ACH Spam With Malware Attachment

The spam filters have been busy over the last couple of days, with a number of Emails with the title of ACH NOTIFICATION and ACH Payment [Number] Rejected. In each case the email contains an attachment purporting to be a self extracting PDF file.

Of course, on closer examination the supposed self extracting PDF file is a malware down-loader, no doubt ready and waiting to connect you to one or more bot nets. This is a common scenario with a spammed-out trojan down-loader triggering the execution of multiple pieces of malware on the unwitting user’s computer. In this case, Sophos anti virus detects the file and identifies it as Mal/BredoZp-B. For a detailed analysis of the activities of the spam payload, see the article on the ACH spam campaign by M86 security labs via the link below.

Automated Clearing House (ACH) is an electronic network for financial transactions in the United States. As usual with this type of spam and associated malware, ACH have no connection with the email, so there is little point in blocking the sender’s address, in our case ach.01 at nacha.org.

Once again our advice is that you should not open any unexpected emails, or unsolicited attachments, as in this case it will attempt to infect your Windows computer. Just press delete and double check that your anti-virus software is up to date.

Resources relating to ACH Spam With Malware Attachment:

Using Meta Tags For Search Engine Optimization

One of the most common spam contacts we see in the inbox these days are dubious offers to get our various websites and blogs to number one on Google for our chosen keywords. It sounds like that would be something that might be worth paying money for, so why do the SEO offers leave us cold?

What is Search Engine Optimization?
As most web users will already know, Search Engine Optimization (SEO) is the process of improving the visibility of a website or a web page in Internet search engines so that it appears higher in the search results. So surely an offer to promote your website or blog and optimize it so that it appears top in a Google search must be worth investing in? Well actually No! At least not from the spammers anyway.

Instead, let us look at a couple of often under used features of HTML, Meta Tags, which you can use to help the search spiders index your blog correctly, and optimize your site for your chosen keywords, without resorting to dodgy underhanded tactics or wasting money and time on get rich quick schemes promoted by spam email.

Using Meta Tags For Search Engine Optimization
If you are using your website or blog as a business vehicle then there are probably some key words which you hope that people will enter into the search engines when looking for your product or service. Similarly, when people find your site on Google, then make sure that the description of the site that appears is exactly what you want people to see.

Include Meta Tags
Include meta tags for the name of your site and a description of the page as part of the page code. If you are not editing the site code yourself, tell your web developer to include Meta Tag Description and Keywords on at least the homepage. Alternatively, if you are using a WordPress theme like Atahualpa, you can enter the Homepage Meta Description, and Homepage Meta Keywords in the Configure SEO in the Atahualpa Theme Options under Appearance.

Meta Tag Description
Including a description for your site provides some control over the way it appears in the Google search results. This should be 1 to 3 sentences, with about 20-30 words in total. For example, to ensure that Google list the keywords we are looking to link to this blog we have the following Meta Tag Description which appears in the page head, but is not displayed to the users:

content="TechCoSupport help Small and Medium Businesses (SME) grow through Web Marketing, Social Networking, SEO and AdWords Management in Bristol, UK "

The Google bots scan this when they index the site, and this results in the following entry in the Google search listing:
TechCoSupport Web Marketing image

This is the description that we want people to see when they look at our site in the listings, and it means that people who want to find out about Web Marketing, Social Networking, SEO and AdWords Management in Bristol can find us!

Meta Tag Keywords
Keyword optimization is simple to achieve, but can lead to improvements in your site ranking, particularly if you are writing about the keyword on your page. Including Keywords meta tags in you page gives the search bots a heads up in linking the page content to things that people are likely to search for. This should 10 to 30 words or phrases, separated by comma, and should relate to the content of your web page.

Say you are are looking for people to find your site when they enter the keyword Web Marketing. The search spiders should find Web Marketing in the invisible meta tags which show up in the page code, in your page content and possibly in the site URL too. This consistency and congruency between the Keywords Meta Tag and content is good for you page ranking.

However, be careful not to to just include keywords for the sake of having them, as they should relate to the page headings and description, and title. Avoid using tricks just intended to improve search engine rankings, as the techies behind search engines are on to all the tricks. A useful heuristic is to ask yourself if you are adding the tweak to benefit your users, or to fool the search spiders? The answer should always be that it makes it better for readers of your blog.

So to sum up Using Meta Tags For Search Engine Optimization:

  • Make sure you or your developer includes Meta Tags for both the site Description and Keywords in the Homepage at least.
  • Homepage Meta Description Limit to no more than 3 sentences, about 20 to 30 words total.
  • Homepage Meta Keywords Type 10 to 30 words or phrases, separated by comma.

To find out more on this subject from a reliable source, and so give you the confidence to delete the spam emails without another thought, click here to see Google Webmaster Quality Guidelines

Finally, here is a challenge to the spammers’ business model; if you are so good at SEO and Keyword Optimization, why do you need to resort to spam to attract new customers? If you really could do the job claimed, you would be beating off potential customers with a stick!

How To Improve Search Engine Rankings

The most common question we get asked when people find out about our SEO Marketing Services is usually “How Do I Improve My Search Engine Rankings?” Like we can tell you three things to do to your website to get it to the top of Google search rankings!

Well okay!

Three Things To Improve Your Search Engine Rankings
If you want to know the secrets of the SEO Marketing Gurus, you can spend a lot of money employing companies advertising SEO Marketing Services and Web Page Keyword Optimization services.

Alternatively, you can read the Google Webmaster Guidelines, and particularly the Quality guidelines. These guidelines are freely available, and if implemented on your site will help Google find, index, and rank your site. They include priceless gems like:

  • Make pages primarily for users, not for search engines. Make your pages readable and have useful content so that people want to read what you post. If they are attractive to humans, and make them want to come back, then the bots will give you a good rating. Search spiders are people too!
  • Keep the links on a given page to a reasonable number. This might not seem so obvious at first, but endless lists of links are difficult to read, and so should be avoided except in directories and of course your site index. Instead, make your blog a useful, information-rich site, and write pages that clearly and accurately describe your content.
  • Think about the words users would type to find your pages. Google provide plenty of tools to help you with this, so use the Google keyword tools to find out what people are searching for and make sure that your site actually includes those words within it.

So to find out even more ways To Improve Search Engine Rankings, use the Google tools provided, and follow the guidelines:
Google Webmaster Guidelines

WordPress Update Out Of Memory Error Fixed

Have you had a problem in upgrading your WordPress version on a website hosted on 1and1? This problem has been reported on sites hosted on both 1and1.co.uk or 1and1.com, but may occur on sites hosted with other providers too. It occurs when you attempt an automatic upgrade on a working WordPress site to elevate to WordPress 3.0 or greater.

WordPress Update Error
The first thing you know about the problem is an error part way through the automatic update process, which looks something like this:

Fatal error: Out of memory (allocated 28835840) (tried to allocate 3981531 bytes) in [Blog root path]/wp-includes/class-http.php on line 1426

According to numerous postings on other sites, this appears to relate to PHP memory allocation on shared servers, although checking the memory_limit on one of our problem sites using phpinfo() gives a much higher value than the problem scripts appear to require.

The error messages are not always the same, but samples which have been seen include:

  • Fatal error: Out of memory (allocated 28835840) (tried to allocate 3981531 bytes) in [Blog root path]/wp-includes/class-http.php on line 1426
  • (similar message) in [Blog root path]/wp-admin/admin.php on line 40
  • (similar message) in [Blog root path]/wp-admin/includes/media.php on line 268

We host and support a large number of WordPress sites, most of which have upgraded without experiencing this problem. However, where it has occurred it is a challenge, as you should always update WordPress to the latest version to ensure that any security fixes are installed.

After trying a number of suggested cures unsuccessfully, including

  • Setting memory_limit = 48M in php.ini (No difference)
  • Editing the file with the error to add ini_set(’memory_limit’, ‘48M’); (No difference)
  • Adding define(‘WP_MEMORY_LIMIT’, ’64M’); to wp-settings.php. (Yep! No difference)
  • Adding a line php_value memory_limit 32M in .htaccess file (Which causes a fatal Internal Server Error)

WordPress Update Out Of Memory Error Solution
The fix for the WordPress Out Of Memory Error, on the problem site at least, was to disable all the installed plugins, and then carry out the automatic upgrade again. This time it ran like a dream, and the site was back in order once the plugins had been re-enabled, with WordPress 3.2.1 installed.

The only regret in finding the solution is that we did not disable the plugins one at a time, in order to see which one was the trigger. However, on a working site with a large following, that extra delay it did not seem appropriate.

Thanks for this blindingly simple solution to the Out Of Memory Error when upgrading WordPress go to David Orlo at DavidOrlo.com.
Click here to see how he found the fix

Uniform Traffic Ticket Malware Spam

If you live anywhere except the City of New York you may have been surprised to receive an email recently, which claims to come from the New York State Department of Motor Vehicles. Even if you aren’t based in the United States, or even don’t drive a car, you may well see the posting which poses as a “Uniform Traffic Ticket” and says that you are charged with speeding at 7:25 AM on the 5th July 2011.

People may be tempted to open the attachment out of curiosity, or even alarm if they have been driving in New York City, but do not, or you may end up with a computer infected with malware.

However, the message is certainly not from New York State Police and the attachment does not contain a speeding ticket. In fact, the attachment contains a trojan that, if opened, can install itself on the user’s computer. Typically, such trojans are able to contact a remote server and download further malware that can steal information from the infected computer and allow criminals to control it from afar.

The email sender address has been reported as automailer.nnn, no-reply.nnn and info.nnn, all purportedly at nyc.gov. It goes without saying that the New York State Police and the New York State Department of Motor Vehicles have nothing to do with this email, and this should be treated as all Viruses and Spyware. The New York State Police Computer Crime Unit has issued a Hoax E-mail Alert dealing with the Uniform Traffic Ticket Malware Spam.

The attached file, which is called something like Ticket-O64-211.zip, Ticket-728-2011.zip, or just Ticket.zip, is designed to download further malicious code onto your computer and compromise your security. Sophos anti-virus products detect the malware payload as Mal/ChepVil-A, while the CyberCrime & Doing Time Blog identifies that the malware connects to a Russian domain and downloads files called “/ftp/g.php” and “pusk3.exe”.

The Uniform Traffic Ticket Malware Spam email is probably the work of a Botnet, which is a group of computers infected with malicious software and controlled as a group without the owners’ knowledge. The network of private computers, sometimes known as zombies or robots, run autonomously and automatically to send out spam emails to encourage users to open virus or Trojan infected attachments. This means that it is pointless blocking the sender, as the sender address is forged, and unrelated to the actual computer used to send the email.

We recommend that you delete the e-mail it and not forward it to anyone else. Make sure that you have active anti-virus software, and have your firewall switched on. Of course you should only open e-mails from familiar and trusted sources; if you really have been speeding in New York City, the New York State Department of Motor Vehicles will certainly find a way to let you know!

For further information on this subject:

Google Data Protection Audit Report Published

Have you ever seen the the ICO auditers? If your company was to receive a call from them, how well do think you would fare?

This week the UK Information Commissioner’s Office (ICO) has published an Executive Summary of its Data Protection Audit Report on Google, following the revelation that Google were inadvertently collecting wi-fi signals while mapping the country. According to their website, the ICO carries out consensual audits with data controllers to assess their processing of personal information.

Last year the ICO became aware that that Google Street View vehicles, which had been adapted to collect publicly available wi-fi radio signals, had mistakenly collected a limited amount of payload data, likely to include a very limited quantity of emails, URLs and passwords. Google agreed to facilitate a consensual audit by the ICO.

The framework that was included in the audit scope is as follows:

Framework: Google will conduct an internal assessment and provide a confidential written report (“Privacy Report”) to the Commissioner. This Privacy Report will analyze Google’s implementation of the privacy process changes it outlined on October 22, 2010 as it applies to Google’s UK operations. The Information Commissioner’s Office may then validate the Privacy Report’s accuracy and findings via an in-person meeting to review the Privacy Report at Google’s U.S. headquarters or at the offices of Google’s UK subsidiary. Google shall provide the Privacy Report to the Commissioner before such meeting.

Google has responded to the ICO report citing that the findings provided “reasonable assurance that Google have implemented the privacy process changes outlined in the Undertaking.” This was posted on the European Public policy Blog by Alma Whitten, Director of Privacy, Product and Engineering, whose appointment was announced on 22 October 2010.

While there are a few areas for improvement noted in the executive summary, there are none that would warrant the description of Earth shattering proportions. We would consider that any company that had been subject to a consensual audit by the Information Commissioner’s Office would be quite satisfied with the report. Knowing how good Google are at marketing, they will probably want to make capital out of it too.

Before we leap to judge Google, it is worth pointing out that in UK, the Data Protection Act 1998 requires every data controller who is processing personal information in an automated form to notify the ICO, unless they are exempt. Failure to notify is a criminal offense, and entries have to be renewed annually. If you are required to notify but don’t renew your registration, you are committing a criminal offense. Do you need to register?

If your company was to receive a visit from the Information Commissioner’s auditors, even with nine months notice like Google, how well do think you would fare? How many pieces of personal data has your company inadvertently collected over the years, and are still retaining for no legitimate purpose? Perhaps it would be worth a visit to the ICO website to find out if you need to do something now?

For more on the story:

Beware of Emails Bearing Gifts

Have you seen an email entitled UPS notification? Have you received an unexpected email telling you about a parcel sent your home address, when you have nothing on order? Do you feel excited at the thought of getting an unexpected gift?

Unfortunately, that is not a mysterious present in the post, but a piece of malicious software, or malware, called the UPS Notification Virus. This is an automated attempt to install a Trojan on your computer, which is a piece of software that would connect to a medium risk domain in Russia and subsequently download all manner of undesirable additions to your computer.

If you are fortunate enough to operate behind a corporate firewall and email gateway this will be intercepted by the mail scanning software, and all you will get is an email with the subject line something like: WARNING. Someone tried to send you a potential virus or unauthorized code. If you see this message you need to do nothing further; the threat has been eliminated by the software.

At home, if you have up to date anti-virus software installed, you may see the email with an additional marker like [Quarantined], or a message from the anti-virus software manufacturers indicating that the threat has been removed. In this event you need to do nothing further except keep your anti-virus software current.

However, if you access your email by a webmail client, and do not subscribe to an anti virus service, then you may see an email in your inbox with the subject of UPS notification. Preview of the email will show you something like this:

Dear customer.

The parcel was sent your home address.
And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.
© 1994-2011 United Parcel Service of America, Inc.

In this event, DELETE the email and do not attempt to open the attachment. UPS may sometimes send emails, but generally does not include attachments. If you see this email on a company computer then please additionally inform the local ICT helpdesk, to alert them so that they can investigate how the message reached you.

Remember

  • Only disclose your email address to known individuals and organizations
  • Only open email and attachments from known and trusted sources
  • If in doubt, check with your local IT department or support person if you are not sure that an email is genuine

Why We Should All Stop Using IE 6

It has been just about six months since we mentioned the dreaded IE6 in a blog post, so it is again time to let rip on the subject.

In this instance however, instead of just ranting about the state of senior management and decision makers who chose to ignore the problems caused by continual use of IE6, it is time to adopt a different tack! The way to change the way people think is to give them the facts and allow them to reach the conclusion themselves. Rather than berate, let’s educate!

To that end we are collecting sound reasons why any business, organization or government body tied to IE6 might like to consider moving away from the obsolete browser. If you like, we are quietly going to collect the facts for the business case for updating from IE6 to a better browser.

Just for starters, the three most common responses to the question “Why Should We All Stop Using IE 6?”we get from web developers are:

  • Security vulnerabilities which make it a target for crackers worldwide
  • CSS support is problematic (doesn’t support newer CSS and HTML features)
  • JavaScript support is Microsoft proprietary nonsense.

OK, we had to clean up the comments a bit to make them publishable!

Then from the user’s point of view, what about tabbed browsing? Tabbed browsing facilities makes users more productive as they can work more efficiently. But what other advantages to the users are there?

If you want to contribute to the business case for ditching IE6, is there anything you can you do? Well, you can start by sending us the list of your pet IE6 hates. If you are a developer, tell us the features that are missing in IE6 which hold back sites you are developing for your customers. If you are a user, forced by company policy to stay on IE6, what way are you disadvantaged? If you are a business with an Internet presence (and what business doesn’t?) how much extra does it cost you to maintain backward compatibility with IE6?

Are you still clinging to the mistaken belief that there is plenty of life in the old IE6 dog yet, then consider that IE10 is not that far away; The IE10 Platform Preview Guide for Developers provides an early look at the developer features coming to the next version of IE! Check it out and see the Internet Explorer Platform Preview Guide for Developers (opens in a new window).

Other anti IE6 sites and additional resources (all open in a new window):

To do your bit for humanity, post your constructive comments below and we will collate them and make sure that they are taken to the authorities responsible for holding on to IE6. Please don’t bother spamming, as spam comments will never be published.

Microsoft Offers Reward for Information on Rustock Botnet

In a further move against international cyber criminals, Microsoft has offered a reward of $250,000.00 reward for information that results in the identification, arrest and criminal conviction of those responsible for controlling the notorious Rustock bot-net.

Microsoft says that IP address infections of Rustock have reduced by more than 50% worldwide since the company took action in March. Microsoft took the infamous Rustock botnet down earlier this year alongside U.S. enforcement agents, and claims that it remains dead.

The Rustock botnet was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. The take down was part of Microsoft’s fight against illegal botnets, designed to stop the spread of malware and spam mail.

Anyone with information on the Rustock botnet or its operators should contact Microsoft at avreward@microsoft.com.

To find out more about Microsoft Offering a Reward for Information on Rustock Botnet, click here to see the post on the Official Microsoft Blog.

If you have missed previous TechCo Support posting about the fight against the menace of Botnets and the progress of the Microsoft Digital Crimes Unit please see:

Microsoft Reward Document

Quick Fix If Primary Domain Relationship Fails in Windows 7

OK! So you go to your Windows 7 machine and find that there is a problem which requires you to select the Repair option. After the usual wait, it reboots and presents the login screen after your three finger salute. You attempt to log on when you are presented with the message:

Trust Relationship Between This Workstation And The Primary Domain Failed

A possible cause of this problem is that Windows computers change their internal password every 30 days, and if you have had cause to roll back to a restore point before the last password change, then the local password and the domain password do not match. In this event the computer must re-join the domain. If you not a domain Administrator then you should contact your domain administrator to have the computer’s domain account re-created or re-enabled, as appropriate.

If you are a domain admin and there is a local account on the computer that you can use (it does not have to be an administrator), then there is a quick fix:

  • Log on to the local account
  • Right click on Computer and click Properties
  • Click on Change Settings, next to Computer name
  • Click on Change next to rename the computer or change its domain or workgroup
  • At the Computer Name/Domain Changes dialogue, check the Workgroup radio button and enter anything into the Workgroup textbox
  • Acknowledge the warning about rebooting
  • When back at the Computer Name/Domain Changes dialogue, check the Domain radio button and enter the domain short-name.
  • When prompted enter the domain credentials, then OK your way back to the System Properties page at which point you will be given the opportunity to reboot.
  • After rebooting enter the normal domain name which you would normally use, and Bingo! You are back in business.

There is a Microsoft Support article which refers to a slightly different way to generate this error message, which can be found under Article ID: 976494 – Error 1789 when you use the LookupAccountName function on a computer that is running Windows 7 or Windows Server 2008 R2. If the quick fix does not work for you, you can check out the article by clicking here

Hopefully the repair fixed your problem and as you are back in the domain, you will not see the message “Trust Relationship Between This Workstation And The Primary Domain Failed” for a while