Malware

=The following are examples of the different types of Malware:= = Email Scams: =

__ MICROSOFT, YAHOO, GOOGLE LOTTERY SCAM __
The email arrives and claims that you were selected randomly from the WEB to receive 500.000 pounds sterling. The email gives ticket and winning numbers. The email asks that you send basic details to Michael Walker - email and phone no provided. The email also asks that you keep mum to avoid double claiming from unscrupulos participants. Later you will be asked to send money to cover fees etc, and later on more money. All the while they are collecting more detail from you. In the end they will have enough information to steal __your__ indenty.


 * __Person On The Bridge Hoax Email__**


 * This prank message includes a photograph of a wooden footbridge that apparently forms part of a forest walking track with the words written above the photo, "If l could sit on the porch with God, the first thing l would do is............". This Email claims that a person will appear on the bridge if the email is forwarded to at least five other people (including the person who sent it to you).**


 * __POSTCARD IMAGE VIRUS.__**

This email claims that if you receive an email with an attachment entitled "Postcard" or "Postcard from Hallmark" that it is a virus which will destroy the hard drive of the infected computer and that it has been classified as the most destructive virus ever. This email suggests that you send this email as a warning to all your contacts.

__Hoax Email – Bloody Mary Curse Chain Email__ This chain letter threatens you, saying that now you have opened it you are cursed and if you don’t send it on you will die. Based on the old super natural Bloody Mary myth that says she will appear and kill or attack those who do not pass on her message. Most adults would read this and consider it nonsense; however this hoax email is directed mainly at youngsters and they could be traumatised by it.


 * __Scam Email - ANZ Invalid Login Attemps, Phishing Scam Recieved the 20/11/2009.__**

This email claims to be from the ANZ Bank and that the recipients ANZ Customer Registration Number and password have been revoked due to "severe numbers" of login attemps. Due to increased security on the website and to put an end to fraudulent activities they need to re-access their account by clicking onto a link to log in and restore account access, but in doing so their details are stolen.

__**Next of Kin Stand In - Nigerian Scam Email**__ ​This email claims to be from the credit manager of a West African bank and asks for assistance in transferring a large sum of money out of the country from the account of a deceased estate in return for conpensation of 25% of the total sum. If the email is answered, the recipient will be asked for advance fees in order to process the transfer. The purpose of the scam is to trick recipients into parting with their money in the form of advance fees or to gain enough information in which to access the victim's bank account or to steal their identity.


 * //__ Hoax email-Help Indian Student Accident Victim __//**

This email claims that by forwarding the message to others you can help an Indian student who was studying in the USA to recover from a car accident as the Indian Students Association has agreed donate 10 cents each time its forwarded. The claims in this email are nonsense, there is no means of tracking how many times an email is sent and no legitimate organization would donate this way. Forwarding the email would help no one and only clutter up inboxes.

48 HOUR VIRUS HOAX; The information given for this email was that if you recieve an email with the subject "HELP"; do not open it or even move the mouse over it, as with this action a virus will activate. You have to wait 48 hours after you recieve the virus in order to clean it up, or it will erase your hard disk or BIOS. If you follow this information, you will end up with a virus, but it is all part of a hoax for the user.

__Question from eBay member**Respond Now**__ Its an E-mail sent out by phishing scammers, the E-mail looks partly authentic written by a member using theme boxes and the identical logo, but spelling, grammar and the using of obscene language lends its self to being a fake, it asks you to open a link “Respond Now “to reply to this E-mail, which takes you to a lookalike website, that asks for login and personal details once submitted scammers can commit fraud against you, to find out whether it’s a true website place the URL manually into your browser.

= Viruses, Trojans and Worms: =

skintrim.genk!8eb1d71aa256
Discovered 12/1/11. A Trojan is spread manually, often under desguise as somethink beneficial. Distribution channels include IRC, newsgroups and emails.
 * Risk Home: Low
 * Risk Corporate: Low
 * Type: Trojan

__**(MS10-030) Microsoft Outlook Express and Windows Mail Integr Overflow Vulnerability (978542)**__
Discovered 11/05/10. An integer overflow vulnerability exists in Microsoft's Outlook Express and Windows Mail Client that could result in remote code execution. Specifically, the vulnerability is in the way that the Windows Mail Client software handles specially crafted mail responses. Exploiting this vulnerabilty wouldn't require authentication, which would allow an attacker to exploit the vulnerability by sending a specially crafted response to a client intiating a connection to a server under his control using the common mail protocols POP3 and IMAP.
 * Risk: Medium
 * Type: Logic Error
 * Attack Vector: Website or e-mail with malicious content
 * Vulnerable Systems: Outlook Express 5.5 SP2, Outlook Express 6.0 SP1, Windows Live Mail 2008

__JS/DOWNLOADER-BNL__ Backdoor EHO is a Trojan, was discovered on the 13/11/09. Its risk assessment is low; however it enables back door functionalities by connecting to a remote site and performing actions as programmed by a remote attacker. The Trojan does not self replicate but is spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Use current engine and DAT files for detection and removal. __**PWS - Mmorpg!hh**__ ** __JS/Obfuscated.d__ ** __​__ JS/Obfuscated.d is a Trojan which was discoverd on 17/11/09. It performs a number of unauthorised actions including attempts to exploit unpatched vulnerabilities in computer systems, serving as a backdoor, serving as a downloader for malicious software, and as a Password Stealer. It is spread via email messages, Instant Messaging and infected web pages. When executed, it runs Internet Explorer as a background process (runs invisibly in the background and not under the user's direct control), and connects to five internet addresses, from where malicious software will be downloaded. No risk assessment was made for this Trojan. **W32/Winemmem** engine and DAT files
 * __ BackDoor-EHO __**

Hoax Email on facebook Do Not Add ” Jason Lee” as it is a virus The email claims that anyone one with the above name, whether you already have a contact with the same name contains a virus which is untrue. It also states that you should not accept anyone with the above name; it’s confirmed by facebook, and to repost. Several other simular emails have using different names e.g. Linda Smith. It spreads quickly as social networks have thousands of subscribers and persons with the same name.

__**Payment Transfer Job Scam Emails-Laundering Scams**__ Scammers use unsolicited email job offers to trick desperate or naive job seekers to participate in payment transfer schemes. They are told that money needs to be transferred because of a hold up ie: slow processing, or currency conversion problems which stops them from getting the overseas payments into their country. Therefore the job is to allow money to be transferred to their personal bank account, and they keep a percentage of this as their payment. The remainder is sent to the 'company'. The scheme is usually a method of laundering stolen money and the accepting of the 'job' unwittingly is participation in illegal activities.

Viruses, Trojans and Worms Generic StartPage!sv!497BD6F64D28 Is a low risk Trojan virus found on 19.04.11, and gives the impression of being wanted or beneficial. It’s installation via the operating system and security loopholes, also by users unknowingly by manually executing unknown programmes. It’s been distributed by emails, via internet chat communications, peer to peer networks etc. Its origin is unknown but affects the registry, files and network sharing.

W32/VBania@MM This is a low risk Virus/Worm which was discovered, Resisted and tracked by McAfee security on the 9-9-2010 and was updated on 14-10-2010, it has the capabilities to modify your registry and files whilst replicating itself, it travels from system to system by means of E-mailing with the presences of spam through the users contact list.

Generic.mfr!0413C6F55121 Virus name by Microsoft is Adware: Win32/arcade Web This virus is considered a low riskTrojan for both for home and corporate. It was discovered 18 January 2012. It attempts to write to memory location of a Windows system process and modifies winlogon configuration settings in registry. It also attempts to add or omodify winlogon shell registry value. Could be used to launch a program start up.