Viruses, worms, trojans and other stuff

Tuesday, February 28, 2006

Dutch police arrest suspected email scam gang

Dutch police have arrested 12 Nigerians suspected of being part of a gang who conned more than $2 million from unsuspecting Americans in an email scam designed to trick people into investing in non-existent money-making schemes.

According to a police statement, the gang sent more than 100,000 emails to potential victims, enticing them to hand over money advances.

Authorities detained the dozen suspects following police raids in Amsterdam and Zaandam, seizing computers, bank statements, forged passports and 25,000 Euros in cash.

"Many email users will be used to receiving dodgy sounding business propositions in their inbox, promising them a fortune. These schemes, however, only make money for the criminals behind them," said Graham Cluley, senior technology consultant for Sophos. "Everyone needs to be careful not to fall for this kind of confidence trick, or they could find themselves penniless."

The con-trick, commonly known as a 419 scam, are named after the relevant section of the Nigerian penal code where many of the scams originated and are unsolicited emails where the author offers a large amount of money. Once a victim has been drawn in, requests are made from the fraudster for private information which may lead to requests for money, stolen identities, and financial theft.

The four principal suspects will face extradition charges to bring them to the United States. The other eight are expected to stand trial in The Netherlands.

Wednesday, February 01, 2006

Nyxem: New disaster?

It turns out, the numbers of Nyxem worm infectees may be very inflated. Antivirus companies are basing the numbers on a counter on a web that the worm calls into when it infects. Each hit on that website ups the tally by one. The problem is, several antivirus companies published the URL used by the Nyxem worm in their virus descriptions. The URL is also listed in different SNORT rules. And each time someone visit the site to get the latest count, their visits also get counted in the tally. The end result: it is impossible to tell how many computera might really be infected with the Nyxem (aka Blackmal, Kama Sutra) Internet worm. Chances are, the very high numbers are nothing more than the result of curious users visiting the site to see the tally.