ACH Spam With Malware Attachment

The spam filters have been busy over the last couple of days, with a number of Emails with the title of ACH NOTIFICATION and ACH Payment [Number] Rejected. In each case the email contains an attachment purporting to be a self extracting PDF file.

Of course, on closer examination the supposed self extracting PDF file is a malware down-loader, no doubt ready and waiting to connect you to one or more bot nets. This is a common scenario with a spammed-out trojan down-loader triggering the execution of multiple pieces of malware on the unwitting user’s computer. In this case, Sophos anti virus detects the file and identifies it as Mal/BredoZp-B. For a detailed analysis of the activities of the spam payload, see the article on the ACH spam campaign by M86 security labs via the link below.

Automated Clearing House (ACH) is an electronic network for financial transactions in the United States. As usual with this type of spam and associated malware, ACH have no connection with the email, so there is little point in blocking the sender’s address, in our case ach.01 at nacha.org.

Once again our advice is that you should not open any unexpected emails, or unsolicited attachments, as in this case it will attempt to infect your Windows computer. Just press delete and double check that your anti-virus software is up to date.

Resources relating to ACH Spam With Malware Attachment:

Using Meta Tags For Search Engine Optimization

One of the most common spam contacts we see in the inbox these days are dubious offers to get our various websites and blogs to number one on Google for our chosen keywords. It sounds like that would be something that might be worth paying money for, so why do the SEO offers leave us cold?

What is Search Engine Optimization?
As most web users will already know, Search Engine Optimization (SEO) is the process of improving the visibility of a website or a web page in Internet search engines so that it appears higher in the search results. So surely an offer to promote your website or blog and optimize it so that it appears top in a Google search must be worth investing in? Well actually No! At least not from the spammers anyway.

Instead, let us look at a couple of often under used features of HTML, Meta Tags, which you can use to help the search spiders index your blog correctly, and optimize your site for your chosen keywords, without resorting to dodgy underhanded tactics or wasting money and time on get rich quick schemes promoted by spam email.

Using Meta Tags For Search Engine Optimization
If you are using your website or blog as a business vehicle then there are probably some key words which you hope that people will enter into the search engines when looking for your product or service. Similarly, when people find your site on Google, then make sure that the description of the site that appears is exactly what you want people to see.

Include Meta Tags
Include meta tags for the name of your site and a description of the page as part of the page code. If you are not editing the site code yourself, tell your web developer to include Meta Tag Description and Keywords on at least the homepage. Alternatively, if you are using a WordPress theme like Atahualpa, you can enter the Homepage Meta Description, and Homepage Meta Keywords in the Configure SEO in the Atahualpa Theme Options under Appearance.

Meta Tag Description
Including a description for your site provides some control over the way it appears in the Google search results. This should be 1 to 3 sentences, with about 20-30 words in total. For example, to ensure that Google list the keywords we are looking to link to this blog we have the following Meta Tag Description which appears in the page head, but is not displayed to the users:

content="TechCoSupport help Small and Medium Businesses (SME) grow through Web Marketing, Social Networking, SEO and AdWords Management in Bristol, UK "

The Google bots scan this when they index the site, and this results in the following entry in the Google search listing:
TechCoSupport Web Marketing image

This is the description that we want people to see when they look at our site in the listings, and it means that people who want to find out about Web Marketing, Social Networking, SEO and AdWords Management in Bristol can find us!

Meta Tag Keywords
Keyword optimization is simple to achieve, but can lead to improvements in your site ranking, particularly if you are writing about the keyword on your page. Including Keywords meta tags in you page gives the search bots a heads up in linking the page content to things that people are likely to search for. This should 10 to 30 words or phrases, separated by comma, and should relate to the content of your web page.

Say you are are looking for people to find your site when they enter the keyword Web Marketing. The search spiders should find Web Marketing in the invisible meta tags which show up in the page code, in your page content and possibly in the site URL too. This consistency and congruency between the Keywords Meta Tag and content is good for you page ranking.

However, be careful not to to just include keywords for the sake of having them, as they should relate to the page headings and description, and title. Avoid using tricks just intended to improve search engine rankings, as the techies behind search engines are on to all the tricks. A useful heuristic is to ask yourself if you are adding the tweak to benefit your users, or to fool the search spiders? The answer should always be that it makes it better for readers of your blog.

So to sum up Using Meta Tags For Search Engine Optimization:

  • Make sure you or your developer includes Meta Tags for both the site Description and Keywords in the Homepage at least.
  • Homepage Meta Description Limit to no more than 3 sentences, about 20 to 30 words total.
  • Homepage Meta Keywords Type 10 to 30 words or phrases, separated by comma.

To find out more on this subject from a reliable source, and so give you the confidence to delete the spam emails without another thought, click here to see Google Webmaster Quality Guidelines

Finally, here is a challenge to the spammers’ business model; if you are so good at SEO and Keyword Optimization, why do you need to resort to spam to attract new customers? If you really could do the job claimed, you would be beating off potential customers with a stick!

How To Improve Search Engine Rankings

The most common question we get asked when people find out about our SEO Marketing Services is usually “How Do I Improve My Search Engine Rankings?” Like we can tell you three things to do to your website to get it to the top of Google search rankings!

Well okay!

Three Things To Improve Your Search Engine Rankings
If you want to know the secrets of the SEO Marketing Gurus, you can spend a lot of money employing companies advertising SEO Marketing Services and Web Page Keyword Optimization services.

Alternatively, you can read the Google Webmaster Guidelines, and particularly the Quality guidelines. These guidelines are freely available, and if implemented on your site will help Google find, index, and rank your site. They include priceless gems like:

  • Make pages primarily for users, not for search engines. Make your pages readable and have useful content so that people want to read what you post. If they are attractive to humans, and make them want to come back, then the bots will give you a good rating. Search spiders are people too!
  • Keep the links on a given page to a reasonable number. This might not seem so obvious at first, but endless lists of links are difficult to read, and so should be avoided except in directories and of course your site index. Instead, make your blog a useful, information-rich site, and write pages that clearly and accurately describe your content.
  • Think about the words users would type to find your pages. Google provide plenty of tools to help you with this, so use the Google keyword tools to find out what people are searching for and make sure that your site actually includes those words within it.

So to find out even more ways To Improve Search Engine Rankings, use the Google tools provided, and follow the guidelines:
Google Webmaster Guidelines

WordPress Update Out Of Memory Error Fixed

Have you had a problem in upgrading your WordPress version on a website hosted on 1and1? This problem has been reported on sites hosted on both 1and1.co.uk or 1and1.com, but may occur on sites hosted with other providers too. It occurs when you attempt an automatic upgrade on a working WordPress site to elevate to WordPress 3.0 or greater.

WordPress Update Error
The first thing you know about the problem is an error part way through the automatic update process, which looks something like this:

Fatal error: Out of memory (allocated 28835840) (tried to allocate 3981531 bytes) in [Blog root path]/wp-includes/class-http.php on line 1426

According to numerous postings on other sites, this appears to relate to PHP memory allocation on shared servers, although checking the memory_limit on one of our problem sites using phpinfo() gives a much higher value than the problem scripts appear to require.

The error messages are not always the same, but samples which have been seen include:

  • Fatal error: Out of memory (allocated 28835840) (tried to allocate 3981531 bytes) in [Blog root path]/wp-includes/class-http.php on line 1426
  • (similar message) in [Blog root path]/wp-admin/admin.php on line 40
  • (similar message) in [Blog root path]/wp-admin/includes/media.php on line 268

We host and support a large number of WordPress sites, most of which have upgraded without experiencing this problem. However, where it has occurred it is a challenge, as you should always update WordPress to the latest version to ensure that any security fixes are installed.

After trying a number of suggested cures unsuccessfully, including

  • Setting memory_limit = 48M in php.ini (No difference)
  • Editing the file with the error to add ini_set(’memory_limit’, ‘48M’); (No difference)
  • Adding define(‘WP_MEMORY_LIMIT’, ’64M’); to wp-settings.php. (Yep! No difference)
  • Adding a line php_value memory_limit 32M in .htaccess file (Which causes a fatal Internal Server Error)

WordPress Update Out Of Memory Error Solution
The fix for the WordPress Out Of Memory Error, on the problem site at least, was to disable all the installed plugins, and then carry out the automatic upgrade again. This time it ran like a dream, and the site was back in order once the plugins had been re-enabled, with WordPress 3.2.1 installed.

The only regret in finding the solution is that we did not disable the plugins one at a time, in order to see which one was the trigger. However, on a working site with a large following, that extra delay it did not seem appropriate.

Thanks for this blindingly simple solution to the Out Of Memory Error when upgrading WordPress go to David Orlo at DavidOrlo.com.
Click here to see how he found the fix

Uniform Traffic Ticket Malware Spam

If you live anywhere except the City of New York you may have been surprised to receive an email recently, which claims to come from the New York State Department of Motor Vehicles. Even if you aren’t based in the United States, or even don’t drive a car, you may well see the posting which poses as a “Uniform Traffic Ticket” and says that you are charged with speeding at 7:25 AM on the 5th July 2011.

People may be tempted to open the attachment out of curiosity, or even alarm if they have been driving in New York City, but do not, or you may end up with a computer infected with malware.

However, the message is certainly not from New York State Police and the attachment does not contain a speeding ticket. In fact, the attachment contains a trojan that, if opened, can install itself on the user’s computer. Typically, such trojans are able to contact a remote server and download further malware that can steal information from the infected computer and allow criminals to control it from afar.

The email sender address has been reported as automailer.nnn, no-reply.nnn and info.nnn, all purportedly at nyc.gov. It goes without saying that the New York State Police and the New York State Department of Motor Vehicles have nothing to do with this email, and this should be treated as all Viruses and Spyware. The New York State Police Computer Crime Unit has issued a Hoax E-mail Alert dealing with the Uniform Traffic Ticket Malware Spam.

The attached file, which is called something like Ticket-O64-211.zip, Ticket-728-2011.zip, or just Ticket.zip, is designed to download further malicious code onto your computer and compromise your security. Sophos anti-virus products detect the malware payload as Mal/ChepVil-A, while the CyberCrime & Doing Time Blog identifies that the malware connects to a Russian domain and downloads files called “/ftp/g.php” and “pusk3.exe”.

The Uniform Traffic Ticket Malware Spam email is probably the work of a Botnet, which is a group of computers infected with malicious software and controlled as a group without the owners’ knowledge. The network of private computers, sometimes known as zombies or robots, run autonomously and automatically to send out spam emails to encourage users to open virus or Trojan infected attachments. This means that it is pointless blocking the sender, as the sender address is forged, and unrelated to the actual computer used to send the email.

We recommend that you delete the e-mail it and not forward it to anyone else. Make sure that you have active anti-virus software, and have your firewall switched on. Of course you should only open e-mails from familiar and trusted sources; if you really have been speeding in New York City, the New York State Department of Motor Vehicles will certainly find a way to let you know!

For further information on this subject: