“Firewall Update Notification”
May 13, 2007 on 10:28 am | In Information, Spam |I just received a fraudulent e-mail from overseas today with the subject of “Firewall Update Notification.” As you will see, the social engineering techniques used in this e-mail make it appear sincere and legitimate; which is how these online con artists write their messages to entice victims into their deadly webs. The body of the e-mail (with all the links changed for your protection) reads as follows:
Firewall Gold Message Center: You may need to update your Firewall security settings as soon as possible:
Press here to update your Firewall security settings or read below for more information: http://Fraudulent website
There is a high possibility that your PC’s Firewall security settings may become exploited by malicious websites without your knowledge. This could easily lead to the following attacks on your PC’s hard drive:
- Unwanted Virus Downloads
- Uncontrollable Trojan horse attacks
- The running of unwanted script programs
- The installation of malicious spyware
If your PC is not protected correctly then these attacks could allow hackers to track your movements across the Internet. It also means that your information, ranging from passwords to credit card numbers, can be stored by sites that you visit. A successful hacker could examine this information and extract it, setting the stage for identity theft, credit card fraud, or worse.
Press here for more information on how to make certain you are protected: http://Fraudulent website
Some unknown or untrusted websites use script programs to change your home page, modify your web history, display advertisements, disable your back button, or redirect you to different websites without your consent. Such scripts have also been recently used by Russian hackers to silently install viruses on end-user’s computers.
One way to protect your PC is to download this new FIREWALL software program.
Press here to run the Firewall system scan now:
http://Fraudulent website
If you feel that you are receiving this email in error or are not interested in receiving future “FIREWALLGOLD” offers please go to this page: http://Fraudulent website or contact us via regular mail at:
Firewall Gold Promotions
100 E. San Marcos Blvd
San Marcos, CA 92069
Please refer all questions, opinions or additional feedback to promediaadvertising@gmail.com
or write to:
ProMedia Advertising
7282 55th Avenue E
Bradenton, FL 34203
To remove your email from our database or unsubscribe
http://Fraudulent website
I did a DSN lookup for the originating IP Address of this e-mail and the search returned the following information:
IP address: 60.49.99.198
Reverse DNS: tm.net.my.
Reverse DNS authenticity: [Could be forged: hostname tm.net.my. does not exist]
ASN: 4788
ASN Name: TMNET-AS-AP (TM Net, Internet Service Provider)
IP range connectivity: 2
Registrar (per ASN): APNIC
Country (per IP registrar): MY [Malaysia]
Country Currency: MYR [Malaysia Ringgits]
Country IP Range: 60.48.0.0 to 60.51.255.255
Country fraud profile: High
City (per outside source): Batu Pahat, Johor
Country (per outside source): MY [Malaysia]
Private (internal) IP? No
IP address registrar: whois.apnic.net
Known Proxy? No
As you can see in the body of the e-mail, the contact information shows California and Florida addresses; however, this e-mail comes from Malaysia. The DNS search results also indicate that this IP Address could be forged, since the “tm.net.my” domain does not exist. There were numerous links throughout the e-mail that were likely malicious and could have downloaded backdoor Trojans, keyloggers, Rootkits, or other harmful code to your computer. In fact, the attacks they were warning about are probably the same attacks that would have occurred when someone clicked the links…imagine that!
If you do not know how to find this information, our eBook “Home Network Security” will guide you through the steps that were used to discover this information. Download your copy from our products page today at http://www.pc-armor.com/products.asp and learn how to discover fraudulent e-mails BEFORE opening them and infecting your computer.
Finally, the DNS search results gave me a range of IP address for Malaysia and since I never receive anything legitimate from Malaysia, I added the 60.48.0.0 to 60.51.255.255 Country IP Range to the list of “Banned” IP addresses in my firewall rules; thus, preventing my computer from connecting to any site within that range in the future.
Fraudulent e-mails are increasingly filling up inboxes every day…awareness and knowing how to protect yourself are tools to help you keep your computer safe from intruders. Our eBook, “Home Network Security” will show you many settings to change in Windows 2000/XP and offer numerous techniques to avoid becoming a victim.
7 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Entries and comments feeds. Valid XHTML and CSS. ^Top^ Powered by WordPress with jd-nebula-3c theme design by John Doe.
Thank you for posting this information as it was very helpful. I am a computer technician and a client forwarded this same email to me today, questioning whether it was valid or not (so it’s still floating around five months after your post). While it’s obvious it’s a scam, your in-depth analysis of the message was both interesting and helpful. Again, thank you!
Murray Martin
Comment by Murray Martin — September 18, 2007 #
Isn’t it strange how these things circulate, go away, and then re-surface later? In fact, I received another one today; identical to the first, except this time…the URL they wanted the victim to click points to a “Payday Loan Service“. When I checked out the registration information for the domain, I found it was owned by an Advertising company in Florida; however, when I looked up the originating IP Address for the e-mail, I found that it came from Brazil.
The important thing for people to remember is: do not fall for social engineering tricks and ALWAYS question any e-mail asking for information OR selling something, because chances are high that it is fraudulent.
A little research is always worth your time!
Comment by blog — September 22, 2007 #
Thanks for the info. It’s too bad there isn’t some way to shut down these predators… Perhaps there will be someday.
Comment by Jarvis White — September 25, 2007 #
We agree. The problem is all the zombie computers in the Botnets…how do you shut them ALL down? There is a lot of malicious content being spewed out from infected computers from normal everyday people who are unaware that their systems are infected and churning out malicious content.
We are currently working on an idea to help choke off this traffic and make it more difficult for spammers and other cyber criminals succeed in their malicious craft. We hope you keep reading our blog, because within the next couple of months, we plan to unveil this idea.
Comment by blog — September 26, 2007 #
My friend got the same e-mail, so I did the research.
Thanks,
Phil
Comment by Phil — January 17, 2008 #
So it’s now March, 2008 and I thought you should know that this same message is still out there (again)!!!!!!! In my newest version, the stop after the address in CA and make no mention of the FL advertising firm.
Coincidentally, did you ever hatch that idea for “choke off this traffic and make it more difficult for spammers and other cyber criminals succeed in their malicious craft”? If you did … How much is it and where can I get?
Comment by Andrew — March 26, 2008 #
Andrew,
Thank you for inquiring about “choking off traffic…” We are currently in the process of upgrading our web site and with that upgrade; we will be introducing a new page named “PC-Armor University” where we will be offering very affordable video tutorials designed to walk any English speaking computer user through the process of hardening Windows 2000 and XP. Our idea is if more people eliminated computer vulnerabilities and knew how to check for malicious email content and protect themselves from becoming compromised by malicious web sites, the numbers of zombie computers and Botnets would go down…if these numbers decrease, then the amount of spam and attacks should decrease as well. Of course, the end user needs to get on board with this idea and many people do want to understand how to secure their systems…the problem is the information guiding them through the process is either highly technical and complicated, or simply not readily available. We will start offering video tutorials soon that the end user will be able to download to their computer and view using Windows Media Player. The videos will literally show you every mouse movement and screen as if you were viewing it live; all you have to do is repeat what you see on your computer(s). The videos will have narration explaining the process and why each configuration step is being implemented. It will be up to the end user to do as we do.
We hope to have the web site ready within the next couple of weeks; the time frame is dependent on the web developers.
We hope this answers your question.
PC-Armor
Comment by blog — March 26, 2008 #