American Computer Solutions

Urgent notice from BBB

glenn — Fri, 17 Feb 2012 17:21:57 +0000

Received a complaint from the BBB. All I have to do is click on the link in the COMPLAINT REPORT and I will be on my way to fixing my BBB problem. Now I just need to download this complaint9984.pdf.exe to fix my complaint problem and wow that was easy, it’s all fixed now.

This link takes me to a website that looks like the BBB website. During the page loading it stops about half way and then prompts you to download file called complaint9984.pdf.exe. Some people may think this is a pdf, but its not. It is an executable file that loads malicious software onto your pc. The software tries to shutdown your antivus to hijack your pc.

Below is what the email looks like:

Attention: Owner/Manager

Here with the Better Business Bureau would like to inform you that we have been filed a complaint (ID 13563499) from one of your customers related to their dealership with you.

Please open the COMPLAINT REPORT below to view more information on this question and inform us about your position as soon as possible.

We hope to hear from you shortly.

Regards,

Fernando Grodhaus

Dispute Counselor
Better Business Bureau

Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

As in most cases most of the info in this email looks legit, but the link will take you to a website that will hijack your pc.

Only click on downloads that you are sure about. If you’re not sure, dont click on them. You can always forward an email to us and we will let you know. Our email is weirdemail@acsdr.com

Spammers and hijackers always try to scare us into clicking a link in order to steal our information and hijack our lives.

Western Union Scam – MTCN====4148545819

glenn — Wed, 08 Feb 2012 15:17:12 +0000

Great day in the morning. Western Union has $5000 dollars ready for me to pick up. All i have to do is email Western union at westernunionpaymentoffice67 @ yahoo dot com dot hk and give that guy all my banking info so he can send me my money.
Well, we all know Western Union does not use yahoo.com.hk as an email address and do we really think anyone would ever send us money this way. The email you get back from this scam asks you to pay a tax up front for the money they are sending you. RED Flag! This is a very old scam where people would bring you a check for winning some money and then ask you to pay the tax before giving you the check.
Below is what this scam email looks like:

Good Day ,
Western Union wish to inform you the United Nation and (ECOWAS) have
instructed us to send you the sum of $300,000 USD. $5,000 has already
been sent to you as first collection. Sender Information’s HERE IS THE
Available MTCN for pick up by receiver BELOW.
Sender name===========Mary Orona
Test question======== WHAT COLOR
Test answer:============ blue
Amount======== == = $5,000 00
MTCN===========4148545819
Traking via www.westernunion.com

Payment Contact Agent
Mr DAN GOLD

Email: westernunionpaymentoffice67 @ yahoo.com.hk
Tel: +2347059515938

If it sounds to good to be true, it’s probably a scam.

Adobe Security Updates

glenn — Thu, 02 Feb 2012 15:43:37 +0000

Just got this one in an email today, Adobe Security Updates at adobe-updates.net (DO NOT VISIT malicious payload of malware ) Adobe are warning customers about a series of scam E-Mails claiming to offer a bogus update to it’s Adobe Reader software. The senders claim to be genuine Adobe Reader Support representatives in the E-Mail but the supposed “patch” contains a malicious payload of malware. The email looks like this:

A critical ~~vulnerability~~ has been identified in Adobe Flash Player and Adobe Reader.
Adobe recommends users of Adobe Flash Player, Adobe Reader update to last versions.

~~Download Updates~~

You may use the ~~Adobe Download Manager~~ to seamlessly install your software.

*** This is an automatically generated email, please do not reply ***

Copyright © 2012 Adobe Systems Incorporated. All rights reserved

In the email above we removed the links to the evil website with strikethroughs. Adobe have stated in their news bulletin that updates are only available via the official Adobe Reader download page and not from any other source.

If you have opened this email and went to the website get your computer guy to check your computer and or network for malicious software.

The mystery of Duqu

glenn — Wed, 01 Feb 2012 03:16:28 +0000

Duqu is a sophisticated Trojan which seems to have been written by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information. This is the main difference when compared to Stuxnet, which was created to conduct industrial sabotage. It’s also important to point out that while Stuxnet is able to replicate from one computer to another using various mechanisms, Duqu is a Trojan that doesn’t seem to replicate on its own.

This virus infects a computer through a targeted attack involving a Word document which exploits vulnerability in the Windows kernel component Win32k.sys which allows the attackers to run code with the highest privilege level, bypassing pretty much most of the protection mechanisms from Windows or security software.

How can I keep this from happening to my business?
your exchange server needs to be patched, all your computers need to have all patchs up to date.

Your ACH transaction

glenn — Fri, 27 Jan 2012 16:57:43 +0000

NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. See sample below.

The ACH transfer (ID: 2929266749726), recently sent from your bank account (by you or any other person), was canceled by the Electronic Payments Association.

Canceled transaction

Transaction ID: 2929266749726

Reason of rejection See details in the report below

Transaction Report report_2929266749726.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.

American Airlines manager.id85359

glenn — Mon, 16 Jan 2012 01:05:00 +0000

Here we go, I got my FREE airline ticket in my email today and look, they would like me to open a zip file and click on the ticket.exe file. We all know by now never open a zip file or run a program from inside of a zip file unless you know who sent it to you and what it does. 99% of the time we should just delete an email like this.

I sent this scam to AA today with no response from them, I did not see any warning on there website about this scam either.

Ticket.exe is a Trojan.Win32.Jorik.MokesLoader.jq that modifies the system settings to perform malicious acts on the targeted system.

Hello
FLIGHT NUMBER A826
ELECTRONIC 301848172
DATE & TIME / JANUARY 24, 2012, 10:22 AM
ARRIVING / Charlotte
TOTAL PRICE / 333.32 USD

Please find your ticket attached.
To use your ticket you should print it.

Thank you for using our airline company services.
American Airlines.

Never open a zip file it you are not 100% sure what it is.

Make sure you update your AV software, this virus is only a few days old.

FOREIGN CONTRACTOR PAYMENT OFFICE

glenn — Sun, 04 Dec 2011 03:23:13 +0000

Great I won $5000 again! and all I have to do to get it is send them $75 and my bank info and well I think we know where this is going. Email scams are on the rise again. As many as 294 billion email are sent each and every day, so 294 billion messages per day means more than 2.8 million emails are sent every second and some 90 trillion emails are sent per year. Around 90% of these millions and trillions of message are but spam and viruses, yes I said TRILLIONS.

Below is what the email looks like

WESTERN UNION HEAD OFFICE DEPARTMENT BENIN REPUBLIC.
FOREIGN CONTRACTOR PAYMENT OFFICE
TELEPHONE +229-98270441

Hello ,

Regarding your mail, which was well understood. Your e-mail was lucky to be among the emails that are selected randomly. The western union is using this medium to appreciate their valued customer with a new year compensatory fund of $500,000.00 US Dollars, so this notification is only meant for people that have use western union in receiving and sending money.

But before you can pick up the first $5,000USD, you must make payment of $75USD for us to Regenerate and Re-activate your name as the receiver and your new MTCN number because your funds has stay long on our database, That is the reason why we picked up the $5000,00 back, After making the payment, you must provide complete information we will use in Re-activating your payment to you.

Use the bellow following information for the payment for your Re-activating fee so that immediate action can be taken.

Receiver Name : SUNDAY OSAGIE
Country: Benin Republic
City : Cotonou
Test Question: When
Answer: Now
Amount: $75USD

As soon as we have a confirmation of your Re-activating fee, your $5,000USD MTCN will be re-activated and sent back to you within an hour of which the Re-activating fee is confirmed.

I Await your prompt response.

SINCERELY,
Mr.Thomas Raphael
YOURS IN SERVICE
Western Union Head Office Department
Western Union®

The reply-to in this email is western.union1011@w.cn w.cn is a free windows live email system just like gmail.com is. This type of scam is done by criminals from Nigeria and other countries in Africa.

Remember victims never receive this non-existent fortune but are tricked into sending their money to the criminals, who remain anonymous. They hide their real identity and location by using fake names and fake postal addresses as well as communicating via anonymous free email accounts and mobile phones.

USPS Delivery Error No#995878

glenn — Sat, 03 Dec 2011 15:17:46 +0000

Well, here we are again seeing thousands of maleware emails being set out to people trying to trick them in to opening the attached zip file. The zip file that was sent in this email is a virus. Never open zip files if you not 100% sure who they are from. By the way the post office only sends you email if you send them email first. If you take a look at there website usps.com you will see a ALERT: Customers be aware of fraudulent package delivery messages sent by email or phone. Below is what the email looks like.

Dear customer,

Your parcel has arrived at the post office on November 20.
Our Driver was unable to deliver the parcel to your address.
To receive a parcel you should go to the nearest USPS office and show your post label.
The post label is attached to this letter.

Thank you for your attention.
USPS Customer Services.

The above email has an attachment labeled post_label.zip, inside of this file are 4 files that when opened will run a Microsoft word macro which in turns runs the file call post_label.exe. This file is the real danger, it hijacks your pc and starts to steal all of you person information.

If you ever get a weird email and are not sure about it you can always forward it to me at weirdemail@acsdr.com we will take a look at it and let you know.

UPS Shipment

glenn — Wed, 16 Nov 2011 14:15:38 +0000

This small email can mess up your week. the 2 links in the email look like ups website links but, when you look into the link you will see that both links send you to a website that is not UPS. the top link tries to take person information and the 2nd link wants you to download your invoice that looks lik a jpg file but its not, its a virus that will hijack your pc. Never click on links in email unless you are sure they are from a trusted source.

In most email programs you can hover your mouse over the link and see where the link relay goes.

Dear client
Your package has arrived.
The tracking # is : 16B9159622A040A2 and can be used at :

http://www.ups.com/tracking/tracking.html

The shipping invoice can be downloaded from :

http://www.ups.com/tracking/invoices/download.aspx?invoice_id=16B9159622A040A2

Thank you,
United Parcel Service

*** This is an automatically generated email, please do not reply ***

QuickBooks Security Update

glenn — Mon, 31 Oct 2011 22:13:19 +0000

This email scam is trying to take control of your bank accounts don’t click on the link in the email if you get this one

You will not be able to access your Intuit QuickBooks account without Intuit Security Tool (IST™) after 31th of October, 2011.

You can download Intuit Security Tool here. (web link removed)

After a successful download please run the setup for an automatic installation, then login to Intuit Quickbooks online to check that it is working properly.

Canceled transaction
Transaction ID:	2929266749726
Reason of rejection	See details in the report below
Transaction Report	report_2929266749726.doc (Microsoft Word Document)