Paul Doherty’s Notebook

I’ve had a couple of MSN messages recently which consist simply of a link.  On going to the link, I see something like this:

I suspect my MSN friends fell for this scam; once they have told the site their MSN username and password, it can impersonate them and send messages to their friends — me in this case.

Anyone who has fallen for this scam should immediately change their MSN password. See instructions on the MSN website here.

This scam has been around for a long time in different guises. Sometimes it says you have won a prize (typically a free iPod or a free iPhone) and you should type in your username and password to “validate your identity” and claim your prize.

Never type your username and password into a website you don’t know!

I’ve added a permanent page on this subject.

A user updated AVG 7.5 to 8.0 yesterday, and found that it froze her PC on reboot. (After login the desktop background appeared, but no Start button or icons.)

I found the cause was a trial copy of BullGuard which had been supplied with the PC. She had never used it but had not uninstalled it, and it duly expired. AVG 7.5 seemed to be happy to live alongside it, but AVG 8.0 most definitely wasn’t (it’s never a good idea to run two anti-malware products at the same time).

Be sure to remove all other always-running anti-virus products, whether expired or not, before you install AVG 8.0.

I’m seeing a lot of spam today with titles like Customs - We have received a parcel for you or Customs, please read. There was a lot yesterday about undelivered parcels from UPS.

These have a zipped attachment which is infected with a virus. Typical text of the e-mail is:

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Grover Sterling
Your Customs Service

or

Dear Sirs,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Casey Rhoades
Your Customs Service

The giveaway, as always, is that they are not addressed to you by name, and they come from unlikely e-mail addresses (typically harvested from infected computers). The two above came from Customs Service <lvsgjjo@bluegrassgroup.com> and Customs Service <cwq@blmbuilders.com> but each one will be different.

At the time of writing, these were not detected as malicious by AVG 8.0 (and nor by Symantec, Norton, McAfee, Avast, Ewido, F-Prot, Kaspersky or Panda). Just delete them.

If you have run the attachment (by double-clicking the contents of the zip file, typically) you’ll soon start getting warnings that “Your computer is infected” and inviting you to download software to clear it. The warnings are part of the infection, and the software it wants you to download will makes matters much worse. Don’t download anything, and contact someone who can help you remove the infection.

PS: I’m seeing a lot of fake airline ticket sales today (20 August). They typically start:

Hello,
Thank you for using our new service “Buy flight ticket Online” on our website.
Your account has been created:

and then go on to give login details for a website whose address is not stated (!) and say your credit card has been charged for some amount (usually about $650). A “ticket” is attached.

The usual things give it away: not addressed to a specific person; dodgy attachment (this one is called Ticket_N141-SK.zip and contains a file called Ticket_N141-SK.exe — a file ending in .exe is a program, and this one is instantly detected by AVG 8.0 as containing trojan Pakes.AFL).

Be careful not to run Ticket_N141-SK.exe, and just delete the e-mail and its attachment.

(Aug 23)  Sophos reports yet another variant, “Statement of Fees 2008/09″, whose attachment is sneakily named “Fees_2008-2009.doc______________.exe”.   They hope you’ll think it’s a Word document (.doc) not a program (.exe).   As Sophos says, “Don’t let curiosity get the better of you - don’t open the attachment if you didn’t order the package, or the tickets, or the contract, or the accommodation … or whatever else they’ll come up with next.”

I’ve added a reference page about phishing spam. This is spam that tries to fool you into logging into a fake website which is pretending to be your bank.

Easy enough to avoid once you know the signs.

When Firefox updated itself to 2.0.0.14 recently, I found that many of my add-ons stopped working, among them Adblock and the British English Dictionary. Message shown on Tools | Add-ons was “Incompatible with this version of Firefox”.

This turned out not to be true. Re-installing them was painless and got them all working again.

AVG 8.0 is now out.

There is a free version at http://free.grisoft.com

This is the procedure I generally follow:

1. Download Version 8 from here.

2. Uninstall the current version (typically 7.5).

3. Restart the PC.

4. Install the new version by running the downloaded file.

I choose NOT to install the “Security Toolbar” when asked.

The new version seems to be a useful improvement — it runs quicker than 7.5 on my PC and also searches for spyware (and tracking cookies) which 7.5 didn’t.

AVG adds some anti-spyware features from Ewido (AVG has bought Ewido) which 7.5 didn’t have; for that reason earlier versions of Ewido need to uninstalled before AVG 8.0 can be installed. The AVG 8.0 installation process checks for their presence and will warn you if it finds them.