Alessandro Zanello

Start coming through fake warnings LinkedIn attempts to visit malicious sites to inattentive.
Attention to links contained in the message, other than what is shown, usually just consider the source of the message to find out that the href tag takes a completely different URL.

They are coming in these days so-called fake emails from shippers such as UPS and DHL.

These emails are attached as a zip file containing a trojan that secretly downloads a fake antivirus (Win 7 Anti-Spyware 2011 or Win 7 Anti-Virus 2011) find that dozens of infections on your PC and try to convince you to enter data of your credit card to register your antivirus and delete them.

Will be carried out covertly SMTP server connections to Yahoo, AOL, Gmail, GMX and IP addresses located in the Ukraine and Great Britain, predictably with the 'intent to send private data stolen from your PC.

Needless to say, the only thing to be eliminated will be the positive balance of your checking account.

The emails arrive but not only from these addresses:

ioprt14@dhl.com
supportmip11@dhl.com
PostMail-usid.3949 @ greensboro.com
dhltrak11@dhl.com
dhltraki1@dhl.com
PostMail-usa.8273 @ omaha.com
infojs@ups.com
adsupport3@ups.com
dfsupports1@ups.com
adminsuppo2@dhl.com
infoad2@ups.com
infoad22@ups.com
postmail-int69136@durham.com

Attachments can be named:

Post_Express_Label_No.30845.zip
UPS-document.zip
UPS notification.zip
United Parcel Service Notification Letter.zip
United Parcel Service document.zip
UPSnotify.rar
Post_Express_Label_SER.71816.zip
tracking.zip
Post_Express_Label_VID99184.zip
document.zip
DHL_documents.zip

The initial text was like this:

"Dear customer. The parcel was send your home address. And it will arrice Within 7 bussness day. More information and the tracking number in the document are attached below. "

where you can read several errors, but errors are disappearing in recent posts, meaning that the scam works and is fine, so we will have to be careful in the future.

Every time you download a file from the Internet that receives a marking that identifies it from Windows as a file downloaded and potentially dangerous. So Windows can alert every time you try to launch the file, which can pose a risk. The point lies in those two words - every time. If the downloaded file is an executable that does not need the whole setup becomes quite tedious, especially when under Vista or 7, which also require administrative rights, because in that case the interruption is twice, once for the unknown origin and a time for the usual UAC.

To solve the problem, edit the following registry keys under HKEY_LOCAL_MACHINE to make the change or under HKEY_CURRENT_USER touches every user to apply the change only to themselves.

These are the changes to make.

Before the string: Software \ Microsoft \ Internet Explorer \ Download (create it if it exists) which is assigned the value "No" and then a dword value named RunInvalidSignatures be set to 1.

Then go to the key:

Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Attachments

and create a dword value called SaveZoneInformation - set it to 1

Finally, go to the key: Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Associations

and create a string called LowRiskFileTypes - fill it with extensions that do not want the security warning, separated by ";" as in:

As usual, remember that manipulate the registry is dangerous and should be done only if you feel able to correct any errors and disable the security features of Windows may have negative effects.

Sometimes to register on a website you are required to provide an email address. If you know that you will return again and it has only one immediate use, you can use a static one-off, such as those provided by Mailinator . Do not need to register to use the service, just send an email to any address invented for the occasion, type 3egr9owp_2@mailinator.com and then visit the Mailinator site to collect mail. The Mailinator accounts offer no privacy and therefore do not use them for anything private, but offer the advantage that you get any spam that you would receive.

more »

Tizer Rootkit Razor ™ is a free tool that can remove malicious objects from your computer. As you know, rootkits have evolved from a form of protected music CDs to new tools for penetration and are very difficult to detect and eliminate, so that should still always begin by removing the disk and connect it to a different suspect as a PC hard outside if you want to have a chance.

Tizer Secure ™ Rootkit Razor is able to recognize and eliminate many rootkits , is compatible with Windows 7, is free for personal use and more effective than some commercial products.

It's called "tabnabbing" and is a new form of phishing is spreading on the Web, as explained by Aza Raskin, creative lead of Firefox, here , and as seen here:

A New Type of Phishing Attack from Aza Raskin on Vimeo .

This type of attack exploits the habit of users to open multiple tabs (tabs) within the browser during normal sailing then to consult them one by one. How it works.

While it is committed to displaying the contents of a card, if one of the other is open pending at an infected site containing a malicious script, it recognizes that the page does not have focus and is inactive for some time, and then redirects the open page on a site created ad hoc and very similar to a well-known (for example your bank or your Webmail provider, Facebook or Twitter), completing the trick with the replacement card icon on the site lawful.

When the user sees the icon of the known site on that card and he thinks it is opened, visiting it, is just across a page family, who asked for credentials, then enter their authentication data without checking thoroughly. The script stores the fraudulent credentials and leads the unsuspecting user on the page truly, truly autenticandovelo.

In this way the user perceives or even suspected of having been robbed of your account.

The attack can be refined and customized using the history stored in the browser, resulting in masterpieces of social engineering in the scam.

Some install the NOD32 antivirus and protect your settings with a password for added security. Then forget the password ... and then usually can not uninstall NOD32.

To remedy are located in different network solutions:

solution is to download the demo of Kasperski antivirus and start the installation, the program becomes aware of the NOD32 offers to remove it, what it can do even if the settings are password protected.

Another solution, easier and more practical, is to remove from the registry the following key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Eset \ Nod \ CurrentVersion \ Info \ PackageID

or, for other versions of NOD32, more recently, the key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ ESET \ ESET
Security \ CurrentVersion \ Info \ PackageID

At this point it will be possible to complete the uninstall process regularly.

As always, be careful when handling the registry.