OFFICIAL SECURITY BLOG

A Friday Round-Up

February 28, 2014 | BY

Here’s a short round-up post for you, with news snippets and things to be aware of as we bring the week to a close.

google

1) The Google Scraper Report page is in the news, which allows webmasters to report sites to Google which swipe their content and end up with a better search result than the original content creator. The articles I’ve seen reference the page as being a new invention, but there are stories from back in 2011 referencing the same thing so I think this is more of a reminder from Matt Cutts than a “look what we just made”. All the same, if you see your content popping up on spam blogs and the like then feel free to visit the Scraper Report and submit your comments.

Out you go?

2) Emails which claim to be notices of eviction are doing the rounds, and they come with an attachment of malware which is likely being updated with each fresh wave of spam (thanks to MrTom for sending this over).

The mail reads as follows:

From:
To:
Subject: Move out notice
Date: Wed, 26 Feb 2014 12:46:29 -0500

Urgent notice of eviction,

We have to inform you about the eviction proceedings against you and the decision of the bank to foreclose on your property.
As a trespasser you need to move out until 25 March 2014 and leave the property empty of your belongings and any trash. Please contact our office without delay to make arrangements for a move out.
If you do not do this, you could be simply locked out of your home.

Detailed bank statement as well as our contact information
can be found in the attachment to this notice.

Real estate agency,
Chloe Mason

The malware has been covered in detail by my good friend Kimberly over at Stop Malvertising. Users of Malwarebytes Anti-Malware will find we detect the executable attached to the above message as Trojan.Downloader. This scam relies on the initial shock and panic of seeing such a message overriding the self-preservation instincts of the intended victim. Don’t fall for it!

meme related caption goes here

3) Here’s a site offering up free Dogecoins, in return for filling in a survey. The more surveys you fill, the more coins you apparently receive. Each offer / install has a different value next to it.

The site asks you to follow the survey steps, which involves either handing over personal data to third party marketers / companies, and / or installing programs which will likely be bundled with things you may not have wanted in the first place.

Once you’ve finished, they ask you to use the “Contact Us” form which requires an email address, name and Dogecoin address (to send you your coins).

With the recent Mt Gox implosion, you may well have been considering a leap over to another digital currency. The site above may well hand out Dogecoins to those filling in the surveys / installing software, but participants should be fully aware of what they’re signing up to, what they’re installing and who they’re handing their data over to.

If, at that point, you’re happy to trade that off for a possible Dogecoin bonanza then ride that meme all the way to the moon.

Christopher Boyd