Security vendor Eset believes that Virus writers will soon become far more active via exploiting vulnerabilities within Windows shortcut .link files.

From The Tech Herald:

During an interview this afternoon, Jamz Yaneza,  Threat Research Manager for TrendMicro,  confirmed that they are seeing new exploits in the wild since the proof  of concept code started to circulate, targeting a much wider base of  users due to the Windows shell vulnerability. “I generally think that  the fix for this is going to be a requirement,” he said.

The exploitation of the vulnerability itself  can come from rogue shortcuts on a USB drive, the most common attack  vector seen by TrendLabs, but there are other vectors, including the  potential for malicious links to be embedded in various file formats,  such as documents, or placed in network share.

In addition, there is an option to push drive-by-downloads if a  malicious link is embedded on a Website. To be fair, while drive-by-downloads are possible, they haven’t been used.

[Article Link]

Cyber-criminals have created a new version of the Zeus crimeware toolkit.

Zeus 3 is far more selective in the banks that it targets. Two different flavors are available:

1. Target banks located in Spain and Germany
2. Target financial institutions located in the UK and US

The updated features are making it very difficult for security researchers to figure out because the malware is now operating on a need to know basis.

“It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose.” –John Leyden, The Register

Source: Zeus baddies unleash nasty new bank Trojan • The Register

SANS study: One in five mobile devices running malware | Malware – InfoWorld.

Ask a painful question, get a painful answer: That was the lesson the SANS Institute’s Internet Storm Center (ISC) learned recently when it surveyed its membership on the subject of malicious programs that target mobile devices like iPhones and BlackBerrys. –infoworld.com

LIGATT, The World’s #1 Hacker

World’s self-proclaimed #1 Hacker LIGATT e-book has been plagued by plagiarism and a whole lot more. Gregory Evans, a convicted felon and owner of Ligatt Security (Pennystock value high of $0.0002) continues to promote himself and his company as a prominent and ethical security source.

Ben Rothke, CISSP PCI QSA, senior security consultant with BT Global Services was able to expose LIGATT’s #1 Hacker e-book as a plagiarized product by using the iThenticate plagiarism checker stating that “The iThenticate scan of the book confirmed what was obvious.  In fact, some sections averaged as high as a 95% plagiarism rate, with one chapter coming in at 100%.”

The Register: “How to Become the World’s No. 1 Hacker is purportedly written by Gregory D. Evans, an animated felon who went on to become CEO of Ligatt Security International, a publicly traded company worth about 0.0002 cent per share that bills itself as a full-service computer security firm.”

Attrition.org further elaborates“Every press release, every video cast, every public communication is full of discrepancies, half-truths and outright lies.”

The world’s #1 hacker is also a hot topic within the infosec community on Twitter. Follow hashtag #LIGATT

Gregory Evans bio claims the following professional Affiliations & Awards

The Association of Certified Fraud Examiners - not found!

Legal history and Court docket.  Gregory D. Evans Lies About Being CISSP.  Gregory D. Evans Lies About Being a Certified Ethical Hacker (CEH.)  Gregory D. Evans Lies About Being CISA/CISM.

It appears that LIGATT CEO Gregory Evans is the World’s #1 Scammer. A mediocre hacker with fake credentials, currently under heavy examination from the Infosec community. Mr. Evans has been lying about his company, his affiliations, and his certifications too.

–Perhaps LIGATT should be appropriately renamed LIEDAT.

Be sure to check out Attrition.org for more LIGATT information.

——————————

Two teenagers busted running World’s largest international Cybercrime forum

The PCeU, (Police Central e-Crime Unit, of Scotland Yard) arrested two teenagers for their alleged involvement in the world’s largest international cybercrime forum.

“The forum has 8,000 members, according to the Met Police, and officers found evidence that it was “promoting and facilitating the electronic theft of personal information, credit and debit card fraud, buying and selling of personal information (including passwords and PINs), the creation and exchange of malicious computer programs (malware) and tutorials providing advice on how to commit such offences, including how to evade and frustrate law enforcement activity and exchanging details of vulnerable sites”. –David Neal, V3.co.uk

Tom Espiner, ZDNet UK reporter stated “The police investigation into the forum has recovered more than 65,000 compromised credit card numbers…Malware kits traded on the forum included the password-stealing Zeus Trojan, and compromised data from computers infected with the Zeus bot.”

During the eight month investigation, officers found evidence of the forum buying and selling personal information, along with logon credentials, password, and PIN disclosures. The forum also provided access to malicious computer programs (malware) and tutorials on how to commit electronic theft and evade law enforcement intervention.

——————————

Kraken botnet rises again

Machines infected by Kraken malware primarily are being used to send spam, and a single member of the botnet is capable of sending more than 600,000 unwanted emails in a 24-hour period, he said. All of the spam is promoting male enhancement or erectile dysfunction products.  –SCMagazine

Read more about the Kraken botnet at Dark Reading.

——————————

Who are the Russian Spies?

One of them is a beautiful 28-year-old Russian with an IQ of 162, a diplomat father and a taste for the high life. –Bharat Chronicle

Read more at the Washington Post

See the criminal complaints from the Justice Department

——————————

Until nest time — Stay safe online!

Technology Solutions for the Business of Gevernments

Don’t let lack of training dollars or your schedule prevent you from keeping up with the latest IT trends in an ever-changing market.

If you missed the #1 government-focused IT expo and conference in our nation’s capital this March, it’s now coming to your desktop! And it’s FREE!

Attend Virtual FOSE from the convenience of your computer – no travel, no fees, and no time away from the office! You can visit Virtual FOSE at your own pace and during the times most convenient for you.

You’ll experience:

• In-depth educational sessions covering key topics such as Cyber Security, Web 2.0, Cloud Computing, Virtualization, and more! Some sessions are recordings from the FOSE Conference (a $295 value, now FREE), as well as LIVE sessions followed by Q&A.
• Exceptional speakers featuring industry leaders from DHS, NASA, State Dept., EPA, GSA, and more!
• Emerging technologies in a virtual exhibit hall
  Virtual product demos and experts on hand to answer questions immediately
• Real-Time Networking
  Targeted networking opportunities with thousands of IT professionals through group chat in the virtual networking lounge, or individual communication via email, instant message, and more! Through the search feature, you choose the specific professionals you want to network with.

Because this is a free event, space is limited. Register today at VIRTUAL FOSE

.

Examiner:
FOSE: DC’s Largest and Longest Running Government Technology Show

FOSE has been functioning for more than 30 years, and no other venue draws over 10,000 senior-level IT decision makers from local, state and the federal government to network, evaluate services, products and solutions from over 400 organizations.

Forbes.com:
FOSE Announces Special Program on International Cybersecurity Issues and Initiatives
“FOSE is a great opportunity to become acquainted with new technology,” said Jacob Brown, a representative from the Department of Defense Inspector General’s Office. “It’s good to see it here, before you see it in the field. It helps you stay ahead of the curve.”

TV Worldwide:
New Show Footage

FOSE on Facebook |  FOSE on Twitter |  FOSE Group on LinkedIn |  FOSE on YouTube

Until nest time — Stay safe online!

Below you will find 12 steps that you can take today to reduce email spam.

The word “Spam” as applied to Email means “Unsolicited Bulk Email”. Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. –Spamhaus

1. Do not post your email address online in clear text.  If you must post it online be sure that your address is munged so that the bots will not see it.
2. Never respond to suspicious emails.
3. Do not unsubscribe to spam email.
4. Do not use your personal email address for public use. Instead, use a disposable email address and set it up to forward messages to your personal email account.  If you begin to receive spam in a disposable account –simply delete the disposable account and sign up for a new one.
5. Do not open suspicious attachments, links, or images. This could lead to malware downloading on your computer.
6. If you are using a software email program (and not a web-based one) be sure to disable the preview pane.
7. Use spam-blocking tools and filters.
8. If you need to forward email to groups of people use a disposable email address in the TO: field and add all recipients to the BCC: field.  This will shield the email address from others as well as from spam harvesters.
9. Be sure to have antivirus software installed on your computer, run a full scan every week, and keep it updated!  You should run some form of an anti-malware software each week too, such as Malwarebytes.
10. When you sign up for something on the web, be sure to uncheck the box that says “YES, I want to be contacted by select third parties concerning products I might be interested in.”
    
11. Be sure to take advantage of reputable and free computer scans such as the firewall leak and ShieldsUP tests over at Gibson Research Corporation.
12. Report spammers.  Register for free spam reporting service at SpamCop.

Check over at Software Candy for more tips here.

Some helpful Links:

Federal Trade Commision FTC

If you are a victim of a financial solicitation contact
the Internet Crime Complaint Center

Medical fraudulent claims (devices or products)
Email: webcomplaints@ora.fda.gov

Investment-related email- *Copy headers and forward to:
Email: enforcement@sec.gov

*How to copy email headers

One of the content monitoring services that I subscribe to is Google Alerts, which only provides content from the Google search engine itself. I use a combination of RSS and email alerts, generally set to deliver as it happens. I tend to pay a great deal of attention to alerts that come from sources that lack professional credentials. My specific area of concentration is with affiliates who participate in the distribution of harmful or bogus applications, otherwise known as rogueware.

A general template for many rogueware-affiliates is to offer a catchy title that will pique your interest.  A recent Google malware email alert was titled: “What Malware And Grayware Are And What You Can Do About Them.”

The affiliate article will likely give you accurate and timely security-related information. The writer will also hook you into believing that the author knows what she or he is talking about, while sporting juicy paragraphs such as this:

“The more sophisticated kinds of rootkits will actively prevent you from deleting them. It may, for instance, duplicate itself several times, and replace those copies whenever they’re removed, making it difficult to get rid of them all and also harder to identify the original problem files.”

Then the affiliate will add a highly credible source to the article content:

“Since it is virtually impossible to prevent malware from installing itself on your system, it is best to create a routine check on your system for malware by using an anti-malware system such as Microsoft’s Malicious Software Removal Tool. This program is compatible with Windows Vista, Windows XP, Windows 2000 and Windows Server 2003, and can determine the nature of specific malware installations while also being able to assist you in removing them from your system.”

This particular rougeware-affiliate marketing plan is highly versed in SEO and Google page ranking placement:

Both McAfee SiteAdvisor and W.O.T. (Web of Trust) have security concerns with Spyware Removal Doc.  It is also listed at hp-hosts as FSA, otherwise known as: sites engaged in the selling or distribution of bogus or fraudulent applications.

Spywareremovaldoc[]com is currently on the auction block for 15K USD with a current bid of $100 USD. You won’t be able to download their “free software” until you complete one of the trial options over at trialpay.com.

The current marketing plan is exceptionally cunning. I can credit them with some pretty ingenious and well thought out social engineering techniques too. They also have a number of first page rankings with Google and are able to market their product as highly credible to those who are not well versed in the realm of security software.

In a 2009 PandaLabs Report The Business of Rogueware, PandaLabs reveals “how the rogueware business works. Not unlike a traditional business, the rogueware business model consists of two major parts: program creators and distributors. The creators are in charge of making rogue applications, providing the distribution platforms, payment gateways, and other back office services. The affiliates are in charge of distributing the scareware to as many people and as quickly as possible.”

• Cybercriminals are earning approximately $34 million per month through rogueware attacks
• Approximately 35 million computers are newly infected with rogueware each month
• Rogueware is being distributed through Facebook, MySpace, Twitter, Digg and targeted blackhat SEO attacks  –PandaLabs

I believe that 2010 is going to introduce a few additional components to the distribution module of the rogueware business model:

1. Rogue marketing plans will include pairing(bundling) rogueware with credible software that people trust.
2. More rogueware will cease to become directly down-loadable and will be featured “behind-the-scenes” at third-party sites that have solid SEO reputations.

Until next time — Stay safe online!

12 Steps to a more secure Internet experience

Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:

1. a written test
2. a road test
3. a vision test

Learning traffic laws and knowledge of what each road sign means is integral in facilitating an orderly and timely flow of traffic. Common sense dictates that all good drivers will attempt to avoid collisions with vehicles, objects, and pedestrians.

Do you know how to drive on the Internet?

Having little or no Internet knowledge can greatly impede Internet security concerns and expose home users to viruses, malware, botnets, rootkits, and a host of other data breaching vulnerabilities.

In essence, home users are the unlicensed drivers of the Internet. There are no prerequisite tests to pass.  Anyone can use the Internet as long as they have the correct components and services.  All you need to get on the Internet is hardware (computer and modem) and an Internet Service Provider (ISP), and you are good to go!

In reality, the Internet is the Wild Wild West of the 21st century. We do not want to live by government regulation or censorship, but, at the same time, most of us want to be able to travel the Internet safely.

The Internet itself is a dichotomy. It is the weakest link in attracting unscrupulous characters; the strongest link in disseminating information; entirely dependent upon a global backbone to support its digital structure; and independent of global boundaries. The Internet is the Yin and Yang of the information age, though ostensibly robust, it is the same time extremely vulnerable to client-side, web application, and zero-day vulnerabilities.

Where should you begin?

There should be some simple rules in place that all home users should follow prior to using the internet. You should (at minimum) read Internet 101 from wiredsafety.org to learn the basics.

Internet security for the home user should involve a layered approach.

When using a layered approach you would not depend upon just one security suite to become the total answer for all of your Internet security needs. Any single defense can be flawed. Instead, you should rely upon a combination of security products and strategies to effectively manage your Internet security.

“Layered security is about multiple types of security measures, each protecting against a different vector for attack.” — Chad Perrin, TechRepublic

Within the various security suites there is generally one or more components that may suffer a weakness or two. For example:  BitDefender Internet Security 2010 has an excellent anti-virus scanner but has weak anti-spyware scanning capabilities.  Though Webroot Internet Security Essentials 2010 rates high overall, the firewall is time consuming and difficult to configure. The suite also lacks parental controls, though they do offer a parental control product that is sold separately. Though Trend Micro Internet Security Pro includes an exhaustive feature base including backup and registry cleaning, their terminology differs from the industry standard and could potentially confuse a new user.

12 Steps to a more secure Internet experience

Review the Security Checklist Here

1. Test PC security at a trusted site (see security checklist)

2. Do not use a windows administrator account to surf the Internet. Microsoft recommends Setting up a Limited User account for Internet use.

If you are using an administrator account to surf the web and you get attacked from malicious software, the attacker can gain access to your computer through the administrator account. On the other hand, if you are using a limited account and get attacked from malicious software, the attacker only has limited access and won’t be able to do much of anything! (see security checklist for instructions)

3. Always create STRONG passwords.

Use strong passwords to keep the bad guys out, this should be your first line of defense.  Never use personal details or easy to guess passwords, and do not use the same password at every online site!

4. Keep your PC updated using Windows automatic update

5. Keep your anti-virus software (suite) up to date (be sure it is set to auto-update).

6. Run anti-spyware/anti-malware scans on a regular basis (see security checklist for instructions)

7. The ideal firewall configuration consists of both a  software and a hardware firewall

A software firewall is software program that helps protect a computer from unauthorized access.  It has built-in filters  that can prevent dangerous material from entering your computer.

A Hardware firewall can provide a strong degree of protection from most forms of external attack and can be configured without much configuration difficulty.  A hardware firewall is generally a small metal or plastic box filled with plug openings or ports. You would hook your computer up to this metal or plastic box via a network cable. Hardware firewalls do not prevent viruses.

8. Scan and detect application and plug-in vulnerabilities by using a software vulnerability scanner

Scan with Secunia PSI – This Personal Software Inspector program is automated and designed to scan and detect vulnerable, out-dated applications and plug-ins that expose your PC to attacks.

9. RUN a Host Intrusion Prevention System [HIPS]

In general terms a HIPS program seeks to retain the integrity of the system in which it is installed by preventing changes to that system from unauthorized sources. Normally it does this by generating a security popup alert asking the user whether any change should be authorized.  –Gizmo

10. Use link scanners for Internet protection from malicious websites (see security checklist)

11. Delete all Flash cookies on a regular basis (see security checklist)

12. Always BACK-UP.  Back-up your back-up too!

Now that we have covered security basics you should get better mileage out of your Internet experience.  For excellent Internet Security updates follow Security_FAQs on Twitter.  Be sure to follow his security lists too!

http://twitter.com/Security_FAQs/internet-security-2

http://twitter.com/Security_FAQs/internet-security-3

http://twitter.com/Security_FAQs/internet-security-4

Until next time — Stay safe online!

Conficker: ‘Headless Botnet’ Still Infecting Windows Users

Researchers say the notorious Windows worm has created a “headless botnet” – but one that continues to maintain a hold of millions of computers. A year after the infamous April 1 doomsday deadline, the investigation into the masterminds of the worm continues.

Read the rest of this article at eWeek

Identity Crisis?

What if confidence in a person’s identity were eroded to such a degree that it became impossible to prove who you are anymore?

If trust were eroded to such an extent that no one had the confidence necessary to trust a “proof” of identity, what would be the outcome? Would the local and even global financial system collapse as the risk of lending became too great? Would the world of online consumer commerce carry on regardless, asserting that “reception of funds is sufficient proof to ship” thus furthering the crisis of confidence as everyone’s bank accounts became a public and shared utility?

Read the rest of this article at Rik Fergusons blog

Apple IPad Hits Stores in the US

Apple Computer on Saturday started selling the iPad tablet, a handheld device through which users can view movies, surf the Internet, read e-books and play games.

Lines formed outside the Apple store in New York with customers eager to purchase the product, which is one of the most hotly anticipated devices since the iPhone was launched in 2007. The lines weren’t as long as they were for the iPhone, but buyers seemed ecstatic after getting the iPad in their hands.

Read the rest of this article at  PCWorld

Will Feds Use Letter Sent by Sovereign Citizen Group to Stage False Flag?

“…the government is looking for the right situation in order to crack down on the patriot movement. The establishment is infamous for staging fake terror and criminal events as a pretext to take drastic action against those who oppose their plans.”

Read the rest of the article at PrisonPlanet

Flawed Assumptions in the Albert Gonzalez Case

As attorneys and retailers argued recently about the sentencing and secrecy of Albert Gonzalez’s criminal empire, various fundamental retail realities were forgotten.

Consider, for example, arguments on both sides that JCPenney and Wet Seal would have their stock prices seriously hurt if word of their involvement leaked out. The federal judge overseeing that discussion said any stock impact from the retailer’s own doing, but he neglected to point out that there is absolutely no reason to believe that there will be any stock impact.

Read the rest of this article at CBS news

Until next time — Stay safe online!

Internet tools such as sleepingtime.org that analyze personal sleeping patterns when combined with Twitter’s geo-location feature, is, in my opinion — a privacy breaching technology.

A potential victim of cyberstalking/stalking who is not savvy on social networking privacy settings, could inadvertently invite a stalker to their physical location.The stalker could use the victims sleep time to gain access to their home or apartment.You get the gist — the combination of human patterns and physical location could put a person or family at risk!

Should social networking sites police it’s borders?

What applications and services are harmful or beneficial to social networking when privacy enters the arena?  Will knowledge of your physical location, the hours that you sleep, the town that you live in, the restaurant that you are currently dining at place your privacy at risk?  Or better yet, could it open a new chapter to that of information-based harm?

Schneier on Security wrote at his blog about Privacy Salience and Social Networking Sites stating “Privacy salience does a lot to explain social networking sites and their attitudes towards privacy. From a business perspective, social networking sites don’t want their members to exercise their privacy rights very much. They want members to be comfortable disclosing a lot of data about themselves.”

Since social networking sites want members to disclose a lot of data about themselves, this will obviously erode personal information anonymity online. Where do you draw the line?

Basic Online Privacy Advice:

Anyone who posts at social networking sites who is concerned about their privacy online should take the following four precautions:

1. Be aware of your profile settings at each site and use the privacy levels that will work for you.
2. Think ahead about what you are going to post. Be aware that any information you post could become a matter of public record for a very long time. This means posting personal pictures, comments, tweets, likes, dislikes, gossip, is all up for grabs and apt to follow the poster indefinitely.
3. Be especially observant not to post private information online such as your real name, address, or telephone number to strangers. For the super savvy privacy buffs: create a public profile that cannot be traced back to you and do  turn geo-location off at all social networking sites or use a proxy or anonymity service .
4. A few times a year go to www.google.com and do a search for all online names that you use. If you see any private identifiable information that is publicly available on the web, contact the appropriate sites to have your personal information removed.

Until next time — Stay safe online!

Serial killer Fred West created a Facebook Fan Page for Graham Cluley  – should he be worried?

Two years ago someone posted a mock up photograph of Graham (Security expert from Sophos) along with offensive materials on Facebook indicating that he might be a pedophile.

As a consequence of the perpetrators actions some people threatened to burn down Graham’s house and even issued a death threat against his wife.

Read the rest of this article at Graham Cluley’s Blog and don’t forget to watch the video.

IRS uses Facebook, Twitter for tax audits
Government uses social networking sites for investigations

Advocacy group the Electronic Frontier Foundation has obtained documents showing how law enforcement agencies and the Internal Revenue Service are gathering information from social networking sites for their investigations.The documents were obtained via a Freedom of Information Act (FOIA) lawsuit filed last December by the EFF and the University of California, Berkeley’s Samuelson Clinic. The lawsuit was filed against six federal agencies and sought information on their use of social networking sites for data collection and surveillance purposes.

Read the rest of this article at computerworld

Mafia don suspect tracked down via Facebook
Capo gets poked and cuffed

Italian police successfully used Facebook to track down a Mafia suspect.

Pasquale Manfredi, 33, who reportedly calls himself Scarface and allegedly runs the ‘Ndrangheta mafia, was captured in Calabria using intelligence gleaned from the social networking site. Manfredi, who used the alias Georgie on Facebook, is suspected of using social networking to exchange coded instructions and stay in contact with other mobsters.

Manfredi, who was caught despite attempting to flee across the roof of an apartment building, faces charges of murder and drug trafficking, the BBC reports.

Read the rest of this article at The Register

Cybercrooks use anti-piracy tools to protect malware
Anti-piracy provisions similar to those of Microsoft’s Windows are being used to protect Zeus an anti-piracy kit responsible for millions of dollars in losses to businesses and consumers.

The newest version of Zeus, a do-it-yourself crimeware kit responsible for millions of dollars in losses by consumers and businesses, comes with anti-piracy provisions similar to those used by Microsoft’s Windows, a researcher said today.  And that’s a good thing.

Like Windows, Zeus 1.3 ties itself to a specific computer using a key code based in part on the machine’s hardware configuration, said Kevin Stevens, a security researcher with Atlanta-based SecureWorks, and a co-author of a report on Zeus published last week. “It’s just like a Windows licence,” said Stevens as he explained how the key code is generated.

Read the rest of this article at itbusiness.ca

Computer forensics tool for banks aims to trace Trojans

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client’s PC has been infected with malware following incidents of suspected fraud.

The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a possibly compromised computer. The service can also be used to collect samples, identify cybercrime command servers and block further attacks.

Read the rest of this article at The Register

DroidSecurity Selected by 10,500 Users Within 24 Hours of Malware Found on Mobile Phones

DroidSecurity, a pioneer in smartphone security, today announced that 10,500 new users downloaded their mobile device security solution within 24 hours of the discovery of the Conficker and Mariposa viruses on new Vodafone HTC Magic smartphones. DroidSecurity customers were preemptively protected against the malware through its cloud-based malware detection technology.

The Android-based Vodafone HTC Magic smartphone was sold with the Mariposa and Conficker viruses pre-installed. Once a user plugs the smartphone into a PC using a USB connection, the malware immediately phones home to the malware writer, steals personal information and the system is converted to a bot. A Lineage password stealer was also found on the device. Specifically, the autorun.inf and autorun.exe files were infected.

Read the rest of this article at BUSINESS WIRE

Until next time — Stay safe online!

Cybersquatting as domain squatting

Cybersquatting is profit that is made from the goodwill of a trademark.  The Domain Name Handbook defines cybersquatting as:

“A name given to individuals who attempt to profit from the Internet by reserving and later reselling or licensing domain names back to the companies that invested time and money in developing the goodwill of the trademark.”

The plan behind cybersquatting is almost always to extort payment from the trademark owner.  Once the owner pays the price demanded by the cybersquatter, the domain name is then returned to the owner.

Criminals can also use cybersquatting for malicious purposes, such as sending spoofed email in phishing campaigns for the purpose of stealing your identity, or cybersquatting can be used in the pursuit of corporate revenge.

Typosquatting as URL hijacking – is all about raking in ad revenue!

On the other hand, Typosquatting is far more insidious and dangerous than that of cybersquatting. The intent behind typosquatting technology is in the purchase of huge quantities of popular domain names that are typos of brand domains (that often have significant traffic) in order to hijack site visitors who mistype an original domain name.

As an example: Canadadrugs.com, a popular online pharmacy is currently a victim of typosquatters:

candadrugs.com – Purchased by: Valuable Web Names
14525 SW Millikan Way #13790
Beaverton, OR 97005-2343
canaadrugs.com

canadarugs.com – purchased by Suucess
23852 pacific coast highway unit 720
malibu, ca 90265 US

cnadadrugs.com – Whois Privacy Protection Service, Inc.

Typosquatting sites often use mousetrapping (a circle jerk) or redirection methods in order to inundate the user with advertisements or redirect them away from the brand site to promote competitive products.  WiseGEEK further defines mousetrapping as “a technique used to trap an unwilling visitor at an offending website in order to gain maximum benefit from the one-time visit.”

There is GREAT PROFITABILITY in the use of
mis-typed domain names – Just ask Google!

Harvard researchers Ben Edelman and Tyler Moore suggests that Google may be profiting from typosquatters – at the expense of online advertisers.

“The scheme is a simple one for the perpetrators: owners of such typosquatting sites place ads on them in the hopes that people who accidentally navigate there will click on them. Moore and Edelman – who has done several indepth and critical studies of Google’s policies – estimate that Google earns about $500 million a year in such misplaced revenues.”

According to Moore and Edelman, 57% of typo domains include Google pay-per-click ads.

Domain Name Techniques

“Suppose a user omits the period that separates “www” from a site’s domain name, for example, “wwwmcafee.com” instead of “www.mcafee.com.” Typosquatters can register that domain.” –McAfee

FYI: Resources to help you make informed decisions!

• You can check to see if your domain has been attacked by typosquatters by using the IBCI Law Group Typesquatter service




• Education is primary: Visit CSC (Corporate Service Company) to study Corporate Identity Protection web seminar archived recordings:

1. Domains 101
2. Going Global with a Brand
3. Not Your Grandfather’s Trademark Law: Social Media’s Transformation of Trademark Law into Brand Identity and Reputation Management
4. An Analysis of the $220 Million Spent by Brand Owners on UDRP
5. How to Watch your Trademarks, Domains and Brands Online in Today’s World
6. Mastering Your Domain – Best Practices for Managing a Global Domain Name Portfolio

• File a UDRP Complaint

• KaatzLaw: Helping Trademark Owners Protect Their IP Rights on the Internet

• New Domain Typesquatting Search

• Measuring the Perpetrators and Funders of Typosquatting

In Conclusion

Brand name typosquatting is not really cybersquatting! The methodology utilized by cyber-criminals in cybersquatting merely fulfills the demand of collecting a one-time extortion fee in return for a brand name domain.

Whereas, Typosquatting methodology contains the element of continuous financial return in advertising clicks via hijacking domains that can be mis-typed.  Make no mistake about it — Typosquatting is BIG bucks in the realm of cyber-crime.

Until next time — Stay safe online!

While happily perusing Google malware alerts this morning, I managed to click on a poisoned URL.  The Vista computer that I use for alerts/surfing/chatting/social networking is not my main PC, but is obviously one that I have no desire to infect!

So as to not reinvent the wheel, I went to Norton Safeweb and got a fairly good description of what this threat entails:

This particular malware is a drive-by-download and HTTP Fake Scan Webpage.  It is not OK to click OK on the popup! You should immediately use task manager to end the browser session.  Next you should run an antivirus and anti-malware scan (Malwarebytes is a good choice.)

Trademytweets[SCAM]com is a new variation of the old Tweeterfast, Tweeterfollow theme. Recent domains that have operated under the same gray umbrella are gettwitterfollowersforfree.com and
SpreadMyTweets.com.

Trademytweets claims:

“How does it work? When you sign in with your Twitter details, our system will find you 20, 40, 60 or 100 other Tweeters. Then with these people it will begin to make them follow you as you follow them, instantly. “An eye for an eye.” This service will continue until you choose to stop it.”

Current keyword tweets:with approximately 10 tweets per minute involving numerous affected accounts.

“Want some Free Twitter Followers?”
“Just used TMT for some free followers”
“Get Free Twitter Followers!”

Update for March 30, 2010:
You have been using this shortened link since March 25, 2010 http://isDOTgd/aXDme on Twitter.
Here is one example account with much more than ONE tweet every 20 hours…

You certainly have great marketing skills.

Update 8:49 PM March 30, 2010

It appears that if one receives more tweets from this service than one tweet every 20 hours, they are logging into the site and requesting to add more followers.  The site is currently down at the moment.

Until Next time – stay safe online!

Disclaimer: This blog post is in relation to my collection of spam. I am not a spam expert.

The past few weeks have elicited all manner of spam at Teksquisite, and also at Gmail and Yahoo accounts.  Spammers often collect email addresses from customer lists, chatrooms, email chain letters, forums, newsgroups, websites, and viruses. Current email accounts that are receiving spam have connections to prior chain mails, forums, and newsgroups. Spam or junk email is almost always unsolicited and unwanted.

“Increasingly, e-mail spam today is sent via “zombie networks”, networks of virus- or worm-infected personal computers in homes and offices around the globe; many modern worms install a backdoor which allows the spammer access to the computer and use it for malicious purposes. This complicates attempts to control the spread of spam, as in many cases the spam doesn’t even originate from the spammer.” –Wikipedia

Most common email spam:

1. Chain mail – Gordon Brown Hoax 
2. Trojans – botnets, bredolab, Pushdo
3. Phishing – Please log into your financial account and confirm
4. You are a winner – congratulations, lotteries
5. Offers – Viagra, educational, OEM software
6. Personals – find true love here
7. Scam news – generally will contain a link to malware

With an increase in botnet-related spam (mainly Bredolab,) a sharp rise in educational and pharmaceutical/medical spam, and definitely far more activity in the arena of phishing spam regarding financial accounts – you really should pay close attention to what lands in your inbox, because Trojans in the form of zipped files do not always end up in your spam folder.

I find it inconceivable, and somewhat disturbing that I collected almost 900 spam emails last week.  This is quite a jump in spam, considering, that during the first week of January spam for all accounts leveled slightly below 300.

Over the past three weeks I have seen a sharp rise in UPS Postal Support email that always contains an attachment “invoice” that is spoofed from some.address@ups.com with signatures such as:
Postal Support RANDOM NAME
UPS Manager, RANDOMNAME

The attachment currently arrives as a ZIP file: 

My advice to you is to KEEP IT ZIPPED AND DELETE IT!

Spam Examples

• Chain Mail: Gordon Brown Virus

Chain mail claiming that if you receive a picture of British Prime Minister, Gordon Brown smiling, your computer will become infected with a virus.

You can read more about this hoax over at Graham Cluley’s Blog.

• Trojans: Trojan.Downloader, Bredolab, Pushdo, Zeus [botnets]

Once the zip file is extracted, an exe file (disguised as an Excel file) downloads Pushdo (a malacious bredolab downloader.) In an article at cnet News, Joe Stewart, director of malware research at SecureWorks stated:

“Pushdo downloads different Trojans onto infected machines and has been used to send spam as part of the Cutwail spambot…”It’s a typical pay-per-install system,” used to distribute banking Trojans, password stealers, ad clickers, and search hijackers”

“For those unfamiliar, Bredolab is a simplified botnet – a loader which simply connects to a remote server to report and receive files to download/execute. Apart from rogue antivirus software (”scareware”), Bredolab’s other favorite download is Pushdo.” –Fortinet

Since Pushdo is not written to disk and is memory resident, botnet owners frequently change the code and behaviors of Pushdo, which further makes it difficult to classify variants over time.  What I have posted here today, may not be applicable tomorrow!

For a better understanding of Bredolab see You Scratch My Back…BREDOLAB’s Sudden Rise in Prominence by David Sancho, Senior Threat Researcher at Trend Micro.

• Phishing – Please log into your account

1. This type of spam requests that you verify your account via a spoofed link where your personal details will be captured for the phishers
2. HSBC Bank will never send an email asking you to verify details.
3. There are all types of variations in these spoofed emails.  If you receive e-mail claiming to be from HSBC, call HSBC at 1-800-975-4722. Follow the instructions regarding fraudulent email here.

• You are a winner – congratulations, lotteries

Never reply to this type of email because you will end up on a global spammer list.  Delete it.

• Offers: OEM Software (Original Equipment Manufacturer)

OEM software is NOT FOR RESALE (NFR) and always includes licensing along these lines: “For distribution with a new personal computer only. This software may not be sold independently.” OEM software must be sold with hardware.

Some spam email often links to ebay where you can purchase OEM software. The seller appears compliant with the hardware requirement by advertising to remove hardware from the original system (or so they claim!)

“In accordance with eBay policy, I offer the HDD that came with the system (it currently has bad sectors and is not usable), which I can ship at the buyer’s request.”

Many recent OEM emails that I received are claiming to be a company located at 1100 South State Rd 7, Suite 501 in Margate, FL 33068.  Their website is registered to a Russian domain.  Thanks to Twitter folks @ChrisMuncy, @dckovar and @Lisa827 for advice on contacting the tax office in order to find out about the building that the business is located in.  In this particular case, the City of Margate, Florida was unable to find any records for a business registered at Suite 501 at the above address.  They will be sending out a code officer today to inspect the location since they only have four active businesses registered at this building.

Also be sure to stop by SIIA (Software & Information Industry Association) and brush up on
What You Need to Know About OEM and Academic Software.

12 steps to less spam:

1. Do not post your email address online in clear text.  If you must post it online be sure that your address is munged so that the bots will not see it.
2. Never respond to suspicious emails.
3. Do not unsubscribe to spam email.
4. Do not use your personal email address for public use. Instead, use a disposable email address and set it up to forward messages to your personal email account.  If you begin to receive spam in a disposable account –simply delete the disposable account and sign up for a new one.
5. Do not open suspicious attachments, links, or images. This could lead to malware downloading on your computer.
6. If you are using a software email program (and not a web-based one) be sure to disable the preview pane.
7. Use spam-blocking tools and filters.
8. If you need to forward email to groups of people use a disposable email address in the TO: field and add all recipients to the BCC: field.  This will shield the email address from others as well as from spam harvesters.
9. Be sure to have antivirus software installed on your computer, run a full scan every week, and keep it updated!  You should run some form of an anti-malware software each week too, such as Malwarebytes.
10. When you sign up for something on the web, be sure to uncheck the box that says “YES, I want to be contacted by select third parties concerning products I might be interested in.”
    
11. Be sure to take advantage of reputable and free computer scans such as the firewall leak and ShieldsUP tests over at Gibson Research Corporation.
12. Report spammers.  Register for free spam reporting service at SpamCop.

If you plan on using this service often, consider making a donation!

Some helpful Links:

Federal Trade Commision FTC

If you are a victim of a financial solicitation contact
the Internet Crime Complaint Center

Medical fraudulent claims (devices or products)
Email: webcomplaints@ora.fda.gov

Investment-related email- *Copy headers and forward to:
Email: enforcement@sec.gov

*How to copy email headers

Until next time — stay safe online!

You are well aware of the challenges we as a CyberSecurity community face from rapid changes in the technology landscape. FOSE 2010 is the place to discover opportunities and solutions along with changing expectations for government IT professionals.

Register today for the FOSE 2010 experience http://www.fose.com.

You can expect:

• 3 days of IT resources helping you navigate today’s shifting tech landscape
• 2 full conference days packed with education on emerging technologies, trends, and new improvements to existing solutions
• Thousands of products on the FREE* EXPO floor allowing you to gain one-on-one insight into the capabilities of our exhibitors through demos, theater presentations and FREE Education.
• Attend the Accenture CyberSecurity Pavilion or Focus on Digital Forensics.

*FOSE is a must-attend free show for government, military, and government contractors.

It’s time to register and reserve your place at FOSE http://www.fose.com

Connect with FOSE
Twitter |  Facebook |  LinkedIn |  GovLoop

Recently, While watching the twitter public_timeline (TPT), I managed to get myself tangled up in an uncomfortable situation online.  While on the TPT I came across an alleged hacktivist, became overly curious, and followed up by conducting private research to better understand the intentions behind his or her hacktivism activities.

It wasn’t long before I began to notice discrepancies in the hacktivist’s focused cyber attacks. While conversing with this particular hacktivist I also drew some curious head shakes from security experts who allegedly had connections with the US government (AC).

In a nutshell, I managed to upset both the hacktivist and the AC’s! All of this online drama came about because I unintentionally set myself up for such a situation to occur.  Some of you may be wondering why I even bothered to pursue following and questioning such a controversial profile.

For as long as I can remember I’ve always been inherently curious. I was one of those kids who would find Santa’s hidden stash and secretly unwrap everyone’s Christmas gifts, then re-wrap all of the gifts back to perfection. Perhaps I was checking gift equality or I was just a nosy kid. Whatever the reason behind such invasive curiosity, this curiosity beast is one that I have to fend off and suppress on a consistent basis!

This type of curiosity could have easily become a Teksquisite reputation downfall. I could have been targeted both by the hacktivist and by government investigations. Though I did receive some direct communications via messaging and phone regarding statements I made about the hacktivist on twitter, I was not aware until much later in the game (by other concerned security
professionals) that this was a situation that I should graciously remove myself from.

“Harassment comes in many different forms and is not limited to physical or verbal abuse. Harassment can occur in any media or forum in which individuals interact.” –The Free Library

3 important steps to extricate yourself from situational cyberharassment

1. NEVER respond to flames.
2. NEVER confront the individual(s) with evidence or accusations
3. Remove yourself immediately from all hostile situations

The above steps should sever any type of online harassment situation almost immediately.  Although there may be some negative fallout from my particular situation, I anticipate that the steps I have taken above will successfully eliminate the possibility that cyberharassment will continue to exist.

If the above steps do not resolve a cyberharassment situation, you may be looking at the more serious case of cyberstalking.

“Cyberstalking and cyberharassment are very similar. Most people use them interchangeably, but there is a subtle distinction, typically relating to the perpetrator’s intent and the original motivation for their behavior.”

“While the two situations usually involve many of the same online tactics, cyberstalking is almost always characterized by the stalker relentlessly pursuing his\her victim online and is much more likely to include some form of offline attack, as well. This offline aspect makes it a more serious situation as it can easily lead to dangerous physical contact, if the victim’s location is known.” –Wiredsafety

In the past I have voluntarily worked with both Wiredsafety.org as an Internet Security Specialist and HaltAbuse.org as an Internet Security Advocate. Both organizations offer extensive help to victims of cyberstalking. If you are involved in an online situation that has escalated beyond the status of cyberharassment, be sure to contact one of the organizations listed above for further information on how to protect yourself online.

Until next time – stay safe online!

Twitter hack claimed by Iranian group

The hack that occurred on Twitter itself is significant beyond any wider political motives. It shows that what is the world’s fastest growing communication network is rather insecure.

Being able to change the DNS records of a website means that rather than simply redirecting users to a vanity page identifying the hack, hackers could actually have redirected people to a site that looked rather like Twitter itself.

In a similar way to phishing attacks that mimic online bank accounts, the hackers could have encouraged users to login, thus revealing usernames and passwords.

Expert Rik Ferguson of Trend Micro told me: “One has to wonder how quickly the attack would be noted if the dummy site was an exact replica of the victim and was simply there to harvest credentials and redirect the user then into the real site.  The hack that occurred on Twitter itself is significant beyond any wider political motives. It shows that what is the world’s fastest growing communication network is rather insecure.   –channel4news

Twitter: @channel4news |  @rik_ferguson

Web-Based Worms: How XSS Is Paving the Way for Future Malware

I first became aware of cross-site scripting (XSS) nearly a decade ago. At the time, despite being an all too prevalent bug in Web applications, the risk posed by the flaw was of limited value. It was the go-to vulnerability for any pen tester that was having trouble digging up a meaningful vulnerability to add to his audit report.

That has all changed now. Today, XSS represents a meaningful threat — a threat that is not only leveraged by attackers to harvest authentication credentials, but also is enabling a new generation of malware in the form of Web-based worms.

Depending upon whom you listen to, the statistics may be different, but virtually all agree that XSS remains the most prevalent Web application vulnerability that we face today.  –TechNewsWorld

@technewsworld on Twitter

Cisco gives Zeus, Koobface and Conficker awards

Zeus is the most audacious criminal operation of the year and Koobface the most notable criminal innovation, according to Cisco’s Annual 2009 Security Report. On a positive note, the cybercrime sign of hope award goes to the Conficker Working Group.

Cisco Systems Inc. presented its first-ever Cybercrime Showcase awards as part of its 2009 Annual Security Report, released Tuesday.

Zeus: the most audacious criminal operation – Designed for information stealing and specializing in online banking fraud, Zeus is a shrink-wrapped piece of malware that any criminal is able to buy, explained Henry Stern, senior security researcher at Cisco. Some vendors are selling it as service for about $700 a month, he said.

Koobface: the most notable criminal innovation – Koobface is a piece of malware that takes over a user’s social networking account, explained Stern. “As soon as you get infected, it will send messages to all of your friends and it will try to lure them into becoming infected as well,” he said. –ITWorldCanada

@itworldca on Twitter

New Facebook Privacy Settings Under Fire

Facebook is making major changes to its privacy settings, giving you the opportunity to share your personal information with “everyone” on the Internet. But is that wise?

Facebook’s huge user base is signing onto their favorite social network today, and viewing an important message.

They’re being encouraged to review their privacy settings, as Facebook effectively encourages its 350 million users to share more information with everybody on the Internet.

The worry is, of course, that Facebook’s recommendations may be in the best interests of Facebook — but they may not necessarily be in the best interests of all of its users.     –DarkReading

Twitter: @DarkReading |  @Gcluley

Until next time — Stay safe Online!

I’ve been following the Tweeterfollow musical domain saga since late September 2009.  The theme never changes.  I’ve also written about their scam/phishing/twitter account hijackings here.

Yesterday the Tweeterfollow (AKA: TF) domain push on Twitter was via Twtxtreme.info (currently disabled) using short url services tinyURL and retwt.me.  Today it looks like TF is promoting twtkingz.info via retwt.me and kiwi.url.  TF consistently uses IP: 124.217.246.188 but because TF switches domains frequently, they have not been blacklisted.

The web login page is always the same:

Description: A place to add more followers for your twitter page. This is a twitter adder site

Keywords: get more twitter followers, tweet, twitter network,twitter train, get more followers on twitter, twitter, tweeter, tweeteradder, tweeterfollow, deadlyx, rawhood, hoodzone, followers, train, vip, tweet

Logged in to the TF Web GUI

Once you are logged in to their website you will automatically follow all VIP members. Then you click  on Twitter profile random images [graphics from a3.twimg.com] to follow regular users [SIC].

Once you have clicked on all 20 default regular users profiles, the pop-up below appears:

Click on the OK button and 20 new profiles will reappear.  You can click all day long and into the night and you will still get the congratulatory pop-up each time you click the 20th profile.

You are also encouraged to purchase a VIP membership using PayPal or a credit card. The account that TF is currently using at PayPal is registered to ryann.johnson2009@gmail.com.

Ability to view protected tweets

Using http://isfollow.com/ I wanted to see if the locked accounts that I randomly followed through the TF API were following me.  The accounts listed below were not following me but I was able to view their PROTECTED TWEETS!

afrheyy
aliamutia
ibaddbxtch
IamHoodBarbie
ohannaweb

Since the above account is not following my test account I should not have been able to view IamHoodBarbies protected twitter stream. Obviously these Twitter profiles are all compromised accounts. A simple change of password is probably not the band-aid that should be used.

The Twitter filter managed to nab the “100 followers” string and filtered these tweets from the test account Twitter stream.  The test account is also not currently accruing a steady stream of profiles from Twtkingz[TOX]info API like it was yesterday.  During the past six hours the test account has only followed one protected account via the TF API.  The test account is still able to view protected tweets of accounts that are not following the test account.

Who is behind all this?

With all the emphasis on botnets, security breaches, and malware; In comparison, Tweeterfollow appears harmless.  Is it?

Domain ID:D30737265-LRMS
Domain Name: TWTKINGZ.INFO
Created On:10-Dec-2009 15:10:50 UTC

Last Updated On:10-Dec-2009 15:10:59 UT

There is something big going down on Twitter

Any website hosted at Piradius.net in Kuala Lumpur, Malaysia should immediately raise  a red flag.

Update:  12-15-09  8:13 pm EDT

Update:  12-16-09

Update:  12-17-09

Update:  12-22-09

Test account data:

December 18:
5 tweets Total

Timing:
2 tweets @8:08  pm from API
1 tweet  @9:54  pm from API
1 tweet  @9:55  pm from API
1 tweet  @10:25 pm from API

URL Breakdown:
3 tweets to twtfollow[TOX] info via ohurl.com
1 tweet to twtfollow[TOX] info via retwt.me
1 tweet = “This site just gave me 100 followers using” no URL

December 19:
9 tweets Total

Timing:
1 tweet   @6:09  am from API
1 tweet   @8:33  am from API
1 tweet   @2:10  pm from API
1 tweet   @4:34  pm from API
4 tweets  @7:09  pm from API
1 tweet   @10:10 pm from API

URL Breakdown:
1 tweet to youtube.com [generic]
1 tweet to twtspeedy[TOX] info [via retwt.me]
2 tweets to twtfollow[TOX] info [via Safe.mn = flagged as a "Dangerous website: Phishing/Malicious Content"]
2 tweets to twtspeedy[TOX] info [via TinyUrl]
1 tweet to twtfollow[TOX] info [kiwiurl.com]
1 tweet to twtfollow[TOX] info [via shorten.ws]
1 tweet to twtfollow[TOX] info [via snipr.com]

December 20:
15 tweets Total

Timing:
1 tweet   @12:34 am from API
1 tweet   @1:10  am from API
1 tweet   @6:11  am from API
1 tweet   @7:12  am from API
1 tweet   @8:34  am from API
2 tweets  @1:31  pm from API
2 tweets  @1:32  pm from API
1 tweet   @1:33  pm from API
1 tweet   @2:11  pm from API
1 tweet   @6:36  pm from API
1 tweet   @7:29  pm from API
1 tweet   @7:33  pm from API
1 tweet   @10:12 pm from API

URL Breakdown is getting spammy, so for the sake of brevity – here goes:
The shorl you requested has been disabled due to abuse. We’re sorry for the inconvenience.
lu.mu disabled
kiwiurl.com disabled
nvg8.it disabled
twtfollows {TOX] Info still online
twtlimit {TOX] Inf still online
retwt.me = .twtspeedy[TOX] info

December 21:
26 tweets Total

Currently pushing the following Toxic URLs:

twtfollows[TOX] info
twtlimit[TOX] info
twtspeedy[TOX] info

Stay Safe Online!

There has been chattering the past few days about unknown rogue software available for download on the Internet that lets you view private Facebook profiles. I can assure you that this new software called FacebookAgent is old news wagging a new wrapper. This is not just another scam! This rogue application also has a back door along with Trojans droppers put together by cyber-criminals to elicit financial information via social engineering techniques. Prior to examining FacebookAgent on a VM earlier today I ran Malwarebytes and had a clean scan with no infected files. After installation of Facebook Agent and testing in a VM I ran Malwarebytes again and had 159 infected files! (the results will be posted at the end of this article.) Domain: www.facebookagent[DOT]com Current IP: 74.208.137.211 131 1&1 Internet Inc PA

Facebookagent.com website provides this Disclamer:

“Facebook Agent is an automated help manual that guides you through the process of gaining a legal view of the desired profile. This process is completely legal and is achieved through the other party’s aproval and acknowledgement. This software and/or methods should not be used in any other case that is not mentioned above. All facebook trademarks are copyrighted to facebook.com. All actions taken through and in this application are on full responsibility of the user. Facebook Agent is in no condition responsible of any harm, damage or violations done while using this application. If at any stage of the process any party will find violation of law against them, the process should immidiately be terminated and reported to the administration team of the application. By clicking the Start button you agree to take full responsibility of the actions done by this application. All rights are copyrighted to facebook Agent 2009 – 2010. All trademarks found in this application belong to facebook Agent apart from facebook trademarks which are copyrighted to facebook.com. By clicking on the Start button you accept this terms and conditions.”

Most of the links at the FacebookAgent website result in saving or downloading setup.msi. The msi installer loads Facebook Agent.exe and a database file in the Program Files directory. The installer also loads Perflib_Perfdata640.dat into the local user profile temp directory and runs the database file under svchost.

When you first run Facebook Agent there is no exit from the program. Bad code and even worse downloads and toxic URLs await you. Since I did not choose to install the IWON toolbar featuring the MyWebSearch default search provider I had to participate in the Green Card Scam that is listed below.

According to the flimsy interface above you have to click to claim what you have won! Your prize is located at: hXXp://html.usagc[DOT]org/step1landing_eng[DOT]html?afk=ranygnewcplcmp0309eng. Then you have to fill out a form that includes your full name, email address, country of birth, marital status, and telephone number. You also have to answer this dropdown menu question:

After I filled out the online form with false information, I received this response:

Canada, Mexico, and the United States are ineligible. On the same page I was also given the option to select another country if I were a native of a qualifying country or if my parents were born in a qualifying country. I opted for Australia and was quickly promoted to step 2 in the process!

I had a good smirk over the warning “using a stolen or fraud credit card number will automatically disqualify you from participating forever!! USAGC will immediately cancel your application and pursue legal remedies.”

USAGC is a scam! Don’t fall victim to this Green Card lottery scam! The DV-2011 Diversity Visa Lottery( run by The U.S. Department of State) online entry registration period ended on November 30, 2009

I was soon bored with the Green card lottery scam so proceeded to install the IWON Toolbar and failed.

After finishing the installation of IWON, I had to go to iwon.com to register for a free account. Overall, you can only get to step 1 in Facebook Agent because you can’t get to step 2 without filling out credit card information.

Finally I ran Malwarebytes again to see what nasties Facebook Agent had installed.