Maximum PC social engineering RSS Feed

Fake Microsoft Security Update Email Includes Haxdoor Trojan

Mark Edward Soper — Thu, 16 Oct 2008 16:07:25 -0500

I know it, you know it, almost everybody that reads Maximum PC knows it - but that doesn't mean that your family, your co-workers, or your bosses know it. What's it? Simply this: Microsoft never - repeat never - sends out security updates via email.

Cnet reports that yet another fake security email purporting to be from Microsoft is busy delivering a nasty Trojan called Haxdoor to unwary emailboxes near you.

The email, ironically enough, claims that "Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users." And, it's signed "Steve Lipner, Directory of Security Assurance, Microsoft Corp."

Well, at least the bad guys got Steve's name right. However, he's actually senior director of security engineering strategy in Microsoft’s Trustworthy Computing Group, according to a recent interview.

The message (minus the Trojan, of course), is available at the Microsoft Malware Protection Center blog, where you can see for yourself the classic hallmarks of a fake message: a shaky command of the English language, sentence construction that's so stiff it belongs on a Victorian-era calling card, and off-the-wall sentiments that show it was adapted from a different con job document: "We apologize for any inconvenience this back order may be causing you." Back order? Whaat? I didn't order any malware!

Already getting calls from frantic family, friends, or co-workers wondering why their PCs have slowed to a crawl or become infested by popups? Join us after the jump for solutions.

Palin's E-Mail Id Hacked Using Social Engineering, One Person Quizzed

Pulkit Chandna — Sat, 20 Sep 2008 04:32:15 -0500

Republican vice-presidential candidate Sarah Palin found that she is just as vulnerable in cyber realms as any of us, when hackers wrested control of her Yahoo e-mail id. The hackers released five screenshots of her personal e-mails and photographs.

Both her campaign manager and the FBI confirmed the news of her account being hacked, which began circulating after the appearance of the leaked screenshots on WikiLeaks. You will not be able to have a look at the screenshots yourself, in case your peeping faculties have been roused by the news, as they have been taken down.

The hackers are said to have only counted on their social engineering skills – by collecting or guessing personal information required for password recovery – and Yahoo’s flimsy, lax password-recovery process for breaking into her account. All said, the hack has exposed Palin’s inexpedient habit of conducting state business using a personal e-mail account.

According to Knoxnews, State Rep. Mike Kernell admitted that investigators had quizzed his 20-year old son David Kernell about the hack. Kernell is a Democrat!

New MSN Messenger Trojan Targets VNCs Too [updated]

Mark 'Marcus Soperus' Soper — Mon, 19 Nov 2007 21:37:25 -0600

MSN Messenger users, it's time to batten down the hatches as a new IRC Trojan attacks both PCs and virtual network connections. Learn how it works so you can stop it.