SPAM frauds, fakes, and other MALWARE deliveries - archive

'Work from home' SPAM scam floods Twitter

FYI...

'Work from home' SPAM scam floods Twitter
- http://nakedsecurity.sophos.com/201...itter-accounts-spam-out-money-making-adverts/
August 1, 2011 - "Compromised Twitter accounts are once again being used by criminals to spam out adverts to unsuspecting users. In the latest attack, Direct Messages (DMs) have been sent between Twitter users promoting a "make money fast" website... Clicking on the link takes the unsuspecting recipient to a website which claims, in breathless tones, to help single mothers and teenagers to make "thousands of dollars" every day... The likelihood is, however, that all that will happen is that you end up out of pocket if you invest in the site's Home Wealth Formula. Interestingly, the website tries to attempt to customise its content to appear more attractive to you. For instance, I visited the site from Sophos's British HQ in Abingdon, Oxfordshire, and the website duly described itself as the "Abingdon Business Journal" (no such publication really exists)... there will no doubt be Twitter users who trust DMs sent to them by their friends and may click on the link, and some of them may be tempted to sign-up for the scheme...
Update: ... SPAM messages are also being sent as classic messages, not just DMs..."
(Screenshots available at the Sophos URL above.)

:mad:
 
Cisco 2Q11 Global Threat Report

FYI...

Cisco 2Q11 Global Threat Report
- http://blogs.cisco.com/security/cisco-2q11-global-threat-report/
August 1, 2011 - "... highlights from the Cisco 2Q11 Global Threat Report* include:
• A more than double increase in unique Web malware in the second quarter;
• Average encounter rates per enterprise peaked in March (455) and April (453);
• Companies with 5,001-10,000 employees and companies with 25,000+ employees experienced significantly higher Web malware encounters compared to other size segments;
Brute force SQL login attempts increased significantly during the second quarter, coinciding with increased reports of SQL injection attacks throughout the period;
Denial of Service attempts also increased during the second quarter and were observable in IPS logs;
• Global spam volumes remained fairly steady throughout the first half of 2011, while phishing increased in 2Q11, peaking at 4% of total volume in May 2011..."
* http://www.cisco.com/go/securityreport

:fear::mad::fear:
 
willysy osCommerce Mass Injection now over 6M infected pages ...

FYI...

Rapid relief for osCommerce administrators...
- http://h-online.com/-1324235
17 August 2011
___

willysy osCommerce now over 6M infected pages - Mass Injection ongoing...
- http://blog.armorize.com/2011/08/willysy-oscommerce-injection-over-6.html
8.03.2011 - "... With the number of infected pages now over 6 million, we've again updated our initial report on this willysy mass injection incident*..."
* http://blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.html

- http://www.youtube.com/watch?v=1Jh_H4qQzqo
Uploaded by ArmorizeTech on Aug 3, 2011
"... recorded when infection number reached 6 million pages..."
___

Is That a Virus in Your Shopping Cart?
- https://krebsonsecurity.com/2011/08/is-that-a-virus-in-your-shopping-cart/
August 5, 2011
___

- http://h-online.com/-1317410
3 August 2011
- http://h-online.com/-1323427
16 August 2011

- http://www.usatoday.com/money/industries/technology/2011-08-11-mass-website-hacking_n.htm
"... A single criminal gang using computer servers located in the Ukraine is responsible for the latest twist in converting legit web sites into delivery mechanisms for 'driveby downloads'..."

:mad::mad:
 
Last edited:
HTran and APT ...

FYI...

HTran and APT ...
- http://www.secureworks.com/research/threats/htran/
August 3, 2011 - "... 'not surprising that hackers using a Chinese hacking tool might be operating from IP addresses in the PRC. Most of the Chinese destination IPs belong to large ISPs, making further attribution of the hacking activity difficult or impossible without the cooperation of the PRC government.
Conclusion: Over the past ten years, we have seen dozens of families of trojans that have been implicated in the theft of documents, email and computer source code from governments, industry and activists. Typically when hacking or malware traffic is reported on the Internet, the location of the source IP is not a reliable indicator of the true origin of the activity, due to the wide variety of programs designed to tunnel IP traffic through other computers. However, occasionally we get a chance to peek behind the curtain, either by advanced analysis of the traffic and/or its contents, or due to simple programmer/user error. This is one of those cases where we were lucky enough to observe a transient event that showed a deliberate attempt to hide the true origin of an APT. This particular hole in the operational security of a certain group of APT actors may soon be closed, however it is impossible for them to erase the evidence gathered before that time. It is our hope that every institution potentially impacted by APT activity will make haste to search out signs of this activity for themselves before the window of opportunity closes."
(More detail at the secureworks URL above.)

- https://www.computerworld.com/s/article/9218857/Researcher_follows_RSA_hacking_trail_to_China
August 4, 2011 - "... attackers gained access to RSA's network by convincing a small number of the company's employees to open malware-infected Excel spreadsheets. The spreadsheets included an exploit for a then-unpatched vulnerability in Adobe's Flash Player. Later attacks on the defense contractor Lockheed reportedly utilized information obtained in the RSA hack... Joe Stewart uncovered the location of the malware's command servers by using error messages displayed by a popular tool called "HTran," which Chinese hackers often bundle with their code. HTran bounces traffic between multiple IP addresses to mask the real identity of the order-giving servers, making it appear, for instance, that the C&C servers are in the U.S. when they are not... more than 60 malware families he's found that were custom-made for RSA-style attacks..."

:fear::spider:
 
Last edited:
Malware variants turn UAC off ...

FYI...

Malware variants turn UAC off ...
- https://blogs.technet.com/b/mmpc/archive/2011/08/03/uac-plays-defense-against-malware.aspx
3 Aug 2011 - "... more and more malware opening a new front and turning UAC off itself. Malware does this to prevent users from seeing UAC prompts on every reboot for their payloads. The Sality virus family, Alureon rootkits, Rogue antivirus like FakePAV, Autorun worms, and the Bancos banking Trojans all have variants turning UAC off. So many are doing this that Microsoft Security Essentials, Windows Intune, and Forefront Endpoint Protection now uses behavior monitoring to find software that manipulates UAC settings, and the MMPC is finding brand new malware disabling UAC regularly. The key factor here is that for malware to successfully turn UAC off, the malware must itself be elevated to run as administrator. This elevation either requires an exploit in a service with administrator access, UAC to already be turned off, or a user clicking "OK" on a UAC prompt to allow the malware to elevate. Unfortunately, many Windows users have disabled UAC. While malware was mostly avoiding UAC altogether, legitimate software was also being rewritten to not require elevation prompts, so there are fewer UAC prompts than ever to wrangle, which should make it easier to spot any suspicious activity... UAC is not intended as malware protection, but it's another layer of security to help improve the safety of Windows. If you've been attacked from malware, please check the UAC setting in the control panel to see if it's been tampered*..."
* http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

:fear: :mad:
 
Fake Firefox update e-mail...

FYI...

Fake Firefox update email...
- http://nakedsecurity.sophos.com/2011/08/08/fake-firefox-update-email-malware/
August 8, 2011 - "... email which was spammed out this weekend pretending to be an advisory about a new update to the popular Firefox web browser... no surprises here. The link downloads an executable file, which bundles together an installer for Mozilla Firefox 5.0.1 -and- a password-stealing Trojan horse. Sophos already detected the Trojan horse as Troj/PWS-BSF... Firefox automatically updates itself - so you should never have to act upon an email like this. If you want to manually look for the latest update, simply open Firefox and go to the Help menu and select About Firefox..."

:mad:
 
LinkedIn box to Uncheck...

FYI...

LinkedIn box to Uncheck...
- https://brandimpact.wordpress.com/2011/08/10/a-box-you-want-to-uncheck-on-linkedin/
August 10, 2011 - "Apparently, LinkedIn has recently done us the “favor” of having a default setting whereby our names and photos can be used for third-party advertising. A friend forwarded me this alert (from a friend, from a friend…) this morning. Devious. And I expect that you, like me, don’t want to participate... graphic shows you how to Uncheck The Box*... Nice try, LinkedIn. But, no thanks!
*UPDATE: After you finish with Account, check the new default settings under E-mail Preferences (such as Partner InMails); and Groups, Companies & Applications (such as Data Sharing with 3rd-party applications). It’s a Facebook deja vu!
* https://brandimpact.files.wordpress.com/2011/08/linkedin_social.png

> http://www.theregister.co.uk/2011/08/11/linkedin_privacy_stuff_up/

:sad: :fear: :rolleyes:
 
Zeus SPAM campaign ...

FYI...

Zeus SPAM campaign...
- http://blogs.appriver.com/blog/digital-degenerate/zeus-works-the-tax-angle
August 10, 2011 - "The past couple of days we have been seeing a fairly large Zeus-laden campaign hitting our filters. These emails are also taking on a few different personas, the majority of which being the Internal Revenue Service. The other two, to a lesser extent, are the Federal Reserve, and the Nacha Electronic Payments Association which is a non-profit group that provides the rules and regulations for electronic transactions such as insurance premiums and mortgage loans. The group claims to have one of the largest and safest payment systems in the world. This may be true, but these imposters are anything but... Zeus is currently the most frequently seen pieces of malware circulating through interwebs. It works its way onto victim machines, and installs malicious software that siphons off bank account credentials. In this campaign in particular we have seen over 1 million pieces of these caught in our filters, at an average rate of around 1 every 2 seconds. Each of the emails contain a link to a remotely hosted file. The domains on which they're hosted are: irs-report-file .com, nacha-transactions .com, irs-tax-reports .com, federal-taxes .us, irs-alerts-report .com, federalresrve .com, files-irs-pdf .com, nacha-files .com, and nacha-security .com. The filenames vary depending on the facade being used. These include: wire-report.pdf.exe, your-tax-report.pdf.exe, 00000700955060US.pdf.exe, alert-report.pdf.exe, tax_00077034772.pdf.exe, transaction_report.pdf.exe, and 3029230818209.pdf.exe..."
(Screenshots available at the appriver URL above.)

:mad:
 
 
SPAM - Virus Outbreak In Progress - 2011.08.17

FYI...

SPAM - Virus Outbreak In Progress
- http://www.ironport.com/toc/
August 17, 2011

- http://tools.cisco.com/security/cen...currentPage=1&sortOrder=d&pageNo=1&sortType=d

Fake Parcel Delivery Failure Notification E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23917
Fake Digital Telegram Notification E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23946
Fake Invoice Payment Notification E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23915
Fake Mobile Communication E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23916
Fake Traffic Ticket E-mail Msgs... *
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23945
Fake Personal Photo Attachment E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23881
Fake Antivirus Update E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23931
Malicious Changelog Attachment E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23588
___

- http://nakedsecurity.sophos.com/2011/08/18/trojans-spammed-out-in-malicious-wave-of-fake-dhl-emails/
August 18, 2011

* http://sunbeltblog.blogspot.com/2011/08/of-spam-and-speeding.html
August 18, 2011

* http://nakedsecurity.sophos.com/2011/08/17/uniform-traffic-ticket-malware-attack-widely-spammed-out/
August 17, 2011

- http://nakedsecurity.sophos.com/2011/08/15/malware-email-blocked-credit-card/
August 15, 2011

Malicious SPAM volume chart - last 28 days
- http://community.websense.com/cfs-f...mponents.WeblogFiles/securitylabs/5226.S4.png
18 Aug 2011

:mad:
 
Last edited:
Mass compromise ongoing, spreads fake antivirus

FYI...

Mass compromise ongoing, spreads fake antivirus
- http://blog.armorize.com/2011/08/k985ytvhtm-fake-antivirus-mass.html
8.17.2011 - "On August 14, we started to see mass compromise of websites to inject malicious iframes that spread fake antivirus malware. The attack is ongoing... We estimate at least 22,400 unique DOMAINS. The attackers' first attempt was not successful and therefore google indexed more than 536,000 infected pages. However, since then the attackers have fixed the injected pattern and therefore the injected script is executed rather than displayed. Google therefore does not index infected websites any longer...
4. Browser Exploitation: Drive-by download script served by a modified version of the BlackHole exploit pack.
5. Malware: Fake antivirus, different names in different OS: "XP Security 2012" under Windows XP, "Vista Antivirus 2012" under Windows Vista, and "Win 7 Antivirus 2012" under Windows 7.
6. Injection method: Primarily via stolen FTP credentials, and then use automated program to FTP, retrieve files, inject iframe, and upload back. FTP credentials are stolen from personal Windows computers that have been infected with malware. Malware searches stored password files of FTP clients and also sniffs the FTP traffic. Stolen credentials are sent back to the attackers.
7. Malicious domains and IPs... (shown/listed at the armorize.com URL above.)
8. Antivirus detection rate: Currently 5 out of 43 on VirusTotal*..."
* https://www.virustotal.com/file-sca...241c18feebdc11cde042fc7ce1c325b061-1313382824
File name: contacts.exe_
Submission date: 2011-08-15 04:33:44 (UTC)
Result: 5/43 (11.6%)

:mad::mad:
 
Google report - 4 years of experience in malware detection

FYI...

Google report - 4 years of experience in malware detection
- http://h-online.com/-1325798
18 August 2011 - "Google has announced* the publication of a technical report entitled "Trends in Circumventing Web-Malware Detection". This report describes the results of analysing four years of data – from 160 million web pages hosted on approximately eight million sites – collected through the company's Safe Browsing initiative. The report comments that "Like other service providers, we are engaged in an arms race with malware distributors", and that each day Google issues around three million malware warnings to over four hundred million users that use browsers supporting the Safe Browsing API. The report looks into the four most commonly employed methods for detecting malware: virtual machine client honeypots, browser emulator client honeypots, classification based on domain reputation, and anti-virus engines and trends in how well they work in practice..."
* http://googleonlinesecurity.blogspot.com/2011/08/four-years-of-web-malware.html

See also:
- http://h-online.com/-1155534

- http://h-online.com/-986087
___

- http://www.darkreading.com/taxonomy/index/printarticle/id/231500264
Aug 18, 2011

:fear: :fear:
 
Last edited:
SPAM - Virus outbreak in progress - 2011.08.20

FYI...

SPAM - Virus Outbreak In Progress
- http://www.ironport.com/toc/
August 20, 2011

- http://tools.cisco.com/security/cen...currentPage=1&sortOrder=d&pageNo=1&sortType=d

Fake Security Update Notification E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23971
Malicious Images Attachment E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23970
Fake Personal Photo Attachment E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23881
August 19, 2011
___

Malware-laden spam jumps to 24 percent of all spam this week
- http://www.darkreading.com/taxonomy/index/printarticle/id/231500190
Aug 18, 2011

- http://labs.m86security.com/2011/08/massive-rise-in-malicious-spam/
August 16, 2011 - "... The majority of the malicious spam comes from the Cutwail botnet, although Festi and Asprox are among the other contributors..."
- http://labs.m86security.com/wp-content/uploads/2011/08/spammedmalware31.png

:mad:
 
Last edited:
SPAM - virus Outbreak In Progress - 2011.08.23

FYI...

SPAM - Virus Outbreak In Progress
- http://www.ironport.com/toc/
Updated: August 26, 2011

- http://tools.cisco.com/security/center/threatOutbreak.x?i=77
Fake Facebook Photo Notification E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23974
Fake Traffic Violation Ticket E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23982
Malicious Changelog Attachment E-mail Msgs...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=23588
___

m86 Spam Volume Index
- https://www.m86security.com/images/trace/302/302-16-SVI_time.gif
"... representative sample of the honeypot domains that we monitor."

:mad:
 
Last edited:
RSA hack file found ...

FYI...

RSA hack file found...
- http://www.f-secure.com/weblog/archives/00002226.html
August 26, 2011 - "... the hackers broke into RSA with a targeted email attack. They planted a backdoor and eventually were able to gain access to SecurID information that enabled them to go back to their original targets and succesfully break into there... we knew that the attack was launched with a targeted email to EMC employees (EMC owns RSA), and that the email contained an attachment called "2011 Recruitment plan.xls". RSA disclosed this information in their blog post... we had the original email. Turns out somebody (most likely an EMC/RSA employee) had uploaded the email and attachment to the Virustotal online scanning service on 19th of March. And, as stated in the Virustotal terms, the uploaded files will be shared to relevant parties in the anti-malware and security industry. So, we all had the file already. We just didn't know we did, and we couldn't find it amongst the millions of other samples... It was an email that was spoofed to look like it was coming from recruiting website Beyond.com. It had the subject "2011 Recruitment plan" and one line of content:
"I forward this file to you for review. Please open and view it".
The message** was sent to one EMC employee and cc'd to three others... The embedded flash object shows up as a [X] symbol in the spreadsheet. The Flash object is executed by Excel (why the heck does Excel support embedded Flash is a great question). Flash object then uses the CVE-2011-0609*** vulnerability to execute code and to drop a Poison Ivy backdoor to the system. The exploit code then closes Excel and the infection is over. After this, Poison Ivy connects back to it's server at good.mincesur .com. The domain mincesur .com has been used in similar espionage attacks over an extended period of time... Once the connection is made, the attacker has full remote access to the infected workstation. Even worse, it has full access to network drives that the user can access. Apparently the attackers were able to leverage this vector further until they gained access to the critical SecurID data they were looking for. The attack email does not look too complicated. In fact, it's very simple. However, the exploit -inside- Excel was a zero-day at the time and RSA could not have protected against it by patching their systems..."
* http://blogs.rsa.com/rivner/anatomy-of-an-attack/

** http://www.f-secure.com/weblog/archives/sra2011_1.png

*** http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0609
Last revised: 04/21/2011
CVSS v2 Base Score: 9.3 (HIGH)
(-before- Flash Player 10.2.153.1 - see:
- https://www.adobe.com/support/security/advisories/apsa11-01.html March 14, 2011)

:mad::mad:
 
Apple iCloud phishing attacks ...

FYI...

Apple iCloud phishing attacks ...
- http://nakedsecurity.sophos.com/2011/08/26/welcome-to-apple-icloud-phishing-attacks/
August 26, 2011 - "... The email claims to come from Apple, and appears to have targeted our correspondent because he is a user of Apple's MobileMe service. Apple is planning to shut down its MobileMe service in mid-2012, as it is readying its new iCloud service (which will store music, photos, calendars, documents etc in 'the cloud' and wirelessly push them to all of your devices). Understandably, a lot of MobileMe users are interested in how they will migrate to iCloud and this is the issue that the phishing email uses as bait... Yes, it's a phishing website. And just look what it's asking for: your credit card details, your address, your social security number, your full date of birth, your mother's maiden name and your Apple ID credentials... Imagine the harm a fraudster could cause with all that information. Make sure you have your eyes peeled for phishing attacks, and be on your guard regarding unsolicited messages you receive in your inbox..."
(Screenshots and more detail available at the Sophos URL above.)

:mad:
 
Hurricanes prompt phishing scams ...

FYI...

Hurricanes prompt phishing scams...
- https://www.computerworld.com/s/article/9219530/DHS_warns_that_Irene_could_prompt_phishing_scams
August 26, 2011 - "... cybercriminals go into -overdrive- during highly publicized physical events such as hurricanes and earthquakes... The DHS is responsible for protecting critical infrastructure targets in the U.S. Until relatively recently, phishing -was- considered mostly a consumer problem. But the use of phishing emails to successfully breach the Oak Ridge National Laboratory, EMC's RSA security division, Epsilon and the Pacific Northwest National Laboratory have quickly changed that view. Over the past few years, phishers have increasingly taken advantage of natural disasters and other highly publicized incidents to slip infected emails and other malware onto users' desktops..."

- http://www.fbi.gov/news/news_blog/charity_082611
08.26.11 - "In light of Hurricane Irene, the public is reminded to beware of fraudulent e-mails and websites claiming to conduct charitable relief efforts. Disasters prompt individuals with criminal intent to solicit contributions purportedly for a charitable organization or a good cause. To learn more about avoiding online fraud, please see "Tips on Avoiding Fraudulent Charitable Contribution Schemes" at:
> http://www.ic3.gov/media/2011/110311.aspx "
___

- https://www.us-cert.gov/current/#potential_hurricane_irene_phishing_scams
August 29, 2011

:sad::fear:
 
Last edited:
Morto worm spreads via RDP - Port 3389/TCP

FYI...

Morto worm spreads via RDP - Port 3389/TCP
- http://www.theregister.co.uk/2011/08/28/morto_worm_spreading/
28 August 2011 - "... an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP). F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post*... SANS (ISC)**, which noticed heavy growth in RDP scan traffic over the weekend, says the spike in traffic is a “key indicator” of a growing number of infected hosts. Both Windows servers and workstations are vulnerable..."
* http://www.f-secure.com/weblog/archives/00002227.html

** https://isc.sans.edu/diary.html?storyid=11470
- https://isc.sans.edu/diary.html?storyid=11452
___

- http://h-online.com/-1332673
29 August 2011

:mad:
 
Last edited:
Malicious SPAM campaign - Facebook

FYI...

Malicious SPAM campaign - Facebook
- http://labs.m86security.com/2011/08/want-to-be-friends-on-facebook-dont-click-the-link/
August 29, 2011 - "... we are now observing another large malicious spam campaign – this time without attachments. Like the majority of last week’s campaigns, this spam is being sent out from the Cutwail botnet. The message arrives as a fake Facebook friend invite notification. The message looks convincing, it appears the spammers have copied the actual Facebook template and substituted their own links. However, there are clues it is fake. The message doesn’t contain any profile photos, and they have omitted the recipient’s email address in the fine print at the bottom... Clicking the link fetches a web page that contains two ways you can infect yourself. First, there is a link pretending to be an Adobe Flash update where you can download and install malware manually. Second, there is a hidden iframe that loads data from a remote server hosting the Blackhole Exploit Kit, which attempts to automatically exploit vulnerabilites on your system, notably Java..."
(Screenshots available at the m86 URL above.)

:mad:
 
FTC malicious email campaign

FYI...

FTC malicious email campaign
- http://community.websense.com/blogs...turn-of-the-ftc-malicious-email-campaign.aspx
01 Sep 2011 - "Websense... has detected malicious emails posing as a consumer complaint notice from the Federal Trade Commission... The exact email format seen in this case was also used a few years back... Malware authors constantly change the malicious file involved in their campaigns. The malware is poorly detected by AV engines*..."
(Screenshot available at the websense URL above.)
* https://www.virustotal.com/file-sca...2e4c2e6d486ccd4c33fcf4a8ac53919d28-1314955779
File name: complaint9302.vcr
Submission date: 2011-09-02 09:29:39 (UTC)
Result: 18/44 (40.9%)
There is a more up-to-date report...
- https://www.virustotal.com/file-sca...2e4c2e6d486ccd4c33fcf4a8ac53919d28-1315065041
File name: 1315064295.complaint9302.scr
Submission date: 2011-09-03 15:50:41 (UTC)
Result: 25/44 (56.8%)
___

- http://www.ftc.gov/opa/2011/09/scamemail.shtm
09/01/2011 - "The FTC is warning small businesses that an email with a subject line “URGENT: Pending Consumer Complaint” is -not- from the FTC. The email says that a complaint has been filed with the agency against their company. The FTC advises not to click on any of the links or attachments with the email. Clicking on the links may install a virus on the computer. The FTC’s advice: Delete the email..."

:mad:
 
Last edited:
You must log in or register to reply here.
Back
Top