Click to Enlarge

It’s a typical “Get free Steam games by giving us your login” site, distracting users by asking them to select the games they think they’re going to receive for free. It also goes one step further by claiming that 490, 682, 111 people “Already get gift”. If visitors to the website have Steam Guard enabled, they advise those users to “just turn off Steam Guard” which is up there with the author of some Malware advising somebody to turn off their security tools before running fakefile.exe.

Never turn off Steam Guard. If someone manages to grab your Steam login credentials, they’ll still need to access your email to input the one time use code into the Steam application to steal your account. Steam Guard is such a big deal where protecting accounts is concerned that in a recent Christmas competition one of the reward objectives was enabling Steam Guard protection.

Anyway, this is supposed to be the funny part. You know how sometimes a scam website will try to convince you that what they’re offering up is the real deal? Well, this is what passes for the truth, the whole truth and nothing but the truth in fake free games land:

Amazing. I smell a meme in the making…

Christopher Boyd

US-CERT is a highly esteemed and trusted body of security professionals who tackle cybersecurity issues in the United States. They also work with security vendors to address vulnerability issues. With such impressive credentials, it is possible that some private organizations, including federal, state, and local governments, might have fallen prey to this campaign since they appear to be the targets.

From the US-CERT website: “Reports indicate that SOC@US-CERT.GOV is the primary email address being spoofed but other invalid email addresses are also being used.

“The subject of the phishing email is: “Phishing incident report call number: PH000000XXXXXXX” with the “X” containing an incident report number that varies.

“The attached zip filed is titled “US-CERT Operation Center Report XXXXXXX.zip”, with “X” indicating a random value or string. The zip attachment contains an executable file with the name “US-CERT Operation CENTER Reports.eml.exe”, which is a variant of the Zeus/Zbot Trojan known as Ice-IX.”

The complete report is found here.

Jovi Umawing

“No way” indeed.

The Naked and Famous were displaying the following Tweet on their feed earlier:

Visiting hampaw(dot)ru takes the end-user to tivvitter(dot)com/twitter_stalk-trak_app_user, where they are presented with an application install page for something called “StalkTrak”:

The end-user can only progress to the next page if they enter both a username and a password – continuing past this screen will result in links to “StalkTrak” being sent to their followers.

Stalking apps are an old and tired scam dating back to the Myspace days, but unfortunately we continue to fall for them. Please steer clear of the above URL, and think twice before allowing any applications involving “Stalking” to access your Twitter account. You can always clean up your Twitter account here by revoking access to unwanted applications.

Christopher Boyd (Thanks to Jovi Umawing for assistance)

click to enlarge

The 19-page Internet Threats Trend Report mentions malware and spam trends in Q4 of 2011. It also ranks website categories that are most likely to house malware if compromised—Sites tagged as Pornography are at #3. Below are other notable finds in summary:

• India, Vietnam, and Pakistan were the top three countries with the most zombie computers.
• Phishers mostly targeted sites that were related to Games and Gaming.
• In Q4, spammers used fake @gmail.com email addresses to trick users into responding to their spam messages.

The report can be downloaded here.

Jovi Umawing

The scam arrives as an email that directs users to the URL, data-server(dot)host(dot)org/email/protect/chase/.

After Chase clients provide their credentials into the fields of the purported legitimate bank page and click Log on, they are then directed to another UI where they are to enter their email address and its password.

Chase clients, please be duly warned about this. For the rest, please delete from your inbox doubtful mails that purport to come from banks (including yours). If you received an email from your bank about your account, confirm with them via customer service.You know what they say: Better safe than sorry.

Jovi Umawing (Thanks to Robert)

Here’s a run occurring right now. You get a message from a friend:

Which leads to a Facebook page:

Which, when clicked, pushes a fake video codec that downloads Koobface:

And yes, my wife just got one from a friend. He was rather surprised when I called him…

Using the search term “Swine flu protection”, 8^th result:

Using “swine flu statistics”, 2^nd result:

Clicking on the link leads to a fake malware scan page (currently dead). 

 As posted on Sunbelt Blog

From: FEDERAL BUREAU OF INVESTIGATION [mailto:fbisecuritydeptoffice@org]
Sent: Tuesday, April 07, 2009 9:40 AM
Subject: FEDERAL BUREAU OF INVESTIGATION HELP STOP SCAMS ON INTERNET

Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001, USA

FEDERAL BUREAU OF INVESTIGATION SEEKING TO WIRETAP THE INTERNET

The Federal Bureau of Investigation (F.B.I) write to you in correspondence to the meeting we recently had with the Federal Republic of Nigeria Government on the ERADICATION of SCAMS on the internet, Federal Bureau of Investigation
(FBI) Washington, DC in conjunction with some other relevant Investigation Agencies like Internal Revenue Service here in the United states of America have recently been informed through our Global intelligence monitoring network that you presently have a transaction with the Central Bank of Nigeria (CBN) as regards to your over-due contract payment which was fully endorsed in your favor accordingly.

After the meeting held on Monday 31st March 2009 at the Bank Auditorium Center , the whole conflict of SCAMS was revealed to us by the Board of Truste of Federal Republic of Nigeria mostly by the three arms of Government.

(The Judiciary, the Legislature and the Executive).

These three arms of Government has made us realize that the rampad of SCAMS over floating around the United State of America and some other part of the world was been set up by the root of some CBN Ex-Workers that have been suspended for sometimes due to their dubious characters of initiating people to impersonate the Government Workers to receive peoples hard earn money from them, mostly with the Executive Governor identity.

For these reasons, the Central Bank Executive Governor was invited to this office to defend the allegation against Him while he made complain that his office was not in charge of foreign transfer of funds, that the accredited office was Federal Ministry of Finance Department (FEDMINAP) in person of (Rev.Paul Badmus) as the Accountant General in charge of all foreign transfer payment files.

They also told us that the only problem they are facing right now is that some unscrupulous element are using this project as an avenue to scam innocent people off their hard earned money by impersonating the Executive Governor that is why the Federal Government has appoint Rev. Paul Badmus as the Payment Director of the Central Bank office.

The Federal government of Nigeria has approved that all overdue outstanding payments must be Paid on OR before 25th, April 2009, for the preparation of their next category to be paid which might leads to recalling of funds back to the Bank Treasury.

Meanwhile, we are also informed that a Man with an America passport number
(3028882234) came to the Central Bank affiliated bank office in U.K few days ago with a letter, claiming to be your true representative.

Here are the man informations bellow:

Name: Denis Marion
Bank Name: City Bank
Bank Address: Arizona, USA
Account Number: 6503809008.

INSTRUCTION/WARNING FROM ROBERT S. MUELLER III.

NB: You are urgently advised to please reconfirm the following to the Office of the Accountant General, as a matter of urgency if this Man is from you so that this office will not issue your fund and be held responsible, If this man isn’t of your true representative, you are requested to contact for your inheritance claim valued of US$12,500,000.00M (Twelve Million, Five hundred thousand United States Dollars)only will be remitted into your nominated bank account.

1) Your full name.
2) Phone, fax and mobile #.
3) Residential address.
4) Company name, Office position and Company address.
5) Profession, Age and marital status.
6) Working I’d / Int’l passport.

And should incase you are already dealing with anybody or office claiming to be from the Central Bank of Nigeria, you are further advised to STOP further contact with in person from africa in your best interest and then contact immediately the real office of the Central Bank of Nigeria (CBN) only with the below information’s accordingly:

NAME: REV. PAUL BADMUS
OFFICE ADDRESS: Central Bank of Nigeria,
Central Business District,
Cadastral Zone,
Abuja, Federal Capital Territory,
Nigeria.

TEL: 001234-01-4328033
0012347032032230
Email: paulbadmus_desk@live.com
IMPORTANT NOTICE.

Note: we are on investigation and security watch over any message with Central Bank, to benefit the satisfaction of all the United States Citizen by seeking to wiretap scams on the internet with the help of Nigeria Government and also with the assistance of all United states Citizen, by listening to the instructions we give out to avoid falling for SCAMS on INTERNET.

All modalities has already been worked out even before you were contacted and note that we will be monitoring all your dealings with them as you proceed so you don’t have anything to worry about, All we require from you henceforth is an update so as to enable us be on track with you and the Central Bank of Nigeria, without wasting much time, will want you to contact them immediately with the above email address so as to enable them attend to your case accordingly without any further delay as time is already running out.

Should in case you need any more information’s in regards to this notification, be free to get back to us so that we can brief you more as we are here to guide you during and after this project has been completely perfected and you have received your contract fund as stated.

Thank you very much for your co-operation in advance as we earnestly await your urgent response to this matter.
Best Regards,
Robert S. Mueller III
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001, USA internet.securitys_federalbureauofinvestigation@live.com

(Thanks to Jeff)

POSTED BY SUNBELT SOFTWARE BLOG