Sponsored by..

Friday, 11 October 2013

Meet Muhammad Ali Hassan, spammer

This idiot is attempting to get a job by randomly sending out spam.

From:     Muhammad Ali Hassan [sumtech12@emirates.net.ae]
Reply-To:     ALY.HASSAN.ZIA@gmail.com
Date:     11 October 2013 11:57
Subject:     Applying for the post of Chartered Accountant / Finance Manager /Financial Analytics & Auditor or any other suitable position as per my knowledge and experience.

Sub: Applying for the post of Chartered Accountant / Finance Manager /Financial Analytics & Auditor or any other suitable position as per my knowledge and experience.

Dear Sir/Madam.  

This is to introduce myself to you as a potential candidate for the job placement in Accounting, Finance and Audit at your organization. I am currently residing in UAE and seeking job placement in the GCC countries. I have taken the time to research your company and am very impressed. I would appreciate the opportunity of an interview.

I am Associate Chartered Accountant (ACA), Associate Public Finance Accountant (APFA) and CFA Level 1 Candidate. I am currently seeking job prospects that commensurate with my qualification and work experience. I am available in UAE during October and November 2013 and can be contacted for an interview in person. Otherwise, I can be reached for telephonic or video interview via contact details mentioned in my Résumé attached hereunder.

WORK  EXPERIENCE:

A. F. Ferguson & Co., Chartered Accountants (a member firm of PricewterhouseCoopers network) Karachi, Pakistan
Designation: Audit Assistant – December 2008 to February 2011
Designation: Audit Senior – March 2011 to May 2012
Designation: Tax Executive – June 2012 to Date.

BRIEF OVERVIEW OF RESPONSIBILITIES(DETAILS IN RESUME)

·         Effective planning and execution of audit engagements  and other assignments to ensure completion of the same within the prescribed deadlines;
·         assisting clients in the preparation and consolidation of financial statements in accordance with the applicable financial reporting framework;
·         assisting clients consolidation of financial statements of group companies;
dealing with IFRS/IAS and ISA issues in financial reporting and auditing
preparing final audit deliverables; the audit report, the covering letter to the Board of Directors, the Management Letter, Group Reporting Packs and Certificates;
·         identifying key risk areas by developing risk assessment procedures for critical business processes;
·         performing overall analytical review, testing internal controls and carrying out detailed testing of the significant areas of the Financial Statements:
·         reviewing internal control systems and identifying significant weaknesses and recommended improvements thereon; and
·         supervising, training and motivating multiple subordinate team members.

EDUCATIONAL QUALIFICATION:

    Associate Chartered Accountant (ACA) --- The Institute of Chartered Accountants of Pakistan – ICAP---2013
    Associate Public Finance Accountant (APFA)--- Pakistan Institute of Public Finance Accountants – PIPFA---2012
    CFA Level 1 Candidate ---CFA Institute USA


PROFESSIONAL SKILLS AND ABILITIES

·         Proficient user of PwC’s auditing  & documentation software including Aura, My Client, Smart Statements and Lotus Notes.
·         Completed 90-hour Course of Computer Practical Training (CCPT) recommended by ICAP.
·         Proficient in all applications of Microsoft Office
·         User-level knowledge of various accounting and ERP software including Tally, Peachtree, SAP, Oracle Financials, JD Edwards, Maximo etc
·         Strong analytical skills and in depth technical knowledge of all financial and non-financial information.
·         Have experience of business and audit risk assessment via variance analysis of budgets and other statistical techniques.
·         Have experience of co-ordination with professionals in fields like legal, actuarial, taxation and information technology.
·         Able to meet stringent deadlines and the supervision, training and motivation of team members.
·         Ambitious, pro-active and result-oriented.
·         Able to transform knowledge into achievement of assigned tasks within the schedule and maintain quality.
·         Committed to implementing quality improvement techniques that drive business operations to success.
·         Strong leadership and problem-solving skills.
·         Capable of working well under pressure and able to handle multiple tasks.

OTHER INFORMATION:

Language Known: English, and Urdu.
Visa Status: Visit Visa Valid Till 5th November 2013

I do hereby declare that the above information is true to the best of my knowledge.                   

Yours sincerely,

Muhammad Ali Hassan
Email: aly.hassan.zia@gmail.com
Mobile: [redacted]
Attached to this is his CV. Because that probably contains enough information to do a serious bit of identity theft I'll just post a picture..


I wonder just how many other poor sods this spammer has sent his CV to?

Thursday, 10 October 2013

Companies House phish

This fake Companies House spam appears to be some sort of phishing attempt:

Date:      Thu, 10 Oct 2013 11:57:31 +0300 [04:57:31 EDT]
From:      Companies House [contact@companieshouse.co.uk]
Subject:      Compulsory Companies House WebFiling Update #90721

Compulsory Companies House WebFiling Update #90721

This is an important notice to inform you as a registered company to update your details.

This will make it easier to update our database and keep records of our company.

Kindly follow the link below to update your information.

CLICK - Start Here
Companies House
Crown Way
Cardiff CF14 3UZ

DX 33050 Cardiff 

The link in the email goes to [phish]www.misspanama.net/respaldo/ukcompany/CompaniesHouse.htm which asks only for a Company Name, email address and password.

Once the credentials have been harvested, the victim is sent to a genuine Companies House webpage at www.companieshouse.gov.uk/forms/introduction.shtml


So, what is being harvested here? There seems to be no malware involved, so perhaps the bad guys are actually trying to hijack company identities for some evil purpose.

It turns out that Companies House have a webpage all about this type of threat and recommend that you forward offending emails to phishing@companieshouse.gov.uk. Just remember.. sometimes phishers are after something a lot less obvious than your bank details!

Wednesday, 9 October 2013

"Annual Form - Authorization to Use Privately Owned Vehicle on State Business" spam / warehousesale.com.my

This oddly-themed spam has a malicious attachment:

Date:      Tue, 8 Oct 2013 11:49:49 -0600 [10/08/13 13:49:49 EDT]
From:      Waldo Reeder [Waldo@victimdomain.com]
Subject: Annual Form - Authorization to Use Privately Owned Vehicle on State Business

All employees need to have on file this form STD 261 (attached).  The original is
retained by supervisor and copy goes to Accounting. Accounting need this form to approve
mileage reimbursement.

The form can be used for multiple years, however it needs to re-signed annually by
employee and supervisor.

Please confirm all employees that may travel using their private car on state business
(including training) has a current STD 261 on file.  Not having a current copy of this
form on file in Accounting may delay a travel reimbursement claim. 
The is a ZIP file attached which includes the victim's domain name as part of the filename. Inside is an exectuable file with an icon to make it look like a PDF file, and the date is encoded into the filename.

VirusTotal detections are not bad at 25/48. Automated analysis [1] [2] [3] shows an attempted connection to warehousesale.com.my hosted on 42.1.61.90 (Exa Bytes Network, Malaysia). There are no other sites on that server that I can see and I recommend that you block both the IP and domain as a precaution.

Recommended blocklist:
warehousesale.com.my
42.1.61.90

Tuesday, 8 October 2013

An informal anti-virus comparison

I use VirusTotal quite a lot for looking at malware and determining how difficult it is to determine, and over time I've built up a fair amount of data on what performs well with the sort of malware that I throw at it.

This isn't a particularly scientific test, the malware I scan has a strong tendency to arrive by email rather than a being a drive-by download and the product settings in VirusTotal may not match typical settings when deployed.

The small print: Data is taken from the past six months and only products that have been active on VirusTotal for that whole time period are included. The scans are those that I took at the time, and they don't take into account that products would be updatesd probably catch them later (once they have infected your system). It also doesn't take into account that other components would be downloaded, some of which would subsequently be detected (again, once they have infected your system).Your mileage may vary. Other anti-virus comparisons are available.

So, which was best in this test? The full details are below, but the product that was clearly the best with detecting nastiness was Kaspersky with a very impressive 73% of samples detected. McAfee (58%), Malwarebytes (53%) and Emsisoft (50%) were the other products that detected half or more of the 62 samples.

The hall of shame is pretty shocking. ClamAV, ViRobot and Antiy-AVL detected no samples at all. TotalDefense and TheHacker detected just one sample (1.6%). Fifteen products detected 10% or less.

The Kaspersky result was surprisingly good, but McAfee's showing indicates that this product has improved a lot over recent years, leaving arch-rivals Symantec lagging with 58% detected compared to 34%. SUPERAntiSpyware has a surprisingly low detection rate of 3.2%, considering that this is a product I often use for difficult task. F-Secure, Sophos, Trend and Norman all had disappointing results. But the results for TotalDefense were shocking as this product is widely used within corporate customers, and is the endpoint security business spun out of CA.. for a paid product it seems to be essentially worthless.

The chart below shows the staggering difference in detection rates between the best and worst vendors.


Or if you prefer a table..

 
Product
Detection rate
Type
72.58%
Paid
58.06%
Paid
53.23%
Free / Paid
50.00%
Free / Paid
48.39%
Paid
48.39%
Corporate
43.55%
Paid
41.94%
Corporate
38.71%
Corporate
38.71%
Corporate
37.10%
Free / Paid
33.87%
Paid
32.26%
Free / Paid
32.26%
Paid
32.26%
Paid
29.03%
Paid
27.42%
Paid
27.42%
Paid
25.81%
Paid
24.19%
Free / Paid
24.19%
Free
19.35%
Paid
19.35%
Paid
17.74%
Free /Paid
14.52%
Free
12.90%
Free / Paid
11.29%
Free
11.29%
Paid
11.29%
Paid
9.68%
Corporate
6.45%
Paid
6.45%
Paid
6.45%
Paid
4.84%
Paid
3.23%
Paid
3.23%
Paid
3.23%
Free
3.23%
Corporate
3.23%
Free / Paid
1.61%
Paid
1.61%
Paid
0.00%
Corporate
0.00%
Free
0.00%
Paid


In my opinion, your anti-virus product should always be the very last line of defence. But that last line should at least be effective and it may well be time to switch if your vendor is sitting near the bottom of this list.