Friday, August 29, 2008
Virus alert: Western Union MTCN #0559760778
I noticed in my OzEfilter log this email starting to appear more frequently so decided to receive one into my email. It was not detected as containing malware by the anti-virus software when received. However when I saved the file to my Desktop the anti-virus software quarantined the file and that is a good sign.
The attached file in this case was named MT77232.zip.
The process I have been using to test these attachments is to save the file to my Desktop and then scan the file using my anti-virus software. I've found over the years anti-virus software leaves a window of opportunity from the time the virus is released into the wild until the anti-virus software companies get the updates out to users. This process can be a number of days.
To check the file because it really is obvious to me it is malware based on coming from someone I don't know with a subject that is obvious it has nothing to do with me I then check the file by sending the file to the online scanning service. The scanning service is run by one of the anti-virus companies and they use it to receive feedback from users and improve their product. (You can find details of the service in MyAnswers solution 1890 which can be found on the MyAnswers solutions page I maintain on virus, spyware/adware and spam.)
In this case the file was found to be malware so there is no need to submit the file to the online virus scanning service.
I've found in every case that I can recall with a virus infection that a user has initiated the infection by running a program. In most cases this is via an attachment in an email, but also by clicking on a link on a web page. Only once have I seen an infection occur by going to a web site and this issue was fixed when Internet Explorer SP2 came out. So in essence whilst the virus writers are an enormous nuisance, in order for the virus to infect our computers it requires our assistance. In effect virus writers use a bit of psychology to trick us into helping them take that final step. Treat every email you receive (even from family and friends), and particularly emails with attachments and links with suspicion and you will go a long way in protecting yourself from infection your computer.
Also don't assume because something comes from a friend or a work colleague that it is clean. They could have easily been tricked and either sent something on, or their infected computer could be sending it to you as though it was from them.
Please take care.
- Kelvin
The attached file in this case was named MT77232.zip.
The process I have been using to test these attachments is to save the file to my Desktop and then scan the file using my anti-virus software. I've found over the years anti-virus software leaves a window of opportunity from the time the virus is released into the wild until the anti-virus software companies get the updates out to users. This process can be a number of days.
To check the file because it really is obvious to me it is malware based on coming from someone I don't know with a subject that is obvious it has nothing to do with me I then check the file by sending the file to the online scanning service. The scanning service is run by one of the anti-virus companies and they use it to receive feedback from users and improve their product. (You can find details of the service in MyAnswers solution 1890 which can be found on the MyAnswers solutions page I maintain on virus, spyware/adware and spam.)
In this case the file was found to be malware so there is no need to submit the file to the online virus scanning service.
I've found in every case that I can recall with a virus infection that a user has initiated the infection by running a program. In most cases this is via an attachment in an email, but also by clicking on a link on a web page. Only once have I seen an infection occur by going to a web site and this issue was fixed when Internet Explorer SP2 came out. So in essence whilst the virus writers are an enormous nuisance, in order for the virus to infect our computers it requires our assistance. In effect virus writers use a bit of psychology to trick us into helping them take that final step. Treat every email you receive (even from family and friends), and particularly emails with attachments and links with suspicion and you will go a long way in protecting yourself from infection your computer.
Also don't assume because something comes from a friend or a work colleague that it is clean. They could have easily been tricked and either sent something on, or their infected computer could be sending it to you as though it was from them.
Please take care.
- Kelvin
Wednesday, August 27, 2008
Virus alert: Windows - Drive Not Ready
One of my users kept repeatedly getting the message "Windows - Drive Not Ready. Exception Processing Message c00000a3 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c".
I read a number of posts on the Internet which indicated people were disabling their floppy drive. Gut feeling told me it was most likely a virus. It took quite some time but I remove the virus manually and the anti-virus then removed the related files.
In the past I have seen people replace keyboards because they felt the keyboard was not working when in fact the computer was infected with a virus. Yes your hardware may be failing and so it may have been a hardware failure, but also don't rule out malware if you find you are having unexpected hardware issues. We've also seen weird behaviour on a computer which looked like a virus infect (text in a merged Word document being spaced weird) but in fact this turned out to be a failing hard disk. So it cuts both ways.
Since I saw many posts relating to this issue not mentioning a possible virus infection I felt this post might help others.
- Kelvin
Virus alert: Your Online Flight Ticket N 45412
This one has increased recently and was reported to me by a JustLocal friend. I've mentioned this one in an earlier blog, but since it has now increased in the number of emails we receive I felt it was appropriate to mention it again.
This is a attempt to scare people into thinking they have had charges made against their credit card. If you are in the process of booking a holiday this one may trick you.
It is obvious from the randow user name in the from email address that it is malware.
It was not detected by my virus scanning software which was just updated with a reboot to the computer.
It really is a concern that so many of these emails are getting into people's computers. I had not realised the level of viruses getting through, since I use OzEfilter to delete them before they reach my computer. Often fixing a computer after one of these virus infections gets through can be almost as much as a new computer.
Please do take care when you receive an attachment from anyone, even someone you know.
- Kelvin
This is a attempt to scare people into thinking they have had charges made against their credit card. If you are in the process of booking a holiday this one may trick you.
It is obvious from the randow user name in the from email address that it is malware.
It was not detected by my virus scanning software which was just updated with a reboot to the computer.
It really is a concern that so many of these emails are getting into people's computers. I had not realised the level of viruses getting through, since I use OzEfilter to delete them before they reach my computer. Often fixing a computer after one of these virus infections gets through can be almost as much as a new computer.
Please do take care when you receive an attachment from anyone, even someone you know.
- Kelvin
Tuesday, August 26, 2008
Having fun with Search Engines
I often see people with a Google toolbar still installed or typing in the address to get to Google. Both of these are no longer necessary. Both Internet Explorer 7 and Firefox now contain the search feature built into the browser at the top right of the browser window. However adding new search engines can be a bit tricky, so I decided to create a few links to make things a little easier.
You can find the links for installing the search engines on the JustLocal search page at the bottom left. Installing the search engine is as simple as clicking on the link. You are given the option to make the search engine the default search engine. Naturally I make JustLocal Search my default search engine, but many people may wish to make JustLocal Google search engine their default search engine.
JustLocal search
Many people have asked to be able to search across all JustLocal friends and so I created the JustLocal Search Engine.
The interesting result with the JustLocal search feature, is all of a sudden it becomes apparent the major players in the market, who are keen to get business and appear at the right in the Google sponsored listing. As a JustLocal friend these advertisers are most likely your keenest online competitor. Even if you aren't a JustLocal friend, searching for the product or service your business sells, and seeing the competitors, will provide great marketing information.
JustLocal Google
This search engine will allow you to quickly search www.google.com.au. I created this because most new Windows computers arrive with Microsoft Live as the search engine and most people want to use Google. By selecting the JustLocal Google search engine, you can quickly switch to Google Australia as your search engine with a couple of clicks.
Did you know you can do the following with Google?
Most people in Australian think when they search Google for pages from the world they see what everyone else in the world sees. This is not so. Google presents pages it feels is relevant to the location the person who is searching. The JustLocal World search engine shows you the results as though you are searching from another country outside of Australia. I don't know which country or servers exactly, but I suspect it may be somewhere in the USA.
How can this knowledge be useful you might ask.
Many less experienced SEO professionals will tell you they can get you first page presence in Google worldwide. But what these SEO marketers don't realise is the results in Australia are only what is seen when you are in Australia. If your business is selling worldwide, you want to see what the rest of the world sees when they search. The sad truth is your product may never be seen by someone in another country. This search engine has been provided to help educate people on the difference between searching when in Australia and when in another country. You can't easily get Google to search as though you are in America when you are in Australia, because if you enter www.google.com you are redirected to www.google.com.au automatically. The JustLocal Word search engine gives you an idea of what others might see.
If you find these search engines of interest let me know. I have a few more search engines to come and I think you will find them to be quite handy.
Enjoy - Kelvin
You can find the links for installing the search engines on the JustLocal search page at the bottom left. Installing the search engine is as simple as clicking on the link. You are given the option to make the search engine the default search engine. Naturally I make JustLocal Search my default search engine, but many people may wish to make JustLocal Google search engine their default search engine.
JustLocal search
Many people have asked to be able to search across all JustLocal friends and so I created the JustLocal Search Engine.
The interesting result with the JustLocal search feature, is all of a sudden it becomes apparent the major players in the market, who are keen to get business and appear at the right in the Google sponsored listing. As a JustLocal friend these advertisers are most likely your keenest online competitor. Even if you aren't a JustLocal friend, searching for the product or service your business sells, and seeing the competitors, will provide great marketing information.
JustLocal Google
This search engine will allow you to quickly search www.google.com.au. I created this because most new Windows computers arrive with Microsoft Live as the search engine and most people want to use Google. By selecting the JustLocal Google search engine, you can quickly switch to Google Australia as your search engine with a couple of clicks.
Did you know you can do the following with Google?
- Find out the time in another location. Thinking of going to Paris, then search "Time in Paris".
- Find out the weather in a location. If you want to find out the weather currently in Paris then search "weather in Paris".
- Find out how much your money can buy in another country. Now if you want to know what does that 30 Euro item in Paris cost in Australian dollars then search for "30 EUR in AUD". It looks cheap in euros doesn't it;-)
- Need a calculator, then just type the calculation into the search field such as "4 x 30", and now all your family can have that item from Paris, or not!
Most people in Australian think when they search Google for pages from the world they see what everyone else in the world sees. This is not so. Google presents pages it feels is relevant to the location the person who is searching. The JustLocal World search engine shows you the results as though you are searching from another country outside of Australia. I don't know which country or servers exactly, but I suspect it may be somewhere in the USA.
How can this knowledge be useful you might ask.
Many less experienced SEO professionals will tell you they can get you first page presence in Google worldwide. But what these SEO marketers don't realise is the results in Australia are only what is seen when you are in Australia. If your business is selling worldwide, you want to see what the rest of the world sees when they search. The sad truth is your product may never be seen by someone in another country. This search engine has been provided to help educate people on the difference between searching when in Australia and when in another country. You can't easily get Google to search as though you are in America when you are in Australia, because if you enter www.google.com you are redirected to www.google.com.au automatically. The JustLocal Word search engine gives you an idea of what others might see.
If you find these search engines of interest let me know. I have a few more search engines to come and I think you will find them to be quite handy.
Enjoy - Kelvin
Monday, August 25, 2008
Virus alert: Statement of fees 2008/09
I attended a client who had infected their computer. The email had the subject "Statement of fees 2008/2009" with a zip attachment and the zip attachment initially looked like a Word document, but was actually an executable file. The anti-virus software picked up there had been an infection, but didn't stop the email contents from infecting the computer.
We tested this on another computer with a different anti-virus program and it too didn't pick up the attachment contained malware.
Using the anti-virus software to clean up the computer didn't work and manually removing the effects of the virus didn't remove everything and so the computer will require additional work to recover.
The attached file was submitted to the online virus scanner for review and came back as:
File: Fees_2008-2009.zip
Conclusion: malware container
File: Fees_2008-2009.doc______________.exe
Conclusion: malware
It is very important not to open a zip file which is received unexpectedly and certainly don't run an executable unless you specifically know the source of the file and the file is clean.
A product like OzEfilter will allow you to see the subject and sender of this email before receiving it into your computer. In this case the email address of the sender was obviously meaningless and that would have helped to avoid this infection. Always take care with emails with links or attachments. One lapse of concentration can cost hundreds of dollars in repair time and lost productivity whilst the computer is down.
- Kelvin
We tested this on another computer with a different anti-virus program and it too didn't pick up the attachment contained malware.
Using the anti-virus software to clean up the computer didn't work and manually removing the effects of the virus didn't remove everything and so the computer will require additional work to recover.
The attached file was submitted to the online virus scanner for review and came back as:
File: Fees_2008-2009.zip
Conclusion: malware container
File: Fees_2008-2009.doc______________.exe
Conclusion: malware
It is very important not to open a zip file which is received unexpectedly and certainly don't run an executable unless you specifically know the source of the file and the file is clean.
A product like OzEfilter will allow you to see the subject and sender of this email before receiving it into your computer. In this case the email address of the sender was obviously meaningless and that would have helped to avoid this infection. Always take care with emails with links or attachments. One lapse of concentration can cost hundreds of dollars in repair time and lost productivity whilst the computer is down.
- Kelvin
Saturday, August 23, 2008
Virus alert: Attention! Your PayPal account has been limited!
Strictly speaking this is not a virus, but a phishing attempt where the email is attempting to obtain the log on details for a users PayPal account.
The email is well worded and considerate in tones, apologising for any inconvenience. The even provides very good advice that you should not provide your details to fraudulent web sites. The email has legitimate links to the PayPal site in all but one case, which is the activate link. If you hover your mouse over the activate link you see it is not a PayPal site.
When we initially started to use PayPal these emails were a bit of a concern. No business wants to have their PayPal account suspended so it aims to put pressure on the PayPal user. Often in business we are under various pressures so one more pressure may lead to an error in judgement resulting in your account details being provided to a fraudulent web site.
As this email says, do not click on links in the email. Go to the PayPal site by typing in the PayPal address in the address bar of the browser.
Now if PayPal provided their own email service for messages and only contacted via their email service with a short alert email, then there would be little reason for concern. Any attempt to obtain details would be an obvious phishing attack.
This type of email cannot harm your computer. It is designed to trick you as phishing emails attempt to do. Only by being tricked can you cause harm.
We generally do not receive this type of email as we delete it from the mail server using OzEfilter. In this case we downloaded the email so we could review and report on the contents.
- Kelvin
The email is well worded and considerate in tones, apologising for any inconvenience. The even provides very good advice that you should not provide your details to fraudulent web sites. The email has legitimate links to the PayPal site in all but one case, which is the activate link. If you hover your mouse over the activate link you see it is not a PayPal site.
When we initially started to use PayPal these emails were a bit of a concern. No business wants to have their PayPal account suspended so it aims to put pressure on the PayPal user. Often in business we are under various pressures so one more pressure may lead to an error in judgement resulting in your account details being provided to a fraudulent web site.
As this email says, do not click on links in the email. Go to the PayPal site by typing in the PayPal address in the address bar of the browser.
Now if PayPal provided their own email service for messages and only contacted via their email service with a short alert email, then there would be little reason for concern. Any attempt to obtain details would be an obvious phishing attack.
This type of email cannot harm your computer. It is designed to trick you as phishing emails attempt to do. Only by being tricked can you cause harm.
We generally do not receive this type of email as we delete it from the mail server using OzEfilter. In this case we downloaded the email so we could review and report on the contents.
- Kelvin
Installing Firefox 3 stops links working on Outlook 2007 emails.
This problem crops up every now and then when Firefox is installed. The message received when clicking on a link in Outlook 2007 is "This operation has been canceled due to restrictions in effect on this computer."
For a solution to this problem obtain MyAnswers solution 1665.
For JustLocal readers who haven't heard about MyAnswers, the following is some background on MyAnswers which I started in 2002.
Over the last six years in my role as an IT consultant, I have attended to many computer problems. In many instances I document the solution and make the solution available to all clients, which can result in considerable savings for clients.
The solutions I provide to clients are now available for purchase by all JustLocal users via the Internet. Whilst there are many solutions on the Internet, and much of it is free, I have found over the years solutions can be quite time consuming to find. It can also be hard for a less IT experienced person to tell the difference between a quality solution and wrong information. I've seen some solutions which will damage a person's computer if the advice were to be followed.
The solutions provided in MyAnswers are actual documented solutions to problems which have occurred in the field. There are now over 1,800 solutions available.
Some problems have taken hundreds of dollars in time to solve. A recent MyAnswers solution will save a client over $2,000 a year in printing costs.
MyAnswers solutions are currently available at the special price of $5.95 each and solutions come with a money back guarantee.
Usually this type of information is not made available by IT consultants because what IT consultant knows, is how they make money. In this case my approach is to share my knowledge, and by sharing my knowledge with more people, I can do so at a lower cost per person. That means everyone wins.
A good place to start with MyAnswers is to read the Recent Solutions page. Chances are if you are having a problem with a computer, someone else is also having the same problem at the same time and your problem may have already been solved. A MyAnswers solution could save you hundreds of dollars in computer support costs.
May your next computer problem be an easy problem to solve, and if you need help, think MyAnswers. Search the Internet using our Google search engine and you will often find a MyAnswers solution.
- Kelvin
For a solution to this problem obtain MyAnswers solution 1665.
For JustLocal readers who haven't heard about MyAnswers, the following is some background on MyAnswers which I started in 2002.
Over the last six years in my role as an IT consultant, I have attended to many computer problems. In many instances I document the solution and make the solution available to all clients, which can result in considerable savings for clients.
The solutions I provide to clients are now available for purchase by all JustLocal users via the Internet. Whilst there are many solutions on the Internet, and much of it is free, I have found over the years solutions can be quite time consuming to find. It can also be hard for a less IT experienced person to tell the difference between a quality solution and wrong information. I've seen some solutions which will damage a person's computer if the advice were to be followed.
The solutions provided in MyAnswers are actual documented solutions to problems which have occurred in the field. There are now over 1,800 solutions available.
Some problems have taken hundreds of dollars in time to solve. A recent MyAnswers solution will save a client over $2,000 a year in printing costs.
MyAnswers solutions are currently available at the special price of $5.95 each and solutions come with a money back guarantee.
Usually this type of information is not made available by IT consultants because what IT consultant knows, is how they make money. In this case my approach is to share my knowledge, and by sharing my knowledge with more people, I can do so at a lower cost per person. That means everyone wins.
A good place to start with MyAnswers is to read the Recent Solutions page. Chances are if you are having a problem with a computer, someone else is also having the same problem at the same time and your problem may have already been solved. A MyAnswers solution could save you hundreds of dollars in computer support costs.
May your next computer problem be an easy problem to solve, and if you need help, think MyAnswers. Search the Internet using our Google search engine and you will often find a MyAnswers solution.
- Kelvin
Friday, August 22, 2008
Virus alert: online verification from Westpac Bank
I just received an online verification email from Westpac Bank and thought I would review this type of malicious email.
Unlike many other emails this email appears to come from an email address for the Westpac Bank which is online@westpac.com.au. Rest assured this is a fake email and the address has been faked. It was not sent from WestPac.
The email looks OK, but as you can see the grammar is incorrect. Since a bank most likely uses automated systems with responses which are professionally reviewed, these types of errors are less likely. You will notice I have highlighted the use of plurals where it should be singular. A good sign of a fake is the language used. Sometimes however the language difference can be subtle and not all of us are strong on grammar.
" Monitor your transaction history and statements because your Westpac Bank online account may have been compromised.
We also suspect an unauthorised transactions has been taken place on your accounts.
Please take a simple step to secure your information and reduce your risk of falling victim to online threats now ."
The real give away however is in the link in the email in the following text.
Click Here For Westpac Bank Transactions Verification
If you hover your mouse over the link the web site address will appear. If you check the domain you will see it is not a WestPac domain.
I see a considerable number of fake emails which are supposedly from banks. These emails are known as phishing attempts, where they try to get you to log on to a fake site so they can collect your log on details.
I don't receive these emails into my computer because I use OzEfilter, but I actually have a much better technique that I use.
I do not provide my email address to the bank. If the bank doesn't have my email address then any email I receive from a bank is a fake. If the bank wants to contact me, they can contact me by telephone or via the postal service. I've only received one call in the last few years from the bank which wasn't telemarketing.
I highly recommend if you have registered your email address with your bank, to ask them to remove it. You then can't be tricked by one of the fake emails. Very simple and very effective.
- Kelvin
Unlike many other emails this email appears to come from an email address for the Westpac Bank which is online@westpac.com.au. Rest assured this is a fake email and the address has been faked. It was not sent from WestPac.
The email looks OK, but as you can see the grammar is incorrect. Since a bank most likely uses automated systems with responses which are professionally reviewed, these types of errors are less likely. You will notice I have highlighted the use of plurals where it should be singular. A good sign of a fake is the language used. Sometimes however the language difference can be subtle and not all of us are strong on grammar.
" Monitor your transaction history and statements because your Westpac Bank online account may have been compromised.
We also suspect an unauthorised transactions has been taken place on your accounts.
Please take a simple step to secure your information and reduce your risk of falling victim to online threats now ."
The real give away however is in the link in the email in the following text.
Click Here For Westpac Bank Transactions Verification
If you hover your mouse over the link the web site address will appear. If you check the domain you will see it is not a WestPac domain.
I see a considerable number of fake emails which are supposedly from banks. These emails are known as phishing attempts, where they try to get you to log on to a fake site so they can collect your log on details.
I don't receive these emails into my computer because I use OzEfilter, but I actually have a much better technique that I use.
I do not provide my email address to the bank. If the bank doesn't have my email address then any email I receive from a bank is a fake. If the bank wants to contact me, they can contact me by telephone or via the postal service. I've only received one call in the last few years from the bank which wasn't telemarketing.
I highly recommend if you have registered your email address with your bank, to ask them to remove it. You then can't be tricked by one of the fake emails. Very simple and very effective.
- Kelvin
Virus alert: Britney Spears, Fedex tracking number and Your Online Flight Ticket N.
These are all emails we received today from sources we do not know. I use OzEfilter (which I wrote) to check out email at the mail server safely away from our computer that is from people I don't know. I don't read the email but check the subject, who the email is from and in many case the country of origin. This approach keeps malicious emails out of my computer. This time however for the benefit of my clients and readers of this blog I have download the three I received this morning.
Subject: Britney Spears Fails To Appear For Latest Custody Hearing
From: Lilia-aapapuut@ccaurora.edu
Lesson: Don't click on links in emails where you don't know the source and certainly don't download anything.
Certainly a subject with Britney in it is popular with the malware writers. In this case the email contains a link which is to an executable file. For obvious reasons we won't reproduce the link her.
The trick with these types of emails is to hover your mouse over the link. You can then see the web site address that you will be sent to and in this case it is a program which you would have to download.
Subject: Fedex tracking number 4116375689
From: rtivoiviq@boks.com
Lesson: Even if you are dealing with Fedex that email address is not Fedex and don't touch that attachment.
The Fedex email has just started to occur. Our anti-virus software doesn't detect it as a virus. The online file scanner service we use as mentioned in MyAnswers solution 1890 returned the zip file MRDI8761223.zip as clean and the contained file MRDI8761223.exe with no conclusion. Now in this case I would still delete this type of email. It is from someone I don't know. It is a concern that it came back as being determined as clean for one part and nothing for the contained file. That actually lead me to believe the report was the file was clean. Don't take the risk with this type of email.
Subject: Your Online Flight Ticket N 29749
From: qiyhmvlrgaqy@blcc.com
Lesson: Don't get tricked if you are booking a holiday. We see these types of emails most days.
Who couldn't do with a holiday, but watch out, this is a very common ploy to trick you into opening the attachment and running the program. They have said they charged my credit card and none of us like our credit card charged if it wasn't us. Don't be tricked into action. Check the email address it is from. This email is supposedly from Southwest Airlines and that email address doesn't look like Southwest Airlines. Although don't rely on email addresses as they are fake. Some fakes are so good it is hard to tell them from the real emails.
I submitted the attachment to the online file scanner service. The automated system has came back with the response of no conclusion. When this happens I suspect they manually take the files and analyse them. If there are malicious files, I've found it will take a day or two and then they will use this information to update their anti-virus software. As you can see that could be days after the outbreak of a new virus.
What I am letting you know that even if you have anti-virus software, you aren't protected from the new viruses which are released on the Internet every week. Use your ant-virus software, but also use commonsense. You will end up regretting opening that attachment or clicking on the link which came via an email if you let your guard down. But don't just be watchful of emails, I have seen going to web sites in the past infect computers. Do take care.
I hope the above examples receive today help others to avoid being duped by the malware writers. Sadly a badly infected computer is expensive to repair. In many cases it is faster to reload the operating system and since many computers don't come with reinstall disks, this can be a costly and time consuming exercise.
Treat every email from an unknown source with suspicion. A product like OzEfilter helps us enormously. With a bit of care and a healthy degree of paranoia, you can save costly repair bills to your computer.
- Kelvin
Subject: Britney Spears Fails To Appear For Latest Custody Hearing
From: Lilia-aapapuut@ccaurora.edu
Lesson: Don't click on links in emails where you don't know the source and certainly don't download anything.
Certainly a subject with Britney in it is popular with the malware writers. In this case the email contains a link which is to an executable file. For obvious reasons we won't reproduce the link her.
The trick with these types of emails is to hover your mouse over the link. You can then see the web site address that you will be sent to and in this case it is a program which you would have to download.
Subject: Fedex tracking number 4116375689
From: rtivoiviq@boks.com
Lesson: Even if you are dealing with Fedex that email address is not Fedex and don't touch that attachment.
The Fedex email has just started to occur. Our anti-virus software doesn't detect it as a virus. The online file scanner service we use as mentioned in MyAnswers solution 1890 returned the zip file MRDI8761223.zip as clean and the contained file MRDI8761223.exe with no conclusion. Now in this case I would still delete this type of email. It is from someone I don't know. It is a concern that it came back as being determined as clean for one part and nothing for the contained file. That actually lead me to believe the report was the file was clean. Don't take the risk with this type of email.
Subject: Your Online Flight Ticket N 29749
From: qiyhmvlrgaqy@blcc.com
Lesson: Don't get tricked if you are booking a holiday. We see these types of emails most days.
Who couldn't do with a holiday, but watch out, this is a very common ploy to trick you into opening the attachment and running the program. They have said they charged my credit card and none of us like our credit card charged if it wasn't us. Don't be tricked into action. Check the email address it is from. This email is supposedly from Southwest Airlines and that email address doesn't look like Southwest Airlines. Although don't rely on email addresses as they are fake. Some fakes are so good it is hard to tell them from the real emails.
I submitted the attachment to the online file scanner service. The automated system has came back with the response of no conclusion. When this happens I suspect they manually take the files and analyse them. If there are malicious files, I've found it will take a day or two and then they will use this information to update their anti-virus software. As you can see that could be days after the outbreak of a new virus.
What I am letting you know that even if you have anti-virus software, you aren't protected from the new viruses which are released on the Internet every week. Use your ant-virus software, but also use commonsense. You will end up regretting opening that attachment or clicking on the link which came via an email if you let your guard down. But don't just be watchful of emails, I have seen going to web sites in the past infect computers. Do take care.
I hope the above examples receive today help others to avoid being duped by the malware writers. Sadly a badly infected computer is expensive to repair. In many cases it is faster to reload the operating system and since many computers don't come with reinstall disks, this can be a costly and time consuming exercise.
Treat every email from an unknown source with suspicion. A product like OzEfilter helps us enormously. With a bit of care and a healthy degree of paranoia, you can save costly repair bills to your computer.
- Kelvin
Thursday, August 21, 2008
Podium Power! The 7 Steps to Successful Presentations
Deanna's next Podium Power! course is scheduled for the 13th of September.
Join the trend and sharpen your presentation skills to the level where you can overcome anxiety and fear, go beyond your normal expectations and become a powerful and outstanding presenter! This introductory workshop will equip you with the tools and skills to add to your existing foundations and allow you to present with flair and finesse. Podium Power! is designed specifically to cater for your needs and wipe out those barriers that have previously prevented you from the being the outstanding presenter you can be. Register now! and bring back the Wow factor!
You can find Deanna on the JustLocal 3000 postcode page.
- Kelvin
Join the trend and sharpen your presentation skills to the level where you can overcome anxiety and fear, go beyond your normal expectations and become a powerful and outstanding presenter! This introductory workshop will equip you with the tools and skills to add to your existing foundations and allow you to present with flair and finesse. Podium Power! is designed specifically to cater for your needs and wipe out those barriers that have previously prevented you from the being the outstanding presenter you can be. Register now! and bring back the Wow factor!
You can find Deanna on the JustLocal 3000 postcode page.
- Kelvin
Wednesday, August 20, 2008
Virus alert - Fedex tracking number 2044499162
We noticed a number of emails with "Fedex tracking number" in the subject. This type of email was also noticed by a contact so we felt it appropriate to let others know.
The earlier UPS tracking email was confirmed as a malicious email and as a result of our submission, the virus has now been used to update one of the anti-virus companies software package.
We don't normally receive these emails as our software OzEfilter, enables us to delete these emails at the mail server safely away from our computer. The next email we receive having the subject "Fedex tracking number" we will test and let others know what we find out.
For those interested in OzEfilter, a time limited free version is available.
- Kelvin
The earlier UPS tracking email was confirmed as a malicious email and as a result of our submission, the virus has now been used to update one of the anti-virus companies software package.
We don't normally receive these emails as our software OzEfilter, enables us to delete these emails at the mail server safely away from our computer. The next email we receive having the subject "Fedex tracking number" we will test and let others know what we find out.
For those interested in OzEfilter, a time limited free version is available.
- Kelvin
Monday, August 18, 2008
Virus alert - Emails from UPS in the form Tracking N 4918016181
Hi,
Of late I have noticed quite a number of malicious emails which have a subject such as "Tracking N 4918016181", where the number varies and the email appears to be from UPS (United Parcel Service of America).
Attached is a zip file and inside the zip files is an executable. It is extremely important to treat all emails from others with suspicion if you receive an email which has an attachment and you are not expecting it, even if it is from family, friends and companies you know.
In this case the user's anti-virus software had expired and they had just used the UPS service, so what would normally have been treated with suspicion, was thought to be a valid email response from UPS.
The result was an infected computer. The infection is difficult to fully remove and has damaged the Windows installation. A full reload of the computer will be required.
Make sure you keep you anti-virus software up-to-date and use a product like OzEfilter, which helps to stop malicious emails before they get into your computer. Treat all emails from anyone with suspicion, in particular any email that you are not specifically expecting that contains an attachment. Even if the email is from someone you know, still treat it with suspicion, as they may also have been tricked. In the MyAnswers solution 1890 we provide details of an online scanning service where you can check an attachment to see if it is infected.
Most of all, practise safe computing. In all the years I have rarely seen a virus infection that has not been the result of the users own actions. A healthy degree of suspicion is good when it comes to receiving emails.
- Kelvin
Of late I have noticed quite a number of malicious emails which have a subject such as "Tracking N 4918016181", where the number varies and the email appears to be from UPS (United Parcel Service of America).
Attached is a zip file and inside the zip files is an executable. It is extremely important to treat all emails from others with suspicion if you receive an email which has an attachment and you are not expecting it, even if it is from family, friends and companies you know.
In this case the user's anti-virus software had expired and they had just used the UPS service, so what would normally have been treated with suspicion, was thought to be a valid email response from UPS.
The result was an infected computer. The infection is difficult to fully remove and has damaged the Windows installation. A full reload of the computer will be required.
Make sure you keep you anti-virus software up-to-date and use a product like OzEfilter, which helps to stop malicious emails before they get into your computer. Treat all emails from anyone with suspicion, in particular any email that you are not specifically expecting that contains an attachment. Even if the email is from someone you know, still treat it with suspicion, as they may also have been tricked. In the MyAnswers solution 1890 we provide details of an online scanning service where you can check an attachment to see if it is infected.
Most of all, practise safe computing. In all the years I have rarely seen a virus infection that has not been the result of the users own actions. A healthy degree of suspicion is good when it comes to receiving emails.
- Kelvin
Thursday, August 14, 2008
Virtual Profit Sharing welcomes Rising Star eBooks.
Renée Barber of Rising Star Designs & Communications has launched Rising Star eBooks as a Virtual Profit Sharing opportunity and is promoting the eBooks of the well respected and talented international writer, Jo Parfitt. This is a great opportunity for VPS members and JustLocal readers who wish to pursue their passion.
Jo Parfitt has been on the 'expat roller coaster' for 20 years. She has lived and worked in Dubai, Oman, Norway, England and now The Netherlands. Jo writes, speaks and teaches about what she has learnt during her time overseas, maintaining a portable career based on her passion—writing. She is well known internationally for the 25 books she’s written on subjects ranging from cookery to careers and writing and has been published in magazines and newspapers around the world. Jo currently writes columns for The Expat Telegraph, Global Connection and Xpatriate magazine.
The eBooks available from Rising Star eBooks delve deeply into identifying your passion and making a living out of it. What could be better than that?
- Kelvin Eldridge
Jo Parfitt has been on the 'expat roller coaster' for 20 years. She has lived and worked in Dubai, Oman, Norway, England and now The Netherlands. Jo writes, speaks and teaches about what she has learnt during her time overseas, maintaining a portable career based on her passion—writing. She is well known internationally for the 25 books she’s written on subjects ranging from cookery to careers and writing and has been published in magazines and newspapers around the world. Jo currently writes columns for The Expat Telegraph, Global Connection and Xpatriate magazine.
The eBooks available from Rising Star eBooks delve deeply into identifying your passion and making a living out of it. What could be better than that?
In Brief:
- A Career In Your Suitcase is a great place to begin if you’re looking for your passion in life and a way to make money by following it. It is a practical guide with plenty of exercises and examples from real life people who are following their dreams.
- Grow Your Own Networks is all about training yourself to embrace the idea of networking which is ‘about building relationships and making friends’. Learn how to put networking to work for you.
- Definite Articles is an eight part writing course which teaches far more than just the mechanics of writing. You will also learn how to find the markets that are out there and how to make the editors say ‘yes’.
- On the pages of Expat Entrepreneur, you’ll learn how to use moving overseas as an opportunity to reinvent and revitalise your career.
- In Expat Writer, 'Book Cook', Jo Parfitt, shares over two decades of hard won experience with you. In this step-by-step recipe book for success, where you'll learn everything about the writing process, self publishing, pitching to publishers and more.
- Find Your Passion gives you 20 tips and 20 tasks to help uncover your unique contribution, the person you were born to be and the things you love to do.
- Kelvin Eldridge
Thursday, August 07, 2008
I received a bunch of flowers and it wasn't Valentine's day.
Hi,
I just received a YouTube link from the very lovely Deanna Roberts, a JustLocal friend who can be found on the JustLocal postcode page 3000, where she is known for her presentation courses.
It never ceases to amaze me how we are all talented in many areas and yet most of us know little more about each other than the main talent we are known for. One of Dianna's many talents is photography.
Please enjoy Deanna's video presentation titled Floraworld 1, and enjoy the flowers. It is not often I send them;-)
- Kelvin
Is it OK, ok, Ok or okay?
Some people have asked what do I do when checking words to be included or excluded in the dictionary files I produce.
The following is an example of the work undertaken to check words for inclusion in the Australian English spellcheck dictionaries. Our first point of reference is the authoritative resources of the leading dictionaries used on Australia and then if the results of not conclusive we review usage using the body of documents available to us via the search engines.
In this case the answer is not a clear cut answer.
If we check the Macquarie dictionary we find "okay" is the first listed word and it should also be noted it is referred to as being colloquial. The Macquarie lists "ok" and "OK" as additional variations. The Australian Oxford English dictionary list "OK" and "okay" as an additional variation.
At this stage it does mean we can rule out the mixed case usage of "Ok" and that's a start.
At this point we now check the body of documents available to us via the Internet. This body of documents is not considered authoritative, but can often be used to assist us to confirm which authoritative reference more correctly most probably reflects current usage in Australia. The tool usage is a tool I created for the purpose and called the Kelvinometer. This is a convenient tool which summarises the number of pages from Australia returned by Google Australia and Yahoo Australia which contain the words or phrases.
With words like "ok" we find it is best to ask the Kelvinometer about the word and use it in context. The reason is on almost every dialogue on a computer you will see OK or Cancel. So we don't want to confuse technology usage with regular usage.
In this case we ask the Kelvinometer to return results for "is it ok" and "is it okay".
At this stage we have the result we need for the full version of the Australian English spellcheck dictionaries. That is "ok", "OK" and "okay" are all acceptable entries.
For many people that is all that is required. My aim however is to go one step further. The full version of the Australian English spellcheck dictionaries is known as a descriptive dictionary where it lists the words used in Australia. My aim is to find the predominantly used word and exclude secondary variations to create Australia's only prescriptive spellcheck dictionary. It is generally not considered incorrect to use the main spelling of a word, but many people consider secondary spellings to be incorrect. Thus the Kelvin version of the Australian English spellcheck dictionaries provides the best dictionary for those who wish to be right, most of the time. It also simplifies the language by removing the confusing multiple spellings and leads to more consistent spelling in documents.
The results are four to one in favour of the "ok" or "OK" usage. So now we have "ok" and "OK" as the two variations most used in Australia about 80% or more of the time.
So out of these two variations which is used more often? At this point we don't have a tool to produce an extract of documents from the search results, so we now do a manual sample check on the results returned by the search engines.
A check of the first 200 pages returned by Google gives us the following:
OK - 109
ok - 84
other - 7. This included O.K. and Ok.
Now I will admit that 200 pages may not be a statistically appropriate sample and a statistician could best suggest the required sample size. However based on this information it does confirm the Australian English Oxford dictionary entry which is "OK" as the predominant spelling variation.
The "OK" variation is now the spelling variation which will be included in the Kelvin version of the Australian English spellcheck dictionary.
I hope by working through this example this also helps others in their desire to fine tune their usage of Australian English.
- Kelvin Eldridge
Creator and maintainer of the Australian English spellcheck dictionary files now suspected to be used by over a million Australians. You can find more on the dictionary work at http://www.dictionary.justlocal.com.au/. You can also find links to the dictionary on the http://www.justlocal.com.au/ page.
The following is an example of the work undertaken to check words for inclusion in the Australian English spellcheck dictionaries. Our first point of reference is the authoritative resources of the leading dictionaries used on Australia and then if the results of not conclusive we review usage using the body of documents available to us via the search engines.
In this case the answer is not a clear cut answer.
If we check the Macquarie dictionary we find "okay" is the first listed word and it should also be noted it is referred to as being colloquial. The Macquarie lists "ok" and "OK" as additional variations. The Australian Oxford English dictionary list "OK" and "okay" as an additional variation.
At this stage it does mean we can rule out the mixed case usage of "Ok" and that's a start.
At this point we now check the body of documents available to us via the Internet. This body of documents is not considered authoritative, but can often be used to assist us to confirm which authoritative reference more correctly most probably reflects current usage in Australia. The tool usage is a tool I created for the purpose and called the Kelvinometer. This is a convenient tool which summarises the number of pages from Australia returned by Google Australia and Yahoo Australia which contain the words or phrases.
With words like "ok" we find it is best to ask the Kelvinometer about the word and use it in context. The reason is on almost every dialogue on a computer you will see OK or Cancel. So we don't want to confuse technology usage with regular usage.
In this case we ask the Kelvinometer to return results for "is it ok" and "is it okay".
At this stage we have the result we need for the full version of the Australian English spellcheck dictionaries. That is "ok", "OK" and "okay" are all acceptable entries.
For many people that is all that is required. My aim however is to go one step further. The full version of the Australian English spellcheck dictionaries is known as a descriptive dictionary where it lists the words used in Australia. My aim is to find the predominantly used word and exclude secondary variations to create Australia's only prescriptive spellcheck dictionary. It is generally not considered incorrect to use the main spelling of a word, but many people consider secondary spellings to be incorrect. Thus the Kelvin version of the Australian English spellcheck dictionaries provides the best dictionary for those who wish to be right, most of the time. It also simplifies the language by removing the confusing multiple spellings and leads to more consistent spelling in documents.
The results are four to one in favour of the "ok" or "OK" usage. So now we have "ok" and "OK" as the two variations most used in Australia about 80% or more of the time.
So out of these two variations which is used more often? At this point we don't have a tool to produce an extract of documents from the search results, so we now do a manual sample check on the results returned by the search engines.
A check of the first 200 pages returned by Google gives us the following:
OK - 109
ok - 84
other - 7. This included O.K. and Ok.
Now I will admit that 200 pages may not be a statistically appropriate sample and a statistician could best suggest the required sample size. However based on this information it does confirm the Australian English Oxford dictionary entry which is "OK" as the predominant spelling variation.
The "OK" variation is now the spelling variation which will be included in the Kelvin version of the Australian English spellcheck dictionary.
I hope by working through this example this also helps others in their desire to fine tune their usage of Australian English.
- Kelvin Eldridge
Creator and maintainer of the Australian English spellcheck dictionary files now suspected to be used by over a million Australians. You can find more on the dictionary work at http://www.dictionary.justlocal.com.au/. You can also find links to the dictionary on the http://www.justlocal.com.au/ page.
Tuesday, August 05, 2008
If you run a home based business, grab a post office box whilst you can.
They say your home is your biggest asset, but what if you are dealing with big business and live in a run down shack. Until now what our homes looked like really didn't matter in business, because it was hard for others to see our homes. Not any more.
Google maps now makes available the picture of people's homes. You might want to try it. Enter your address into Google maps and see if your house comes up. If it doesn't now, then it probably soon will. (A convenient link to Google maps can be found in the 3106 Local Community Guide.)
Now when you use your home address as your business address, your customers can check out the type of house you live in. That could win you business, but it may also lose you business. Whether your house is a mansion or a rented unit, either way it can impact what others think of you and that could affect your business.
If you have been thinking about getting a post office box, perhaps now is the time to get one before others realise their home is now visible for everyone to see. I can see demand for post office boxes increasing in the near future. I have long believed in keeping our private address separate from our business but even I never anticipated this to be a reason. Now home based business owners need to make a decision as to whether their home really is an asset to their business.
Thanks to the JustLocal friend who gave us the heads up on Google's growing facilities.
I wonder what you think about having a picture of your home available so easily available on the Internet?
- Kelvin
Google maps now makes available the picture of people's homes. You might want to try it. Enter your address into Google maps and see if your house comes up. If it doesn't now, then it probably soon will. (A convenient link to Google maps can be found in the 3106 Local Community Guide.)
Now when you use your home address as your business address, your customers can check out the type of house you live in. That could win you business, but it may also lose you business. Whether your house is a mansion or a rented unit, either way it can impact what others think of you and that could affect your business.
If you have been thinking about getting a post office box, perhaps now is the time to get one before others realise their home is now visible for everyone to see. I can see demand for post office boxes increasing in the near future. I have long believed in keeping our private address separate from our business but even I never anticipated this to be a reason. Now home based business owners need to make a decision as to whether their home really is an asset to their business.
Thanks to the JustLocal friend who gave us the heads up on Google's growing facilities.
I wonder what you think about having a picture of your home available so easily available on the Internet?
- Kelvin
Monday, August 04, 2008
What you can do if you keep getting infected emails from the one computer on the Internet.
Of late I have been receiving the same "You've received A Hallmark E-Card!" from the one computer on the Internet. It is very probable the person with the computer does not know their computer is infected and sending out the emails. So what can you do in this situation.
First you need to make sure the email is coming from the same person. The Hallmark E-Card has been coming to us from multiple computers, but I suspect most people in time realise they have an infection and fix the problem. Some people don't know for some time. This can lead to the ISP stopping their service until the problem is fixed.
How do you know the email is coming from the one computer and not many computers.
In my case I use OzEfilter and often I see the IP address of the computer that sent the email. In this case the IP address was 124.149.195.100.
The first thing to do is to check it is coming from Australia. Australian ISPs I've found are responsive. I use the following tool to find out the country of the IP address.
http://www.justlocal.com.au/clients/ip2country/index.php?address=124.149.195.100
(Just change the address at the end for the IP address sending you emails.)
Now you have checked the IP address is from Australia, you have to find who owns the IP address.
For IP addresses from Australia we can use the site http://www.apnic.net/. If you enter the IP address in the search at the top right of the page, you will get information as to who currently owns the IP address. In this case the IP address is owned by Westnet and so it is one of their clients who has the infected computer.
Since you can't contact the person directly, the only way I know is to log an abuse issue to the ISP who currently owns the IP address. The abuse email address is found in the page on the apnic site. You need to also send the header information from the email so the ISP has sufficient information to take action.
Usually this type of action is not required as most people realise fairly quickly when their computer has an infection. Where you keep getting emails for a number of days then it makes sense to do something as the person is not aware they have an issue.
It should be noted that we are not certain whether the attachment which comes with the email is harmful or not. We have checked the attachment with multiple sources and cannot find it contains malware. It is not detected as malware by our anti-virus software. In any case it is best to be careful and simply delete the email permanently off your computer.
- Kelvin
First you need to make sure the email is coming from the same person. The Hallmark E-Card has been coming to us from multiple computers, but I suspect most people in time realise they have an infection and fix the problem. Some people don't know for some time. This can lead to the ISP stopping their service until the problem is fixed.
How do you know the email is coming from the one computer and not many computers.
In my case I use OzEfilter and often I see the IP address of the computer that sent the email. In this case the IP address was 124.149.195.100.
The first thing to do is to check it is coming from Australia. Australian ISPs I've found are responsive. I use the following tool to find out the country of the IP address.
http://www.justlocal.com.au/clients/ip2country/index.php?address=124.149.195.100
(Just change the address at the end for the IP address sending you emails.)
Now you have checked the IP address is from Australia, you have to find who owns the IP address.
For IP addresses from Australia we can use the site http://www.apnic.net/. If you enter the IP address in the search at the top right of the page, you will get information as to who currently owns the IP address. In this case the IP address is owned by Westnet and so it is one of their clients who has the infected computer.
Since you can't contact the person directly, the only way I know is to log an abuse issue to the ISP who currently owns the IP address. The abuse email address is found in the page on the apnic site. You need to also send the header information from the email so the ISP has sufficient information to take action.
Usually this type of action is not required as most people realise fairly quickly when their computer has an infection. Where you keep getting emails for a number of days then it makes sense to do something as the person is not aware they have an issue.
It should be noted that we are not certain whether the attachment which comes with the email is harmful or not. We have checked the attachment with multiple sources and cannot find it contains malware. It is not detected as malware by our anti-virus software. In any case it is best to be careful and simply delete the email permanently off your computer.
- Kelvin
Subscribe to:
Posts (Atom)