A Guide to Identifying Scam and Malware

Donna Buenaventura
Categories : Smb security ,Computing
Tags : Computing smb security topics phishing

Page content

A Phished and Compromised Twitter Account

As you can see in the screenshot above, the popular BBC Sports reporter Jim Mason’s Twitter account has been subverted to tweet a message containing a link to a scammer’s website. It is likely that the reporter has become the victim of a fake Twitter login page. Make sure that shortened links in Twitter posts are related to the usual posts of the Twitter user. An example which would raise a red flag is if you would see @Brighthub_CH tweeting about weight loss, then the account has probably been compromised.

In the depicted example the BBC reporter cannot do anything until he is able to login to his Twitter account again and delete the spam tweet posted by the attacker.

In this image a Facebook login page is displayed which opens after clicking on a fake notification that there’s a new friend that wants to be added in Facebook. As you might know, Facebook doesn’t require Adobe Flash Player to be able to login. If the end-user clicks on the “Download and Install” link, he or she will end up downloading an unsafe file called “updateflash.exe”, a malicious piece software. Without security software, if this file is allowed to run, the computer will be infected with the Zbot Trojan.

An Exploit Kit in a Fraudulent Facebook Page

In the depiction above you see that the Facebook login page contains a hidden iFrame code. Even if the end-user does not download or execute the malicious file dubbed updateflash.exe from the fake Facebook login page, the computer can still be infected if the PC’s antimalware defense is not up-to-date. It’s important to keep the antivirus and antimalware software of Windows, Mac and Linux computers up-to-date to prevent being redirected to scareware portals.

A Fraudulent Online Pharmacy Website

The unsolicited email in this image contains a link to a pharmacy website. If you receive this type of e-mail, simple delete it and never click on the link. In the next image, you will learn why the email and the link are not to be trusted.

A Fraudster’s Order Page

Whenever you buy products on the Internet, it is recommended to check the protocol in use. The above image shows that a secure protocol (https://) is being used by the fraudster. Should you still trust the site simply because it is using secure protocol? You must not trust any website that requires your financial and personal information until you’ve checked the reputation of the domain.

Checking Secure Sites’ Reputation

If you are using the Web of Trust (WOT) plug-in for Internet Explorer and Firefox, or widget for Opera browser, you will be informed that the secure order page of the pharmacy website is a risk. WOT will also display some information as to why it was marked as an unsafe website. A person who uses SiteAdvisor is not lucky enough to find out, at once, that the site is not to be trusted. Some people who are not aware of the dangers of this type of scam will end up losing money from the non-existing pharmacy business.

A Fraudulent YouTube E-mail

In this screenshot, you see a fake email allegedly from YouTube informing you that your video is on the top of YouTube. All hyperlinked items in the email message are pointing to a .UK domain instead of youtube.com. Clicking on any link in the message will open a scam webpage (online pharmacy or sex and dating sites). The fraudsters only want your credit card information to steal money.

A Fake Virus Scanner

Have you been searching or browsing the Internet and come across a malware scanner webpage like the one in the above screenshot? Clicking cancel or the OK button will only download the setup.exe file. The best thing to do when you see this type of fake online virus scanner website is to close the browser from the top right hand corner or use the Task Manager utility in Windows to stop Firefox, Internet Explorer or any other browser.

How Fake Scanners Work

The fake online scanner in the above image will download an unsafe setup.exe file. The download prompt will appear even if you click the “Cancel” button. The next depiction will show you what the setup.exe file does on the computer if the end-user mistakenly executes the setup file.

A Fake Windows Defender

The outcome of executing an unsafe file from a fake online virus scanner website is an infected machine. In the above photo, I executed the setup.exe file that was downloaded from a fake Windows Defender online scanner webpage, and you will see that the computer is now infected with the Koobface worm. This worm is quite dangerous because the attackers can now start gathering login credentials when the computer user visits Facebook, MySpace, Twitter, Tagged, Friendster and many other social networking sites. This type of infection affects not only Windows computers, but also Linux and Mac operating systems.

Clickjacking Attacks

You may have seen a Facebook entry by your friend about the recent news on celebrities or anything else under the sun, just like this fake and malicious page about Lady Gaga. What do you think will happen if you click on the play button to watch the video? Find out in the next photo in this guide for identifying malware and scams.

A Clickjacking Attack on a Facebook Account

In the image bove you are looking at the fake BBC News Facebook page where a video about a celebrity is being featured. Clicking on the embedded video player’s play button will open the login window. If you have a Facebook account and entered your login information, you have just “Like"ed the page which means your Facebook friends will see this fake Facebook page about the celebrity as well. A good antivirus should have blocked loading the page because it contains a script such as a hidden iFrame which does something of malicious nature!

References

Information based on author’s research and experience.