate and comment on customer service in a wide variety of shops, stores, restaurant and services in your area. No commitment is made on this job, and you would have flexible hours as it suits you. We will be sending you check for any of your assignments which you will cash at your financial institution and you use the money to carryout the assignment. You do not have to use any money from your pockets. So we will provide you the money for all your assignments.If you are interested

The following information below will be needed :
Full Name:
Address (no Po Box):
City:
State:
Zip code:
Phone Number(s):
Email Address:
Age:
Occupation:

 So we can look at your distance from the locations which you have to put your service into, and your address would also be need for your payments.

Thanks.

Adam Smith
shoppers Guide Ltd
mystery.shopperonline33415@yahoo.com

Thursday, 15 July 2010

"Put your PC in your pocket and use it anywhere, anytime!"

I don't normally republish press releases, but this looks pretty cool. I've used Paragon software before and it seems to do what it says on tin. What this appears to be a a fully featured VM package which consumers can use for free, so it definitely might be worth trying out..

 IRVINE, CA, July 12, 2010 – It’s time to upgrade to a new operating system, but the thought of all the unknown issues may hold you back.  What if your favourite applications haven’t been updated to work with the new OS? There may be unintentional software glitches or bugs that will damage your host computer. One solution would be to create a virtual clone of your current computing environment to test any changes or upgrades before going live on your own PC, but migration to a virtual machine might be too complex and expensive for an average home user. How do you even begin to go virtual?
Paragon Software Group (PSG), the technology leader in innovative data security and data management solutions, invites you to Paragon Go Virtual with the new easy-to-use, free migration tool created for PC users who want to work in a virtual environment without technical risk. How does it work? Paragon Go Virtual allows you to make a virtual clone of your PC in three easy steps: http://www.paragon-software.com/home/go-virtual/how_it_works.html
Availability:
Paragon Go Virtual is available for immediate download, free of charge: http://www.paragon-software.com/home/go-virtual/index.html
 Social Media:
 
 We would like you to leave us a comment here letting us know what you think about it. We value all of  your feedback on our blog  


The BBC News site sucks

I've kept schtum about the BBC News redesign for a couple of days as I suspected that my dislike of it was just because it was different from the layout that they've had for some time (I moaned about the last redesign too).

It does seem that I'm not alone though as a comment on the bottom of this Reg article indicates:

Widespread criticism of the redesign in the blogsphere over its confusing layout, unappealing appearance and the bone-headed decision to demote the prominence of sports coverage is another thing altogether.
Exactly.. the navigation used to be very simple and clear but is now a confused jumble, there's an inexplicable amount of whitespace about the place, there's a stupid panel part way down with your local news that appears to have been designed by a different team entirely, and an overall inefficient use of space with unimportant elements being too visually intrusive. It's Web 2.0 crap in other words.. hell, it's almost as bad as Sky News!

(and before anyone comments, I know that this blog template doesn't work very well in Internet Explorer either, but then I haven't pissed away stacks of public cash on it either).

More unfavourable comments here

Tuesday, 13 July 2010

"Your craiglist account requires attention!!"

A fairly obvious phish:

From: noreply@craigslists.org
Date: 13 July 2010 08:29
Subject: Your craiglist account requires attention!!
   
Please follow the link bellow to avoid expiration of your Account https://www.craigslist.org/account/update

Thank you for using our services
The link in the email actually goes through your.totalinternethost.com/bb.html before bouncing to accounts.craiglist.org.postifedelta.com/icons/crg/ - I'm guessing that the domains are legitimate but their domain admin account has been hacked.

The mail itself is "from" craigslists.org (i.e. more than one list) rather than craigslist.org which is a clue, and also the subject is mis-spelled as craiglist .. usually signs that something it going wrong (and a couple of things that you could block if you roll your own mail filters).

If you click through, then you get a convincing looking login page which is an exact copy of the real thing:

This is the fake one (click to enlarge):


Fill in the login details, and the fake page harvests them and sends you on to the REAL page (pictured below) which looks identical. Presumably, victims are meant to think that their login has failed in some way.

The catch? Both the real and fake pages have an identical warning:

WARNING:  scammers may try to steal your account by sending an official-looking email with a link to a fake craigslist login page that looks like this page, hoping you'll type in your username and password.

example of valid craigslist address Look carefully at the web address near the top of your browser to make sure you are on the real craigslist login page, https://accounts.craigslist.org

The safest way to login is go to the craigslist homepage directly by typing in the web address, and then clicking on the 'my account' link.
Both fake and real pages even have a picture to show you what to look for:

On the fake page, the URL in the browser bar clearly does not match the one on the page. But how many people actually read it? Any sysadmin will tell you that there's a hard core of users who don't read or unstand warnings, and obviously there are enough of them to make this scam worthwhile.

Just for the record, these are the IPs in this particular phish:
accounts.craiglist.org.postifedelta.com 
116.12.52.25
Usonyx, Singapore

your.totalinternethost.com
64.191.40.21
Burstnet, Scranton

Sunday, 11 July 2010

I received this mail "from" a contact's web mail account.. well, I say "from", it was actually a dial-up account in Nigeria (41.155.100.234 in this case).


Subject:  HELP!!!

Hello,

      I'm sending this short email with panic in my heart, the situation of things here right now seems so tensed and frighting because I'm  stranded here, apparently l was stuck here in LONDON ENGLAND with family because we were held by muggers on KENTISH TOWN ROAD  yesterday after shopping at the city mall, our wallets were taken from us which has our credit cards and bank cards in it, but we already canceled  them now, our passports were taken as well but the embassy are working on it trying to fix a way to get us an ID that will be valid for us to get  on flight back home but seems like it will take couple of days or three but right now i need a quick loan from you which is very urgent,  so we can use for our upkeep for the next 3days, l promise to pay you back, as soon as i'm back home, l give you my word on that, please email  me as soon as you get this to confirm and let me know if you can be of help.

God bless you. 

What has happened here is that the victim recently received a message from their webmail provider that said that their account might be shut down because of a lack of capacity.. and please could you confirm that it was still in use by sending back the login details. THAT gave the scammers the username and password, and then they raided the contacts to send this plea.

So.. if you receive a mail message like this, then it's a scam.. but don't ignore it, the best thing to do is tell your contact that their mail account has been compromised and that they need to change their password (if they can) and also review any banking or financially sensitive emails that they store, because it is possible that the scammers could have compromised those as well.

Dear Robert Allen and Bob Gatchel.. please shove it where the sun don't shine.

I guess it was naive of me to think that I wouldn't see any more Bob Gatchel spam, but this great big steaming turd of a spam ended up in my inbox promotion some other crap.

From: robertallen1 robertallen1@ewiadvisor.com
Reply-to: jan@multiplestreamsofincome.com
Date: 25 June 2010 04:21
subject    [Redacted], Your Mining Gold with Ebay CD At Absolutely No Cost From Robert Allen
   
 Hi [Redacted],

Robert Allen here with some AWESOME news!  I’m very excited to tell you that my good friend, mentor and online marketing expert - Bob Gatchel - just completed a brand-new program that could show you how to explode your income! 
EXPLODE MY INCOME! AWSEOME!
Do you remember me telling you how I made $94,000 in 24 hours, sitting at home on my computer?  Well … it was Bob Gatchel who made that possible!  He’s a genius when it comes to making money on the Internet. 
No I don't.. I remember someone telling me that they were watching 2Girls1Cup when their mom walked in. Was that you?

Well, Bob has done it again! 
Whatever happened to Britney Spears?

This time he’s revealing how anyone can make $300 to $3,000 a month “mining for gold” on eBay. Ebay?  Yes, Ebay!   You see … due to the recent financial crisis & this “new economy” - Ebay online auctions are in SUPER demand!  This massive demand has created a virtual “online gold rush” … and fortunes are being made because of it!   Bob reveals exactly how anyone can capitalize on this MASSIVE trend right now … even if you never participated on Ebay before!
Wow.. Bob has discovered what people have been doing on eBay for years. Buying stuff that's underpriced and reselling it for a profit! It's not as if you can just Google for ebay tips.. oh wait, maybe you can.

And here is the best part – he’s literally GIVING away this information to anyone who wants it!

That’s right; he’s going to send you the “Mining Gold with eBay” Audio program absolutely free.  I’m talking NO cost, not even shipping and handling. 
So it's a free lunch, is it?

Simply call 1-888-876-1988 and you’ll be connected with my staff that will confirm your address and rush out a copy of this audio to your door.  It’s that easy.

No thanks.

Here are a few things you can expect to learn from this amazing audio program:

• Expert secrets to making a Fortune on eBay
• How to research and analyze your competition to increase profits
• How to create a massive bidding frenzy, every time
• The art of sniping…to get what you want at the price you need
• Perfect your auction timing to maximize earnings
• How to create raving eBay fans and get 100% positive feedback
• A secret technique all sellers must know that can literally make you thousands
• And much, much more
What about "there's no such thing as a free lunch"?
So, if you’d like harness the power of eBay to add another stream of income to your life, just wait until you learn all of these incredible, cutting edge techniques!  And, the best part is that you can do this without spending ANY money upfront.
Wait... what do you mean about "without spending any money upfront"? That's not quite the same as "free" is it? That kind of implies that you send it to me for free and I have to pay for it later.
Again, all you have to do is call 1-888-876-1988 and tell my staff where you want me to send this incredible audio training program.   Don’t miss out … you’ll kick yourself if you don’t take advantage of this offer!
Dear Robert and staff: please take your incredible audio training program and send it up your arse.

To Your Massive Success!

Robert G. Allen
Wicked.

Please not that product prices and availability are limited time offers and are subject to change.  We respect your privacy.  To remove yourself from this mailing list, click http://www.ewimail.com/unsubscribe.aspx or reply to this message with “unsubscribe” as the subject line or write us at Enlightened Wealth Institute, LC, 5072 N 300 W Provo, UT 84604
Well, at least you managed to include valid unsubscribe details rather than the last Bob Gatchel crap you sent. But you know, I don't think that I'm going to confirm my email address by clicking your so-called "unsubscribe" link.

Incidentally, in the US the BBB rates this lot with a miserable D+ rating  on a scale of A to F. Hardly inspires confidence, does it?

Evil network: Pegashosting Network / pegashosting.com 178.162.135.0/24 (AS28753)

This summary is not available. Please click here to view the post.

hiring-westunion.com scam email

This scam email is recruiting people for money laundering and other criminal activities using the fraudulent domain hiring-westunion.com:

From: Molly Leary
Date: 11 July 2010 01:23
subject: Open Positions

Greetings


I’m addressing you on behalf of the HR department of a large company. Our company covers a wide range of businesses:
- real estate
– accounts opening
– undertaking services
– etc.

We need a person to fill the vacancy of a regional manager in Europe:
- salary 2.400 euro + bonus
- 2–3 working hours per day
- flexible work time


If you are ready to work as a regional manager in Europe send us the below information on email:
c v @ h i r i n g - w e s t u n i o n . c o m [please delete spaces before sending]
Full name:
Country:
E-mail:
Mobile phone-number:



Note! We are searching Europeans only!

Please, write your name and Telephone Number so that our manager could contact you and conduct an interview. 
This domain attempts to pass itself off as the legitimate Western Union company, it was registered a few days ago to what appears to be a real address but is almost definitely fake too:

Domain name: hiring-westunion.com

Registrant Contact:
   PBsoft, inc
   Harry Bishop Harry.PBishop@yahoo.com
   818372-9865 fax: 818372-9865
   2850 Luna Pl
   Granada Hills CA 91344-1644
   us

Administrative Contact:
   Harry Bishop Harry.PBishop@yahoo.com
   818372-9865 fax: 818372-9865
   2850 Luna Pl
   Granada Hills CA 91344-1644
   us

Technical Contact:
   Harry Bishop Harry.PBishop@yahoo.com
   818372-9865 fax: 818372-9865
   2850 Luna Pl
   Granada Hills CA 91344-1644
   us

Billing Contact:
   Harry Bishop Harry.PBishop@yahoo.com
   818372-9865 fax: 818372-9865
   2850 Luna Pl
   Granada Hills CA 91344-1644
   us

DNS:
ns1.pegas-dns.org
ns2.pegas-dns.org

Created: 2010-06-22
Expires: 2011-06-22

The registrar is the scammer's favourite, BIZCN.com of China. The web server and mail is hosted on 178.162.135.108 on PegasHosting Network in the Ukraine. Email originated from 201.246.77.170, an ADSL subscriber in Chile.

This is not a real job, anything that they offer is likely to be some sort of criminal activity such as money laundering, parcel reshipping and other fraudulent back office functions.

Update 19/7/10: the spam is being sent out again, now hosted on 79.119.213.2 in Romania along with  Westunionhiring.com - if you get this, send an abuse complain to the host at abuse -at- rcs-rds.ro