Subject: Please update your Firewall as soon as possible

We have found that it was from a bogus site with the following information:

From: “Firewall Update Notification”

The message is trying to get you to believe that your firewall needs updating as soon as possible.

As you can see it came from a site called cupboss.com which is a Spam Domain and NOT from SonicWall or any reputable Firewall company.

If you are a CPU Help network customer with a SonicWall firewall, then those units update themselves. For those of you using the firewall that came with your Anti-Virus Internet Security program then it, too, updates itself.

DO NOT under any circumstances even bother opening these emails as you risk infection from behind your Anti-Virus protection.

Please feel free to contact CPU Help if you have any questions or have managed to get infected by this bogus email.

Please pardon the terminology that I am about to use. I don’t know about you but I get very annoyed by, what I can only describe as morons, assuming that I might be stupid enough to believe their often misspelled and broken-english emails.

Here is one that I just got today that was sent to one of my email addresses, which is NOT the email address that appears in the Dear field. That email address isn’t even one of mine.

The From Field contained:
From: “Ali Bailey” (etruriakp9@sdgoth.org)

The Subject line reads:
Your friend has made you an greeding e-card at 123greetings.com

I dissected the email and The body of the email reads:
Dear dmcconnell@capstv.org,

Your friend has made you an greeding e-card

Your e-card will be available with us for the next 30 days. If you wish to keep the e-card longer, you may save it on your computer or take a print.

To view a copy of the e-card you have sent click on the following Internet address or copy & paste it into your browser’s address box.

http://76380.webhosting29.1blu.de/djellow.exe

Best wishes,

Postmaster,

Did you notice that “an greeding e-card” showed up both on the Subject line and in the body of the email? And, “Ali Bailey” (etruriakp9@sdgoth.org) is a Postmaster?!? It doesn’t even show that the email came from 123greetings.com which, by the way, is an actual greeting card site.

What in the world are these people thinking? What the heck is a “greeding e-card” anyway? And if you read closely, why would you want “To view a copy of the e-card you have sent…” if it was one that your friend had just sent to you?

I know that none of my customers and loyal readers would be dumb enough to fall prey to anything like this. All these morons are doing is making us less likely to click on any email, even if they are legitimate, that we don’t recognize. Unfortunately, this is what I have to recommend anyway these days and I am sure that legitimate businesses are the ones who lose out because of this. When will they stop the insanity?

I hope that you will pardon my acrimony. If you get emails like this and they insult your intelligence as this one, of many, insulted my intelligence then please share your thoughts on this matter. Maybe one day we will be able to get someone to do something about it.

Frank P Verdusco
CPU Help

They are doing this by generating thousands of tweets that contain malicious URLs and/or hashtags (words starting with a ‘#’ as in #followfriday, also known as trending topics).

They are hoping that you will click on the URLs which will then take you to a fake website. This website is designed to trick you into thinking that your computer is infected so that you will purchase their latest annoying anti-virus software such as, FastAntivirus2009.

PandaLabs reported that from June 2nd to June 3rd they noticed over 3000 of these malicious tweets. Some of the targeted phrases include:

#iranelection, free, invites, fake, girls, follow, blackout, control, tehran, Fathers Day, Fake Twitter Invites, Wordpress 2, Fallon, Top Chef, Tila Tequila Live, AT&T, Limp Bizkit, Sytycd, iPhone, Adam Lambert, Wipeout, Holocaust Museum, Miss California, Claim your Facebook, Squarespace, Lakers, NBA Finals, Zack Morris, addict, video, trailer.

Caution is strongly recommended before clicking on a link especially if you do not know who that particular tweep is. More and more people are using automated utilities to try and increase their number of Followers. This means that you will most likely NOT know who you are following or who is following you in which case you could fall victim to this new Twitter Ruse.

A note of interest: It has been reported that 40% of the Twitter accounts are Fake. With literally millions of users currently using Twitter, at 40% the number of Fake Twitter accounts that you could encounter is staggering.

There are also many legitimate URLs posted on Twitter that suffer because of these unscrupulous individuals. You need to be careful what you click on and who you follow. And always make sure that you have your own Antivirus program and keep it up to date.

For more information on this threat: Visualizing the Twitter Trends Attack

Stay Safe,
Frank Verdusco
CPU Help

Update for Microsoft Outlook / Outlook Express (KB910721)

The email also contained a link that looks legitimate for you to download the update. Don’t  do it!

ALERT!!! If you get an email like this, IT is a FAKE! DO NOT install this update!!! I repeat, DO NOT Install this Update, it is a FAKE!

It has been detected as a spyware threat Troj/Spy-CU.

Always go the Microsoft Update site to do your Windows Update. You will note that this particular update number does not show up on the Microsoft site, because it is not a real update.

If you inadvertently did install it, then I recommend doing an immediate Windows SYSTEM RESTORE to a date before you installed the update. If you are already bugged to the point where you cannot run a System Restore, then you will need to seek professional assistance ASAP!

Please feel free to contact me if you have any questions or need any assistance.

Frank Verdusco
CPU Help

Luckily, Sinowal.WHZ is easy to recognize. When it reaches your computer it will be attached to an email message which seems to have been sent by the UPS company.The message has the following characteristics:

* Sender: United Parcel Service of America

* Subject: Postal Tracking #%random characters%

* Message:

Hello!

We were not able to deliver postal package you sent on the 14th of March in time

because the recipients address is not correct.

Please print out the invoice copy attached and collect the package at our office.

Your United Parcel Service of America

* Attachment: UPS_FAX_%random characters%.

Even though you probably have not ordered a delivery on the mentioned date, the intent is for you to open the attached file to make sure that you are not being charged for a service you have not ordered.

If you open the attached file, then you will really be downloading a copy of the Trojan onto your computer. Like most of the variants of this family, Sinowal.WHZ is designed to steal infected users’ bank details.

We cannot stress this enough! Please be sure that you always have an Anti-Virus program protecting your computer and especially make sure that it is up to date. Then get your computer scanned immediately!

If you believe that you may be infected by this or another kind of malware then you can visit our website at www.cpuhelp.net and click the Ambulance on the upper left column for a Free virusscan.

Special! Protect up to 3 PCs now! Buy 2 years of Panda Internet Security 2009 and get one additional year FREE!!!