As antivirus programs and end users alike become more adept at identifying badware, malware authors are getting even sneakier in their quest to infect your computer. Social engineering is the name of the game now – just ask the NBC News exec who clicked on an infected Christmas tree attachment from an unknown sender. A new report says that scammers have begun using a novel trick to get users to open malicious files; they send emails that claim to be from the office’s printer/scanner, which is actually pretty friggin’ clever.
If you’re a follower of NBC News’ Twitter account, there’s a good chance you crapped your pants last Friday evening. “Breaking News! Ground Zero has just been attacked!” the feed blared, followed by flight numbers and rumors of hijacking attempts. Ten minutes later, a group calling themselves “The Script Kiddies” came clean and announced that they’d hacked the account. NBC’s been trying to figure out how the account became compromised ever since, and now they think they’ve found the culprit: a Trojan Christmas tree.
Another day, another hack spreading false news of death. But where LulzSec's defacing of the Sun's website was, for the most part, harmless, the news making the rounds today could hold actual life-or-death ramifications. When Taliban members logged into their Internet-connected devices in Afghanistan on Wednesday, they found messages and news reports claiming that the group's spiritual leader was dead. Which, um, he wasn't. While the story may bring a smile to the face of a deployed GI, the Taliban didn't get the lulz.
Who can resist the idea of some free, mouth-wateringly good Chicken Selects Premium Breast Strips swallowed down with a delicious Strawberry Triple Thick Shake early on a Sunday morning? Nobody who isn't named RoboCop, that's who – and that's how the spammers get you. Now that we've become immune to naked celebs and cheap pharmaceuticals, the bad guys are going for our guts.
I know it, you know it, almost everybody that reads Maximum PC knows it - but that doesn't mean that your family, your co-workers, or your bosses know it. What's it? Simply this: Microsoft never - repeat never - sends out security updates via email.
The email, ironically enough, claims that "Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users." And, it's signed "Steve Lipner, Directory of Security Assurance, Microsoft Corp."
Well, at least the bad guys got Steve's name right. However, he's actually senior director of security engineering strategy in Microsoft’s Trustworthy Computing Group, according to a recent interview.
The message (minus the Trojan, of course), is available at the Microsoft Malware Protection Center blog, where you can see for yourself the classic hallmarks of a fake message: a shaky command of the English language, sentence construction that's so stiff it belongs on a Victorian-era calling card, and off-the-wall sentiments that show it was adapted from a different con job document: "We apologize for any inconvenience this back order may be causing you." Back order? Whaat? I didn't order any malware!
Already getting calls from frantic family, friends, or co-workers wondering why their PCs have slowed to a crawl or become infested by popups? Join us after the jump for solutions.
You know that Microsoft never sends out email messages with links to Microsoft Update or Windows Update. Do your friends, family and co-workers know that? If they don't - be prepared to mop up the mess.