Visa Scam Email Circulating

The spam filters are currently picking out a Visa Scam Email circulating at the moment which is claiming that your card has been blocked for security reasons. If your email browser will render the html, it looks something like this Visa Scam Screenshot:

Visa Scam Screenshot
Visa Scam Screenshot

Analysis of the content shows a hyperlink which claims to point to, but in fact is a link to an IP address in the Republic of Korea. Launching the link will only get you a page that looks like this:

Visa Scam Link Screenshot
Visa Scam Link Screenshot

If you have received any of this type of email, and want to find out where the masked link is actually pointing, you could try looking it up via However, the best advice with this scam is to press delete, and save your mailbox space.

We Can All Tackle Violence At Work

Just read a great post called Tackle Violence At Work, which outlines legislation relating to violence and bullying at work, and serves as a reminder that violence takes many disguises, including non-physical bullying.

According to Bully Online, the motive common to all bullies is a personal need to control others. Half of all bullies are women. Women bullies target women 84% of the time; men target women 69% of the time, making women the majority of targets in the workplace. The vast majority of bullies (81%) are managers and bosses. The common personality traits of targeted employees are individuals with a:

  1. desire to cooperate
  2. non-confrontational interpersonal style

To ensure that we can all identify the symptoms, and understand the need to deal effectively with bullying in the workplace the Tackle Violence At Work article includes:

  • five main pieces of health and safety legislation which are relevant to violence at work
  • five things to consider before any incident of violence occurs
  • five links to useful resources, including victims support organizations

Every individual reacts differently to bullying behavior, depending on their personality and life experiences. Most victims of workplace bullying will experience at least some of the following effects:

  • Stress, anxiety, sleep disturbance
  • Ill health, headaches, heart palpitations, or fatigue
  • Panic attacks or impaired ability to make decisions
  • Incapacity to work, concentration problems, loss of self-confidence and reduced performance at work
  • Depression or sense of isolation
  • Deteriorating relationships with family, friends or co-workers

Violence at work can take many forms, and the bullying can be quite subtle and covert. In some cases the perpetrator may be a manager who does not even understand that their behavior really is bullying. What passes for management style, may just be another way of glossing over bulling behavior, which is just another form of violence at work. Do you know anyone who is:

  • Obsessed with the past
  • Has low expectations of everybody
  • Constantly interfering, dictating and controlling

These are often symptoms of someone with a low self esteem, one of the characteristic of most bullies. Do you know anyone who behaves like this? They may not even know that they exhibit these characteristics, or be aware that these are subtle symptoms of a bullying manager. You may recognize these traits in your manager, or someone close to you. You may even know them intimately! How about:

  • Favors weaker employees, recruits henchmen and toadying types
  • Inconsistent, always critical, singles people out, shows favoritism
  • Withholds information, releases selectively, uses information as a weapon
  • Includes and excludes people selectively
  • Exhibits hypocrisy and duplicity

Obviously we would never apply these characteristics to ourselves! But are there any behaviors we display which other people might incorrectly attribute to us? Once again these are classic signs of a workplace bully, which may masquerade as a distinct management style.

Finally, as managers, how about some out and out management behaviors which unquestionably separate a bully from a good manager:

  • Recruiting only like minded individuals (back to henchmen and toadying types, and identifying with clones)
  • Abdicating responsibility in the guise of delegation
  • Being economical with the truth, using dissembling, distortion and fabrication to avoid telling the truth, such as bad news

Recognize anyone there?

Bullying at work cost UK industries a great deal, although the specific amounts vary depending on the source. On thing is clear, bullying is a form of violence, and must not be tolerated at work. If we learn to identify the signs in others and ourselves, we can all tackle violence at work, and make the workplace safer more productive environment.

Additional resources to help with bullying and violence at work:

Max Rebo Band Website Live

The featured Blog this week is Max Rebo Band Website, which is a WordPress site using the default Twenty Eleven 1.2 theme. Kudos to Rich Pegler, the band’s drummer and webmaster, who has set this great site up from scratch. This just shows you the flexibility of WordPress out of the box, and the Max Rebo Website is a good place to see what is possible.

Max Rebo are a great four piece band, based in the area around Bristol and Weston-super-Mare, who are described as the best covers band this side of the galaxy. You may have guessed from the band name, and other Star Wars references that there is a theme to the website. May the Force be with you; this is the band you are looking for! Along with the usual band Biog, Events Discussion Board and Shop, there is a Media section where you can hear and download some of the original tracks penned by Max Rebo, as well as some of their great covers.

Once you have visited the site, you may be wondering how Rich has managed to achieve all the features, just using standard WordPress plugins. Along with Mingle Forum, ShareThis, Status Press Widget, Widget Twitter VJCK, WPaudio and WP Photo Album Plus the site uses:

  • Events Manager, which is an Event registration and booking management plugin for WordPress. Allows recurring events and shows locations, with links to google maps.
  • Flash MP3 Player JW2.3, a user friendly MP3 Player widget which you can add to your sidebar. You edit the playlist through the intuitive options page.
  • GRAND Flash Album Gallery provides a comprehensive interface for managing photos and images through a set of admin pages,
    with a very professional feel.

A great band from the southwest, with an interesting WordPress implementation. Click here to visit the Max Rebo Band Website

Bredolab Botnet Still Active

More Tax Payment malware news today, with a resurgence of the Bredolab botnet.

Our MessageLabs Anti-Virus Service reported a suspicious email, similar to the Tax Spam Malware Warning yesterday. The message title once again was Your Tax Payment ID [Random Number] is failed

This time Symantec reported it as Trojan.Bredolab, which is a likely resurfacing of a Bredolab botnet.

The Bredolab botnet was partially dismantled in November 2010 through the seizure by Dutch law enforcement agents of 143 command and control servers, effectively removing the botnet herder’s ability to control the botnet centrally. Although the botnet’s size and capacity has been severely reduced by the law enforcement intervention.

A PC infected with Bredolab shows a number of effects as the malware:

  • Downloads more malware on to the compromised computer
  • Lowers the security settings on the infected computer
  • May result in file deletion

If your anti virus software or mail gateway informs you that it has detected Bredolab, follow the instructions and do not open any affected files. To make sure that your machine does not get infected keep your anti virus software switched on and the signatures up to date.

Further resources

Tax Spam Malware Warning

The spam filters are currently working overtime catching dubious email messages about tax payments having failed. As you might expect, this is a Tax Spam Malware Warning, so take care before opening anything that tells you that Your Tax Payment failed.

This email, which purports to be from US tax payment service Electronic Federal Tax Payment System (EFTPS), claims that the recipient’s tax payment has been rejected due to a submission error. The message, which includes a sender address and link that are seemingly valid EFTPS addresses, asks the recipient to click a link in order to review details about the error.

Obviously the email is not from the EFTPS, and the link in the message has been disguised so that it appears to point to the genuine EFTPS website. In fact, it is a phishing scam designed to steal personal information from recipients. A sample of the email appear below:

Your Tax Payment ID [random number] is failed

Your Federal Tax Payment ID: 32127292 has been rejected.
Return Reason Code R21 - The identification number used in the Company Identification Field is not valid.

Please, check the information to get details about your company payment in transaction contacts section:

attach name = report.18653.pdf

In other way forward information to your accountant adviser.
The Electronic Federal Tax Payment System
PLEASE NOTE: Your tax payment is due regardless of EFTPS online availability. In case of an emergency, you can always make your tax payment by calling the EFTPS.

Attempting to open the attached file will result in a malware loader executing. This is detected by Sophos Anti-Virus as ‘Virus/Spyware Mal/FakeAV-OQ.

The gramatical errors should give you a clue to the bogus source of this Tax Spam Malware. Do not click on any links in this email or download any attachments. Flag as spam and press delete!

Malware Scripts Added To Websites

A couple of our customers have experienced hacks to their websites this last week, with malicious code (or malware) added to several pages. Normal visitors to the site have a little extra script added when they load the page, which good antivirus software will identify as a malware script. Kaspersky Labs identifies the Trojan loader as Heur: Trojan Script Generic, which is a generic Trojan loader identified by a heuristic algorithm. Alternatively, it may be identified as as Blackhole Exploit kit by other AV products.

Analysis of samples of the inserted code show some common strings, which can be used to find the script on an infected website. This appears to have been inserted by an automated script loader, probably a bot using brute force to guess FTP passwords.

< b o d y>< d i v id="w3stats">
< s c r i p t language="JavaScript" type="text/javascript">
=== Script Link and other code removed ===
< / s c r i p t >< / b o d y >< / h t m l >

A quick Google search reveals that quite a few sites have had this little addition. If you find that you have been infected, carry out the following actions as soon as possible:

  • Search the code on each page for the string “window.w3ssss”
  • Remove the offending code from all of the pages where it has been installed
  • Change all your site passwords, including FTP
  • Monitor the site regularly for reinfection

Thousands of website owners are unaware that their sites are hacked and infected with malware scripts. Here are a few useful links to help: