If you get an email that looks like the following, do not click on the link. There’s nothing wrong with our webmail, and we never need to email you and ask for your password. Our spam filter has been picking this up, so not many people will actually see it.

Regards,

Kirk

.

There is a malware (malicious software) threat that can affect all Mac OS X systems.  Users running with Administrator level accounts with Safari set to open safe files automatically are particularly at risk.  This program pretends to be an AntiVirus program for Mac OS, but isn’t really.  If you see this on your screen, close it immediately:

MacDefender Malware Screenshot

Those responsible for spreading the malware are exploiting users’ interest in late breaking news about Bin Laden’s death, however, other avenues are possible.

For more information see the following bulletins:

http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/

http://isc.sans.edu/diary.html?storyid=10813

Tags: MacOS, Malware.

Attn: Mail-Box User Quarantine Notification:

This is to inform you that the www.netidea.com Web Mail is migrating to a new spam filtering service, which improves the ability to identify and block spam,“phishing” attempts and other undesirable messages  that flood our email system on a daily basis. and also a mail box user quarantine exercise is currently going on. we are carrying out a (inactive email-accounts / spam protecting) clean-up process to enable service upgrade efficiency.

Please be informed that  we  will delete all mailbox account user that do not adhere to this notice. You are to provide your email account details as requested by Clicking Here for Quarantine exercise and  protection against spam and for secure upgrading.
This will confirm your www.netidea.com Mailbox login/usage Frequency):

— – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
—- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
Secure by Design Service.
Copyright © 2010 Secure by Design. All rights reserved.

.

The Norton Safeweb service is presently identifying our site as having a “Malformed container violation“. Clicking on their link to read about this threat does not contain any useful information.  I am presently exchanging some emails with the staff  at Symantec to determine what the problem is.  It seems to have a problem with our RSS feed, at: http://www.secure-by-design.com/feed/

I uploaded the feed file to VirusTotal, an online service that will scan a file using multiple antivirus products.  It did not detect any problems. Neither did AVG’s Linkscanner.  Here are the VirusTotal Reports:

• Report from 5 link analysis tools
• Report from the file scanne

One possibility is that our feeds include some examples of phishing and virus infected emails, which might be the trigger. Or there is an invalid html tag or code in the feed itself.

Unless Norton can produce some concrete evidence of an infection that I can verify with another tool, I am treating this a false alarm.

.

Another scam email is making the rounds today.  Delete the message ‘Final Warning!!! We Will Delete Your E-mail Account.. So Update.’ on sight.  A common feature of these scams is the email appears to be from @netidea.com, but the Reply To address is not.

Here’s an example:

Date: Wed, 15 Sep 2010 07:57:01 +0300 (EEST)
Subject: Final Warning!!! We Will Delete Your E-mail Account.. So Update.
From: "Net Idea." <info@netidea.com>
Reply-To: chenguandesk@aol.com

Dear Email Account User,

We are advising you to change the password on your email account in order
to prevent any unauthorised account access following the network
instruction we previously communicated, all Mailhub systems will undergo
regularly scheduled maintenance. Access to your e-mail via the Webmail
client will be unavailable for some time during this maintenance period.

We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old email accounts which are no longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.

In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.

Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth  **************)
Future Password  **************)(Option)

Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed your account details
to us.

We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing
more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.

COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.

.

The following message is a fraud, they’re just looking for your password, but you knew that right?

From: NETIDEA WEBMAIL ACCOUNT <nana@cebridge.net>
Subject: ACCOUNT UPGRADE / MAINTENANCE. REPLY BACK.
Reply-To: nana@cebridge.net
Date: Fri, 18 Jun 2010 08:31:18 -0400

We are currently performing maintenance for all our NETIDEA CUSTOMERS
WEBMAIL ACCOUNT. We intend up grading our WEBMAIL Security Server for
better online services. In order to ensure you do not experience service
interruption, Please you must reply to this email immediately and enter
your password here () and username (). Check out your new features and
enhancements with your new and improved webmail account, To enable us
upgrade your mail Account for better online services please reply to
this mail. Thank You for Using our WEBMAIL ACCOUNT.

.

Delete the following messages on sight, as they are bogus emails.  They are fairly suspicious looking.

The first one contains a link to a suspicious settings.exe file. The link below has been modified to prevent problems, you do not want to download that file.

From: "netidea.com support" <abolishingsn@rivieramail.com>
To: <nobody@netidea.com>
Subject: netidea.com account notification
Date: Mon, 26 Apr 2010 20:25:03 +0800

Dear Customer,

This e-mail was send by netidea.com to notify you that we have temporanly prevented
access to your account.

We have reasons to beleive that your account may have been accessed by someone else.
Please run this file and Follow instructions:

http://mailservicessss DOT bravehost DOT com/settings DOT exe

(C) netidea.com

The second includes an attached PDF file (doc.pdf) that is infected with a virus:

From: "customersupport@netidea.com" <customersupport@netidea.com>
To: <user@netidea.com>
Subject: setting for your mailbox are changed

SMTP and POP3 servers for user@netidea.com mailbox are changed. Please carefully read
the attached instructions before updating settings.

<doc.pdf>

.

The following message is in fact a scam. We never email to ask you for your password.  The big tip is that the reply-to address goes to an address that is not one of ours. This is a common sign of fraudulent emails.

Is Monday over yet?

Date: Tue, 01 Dec 2009 06:29:36 +0800
From: "Net Idea Telecommunications Inc." <webmaster@netidea.com>
Reply-to: supportdesk@programmer.net
To: undisclosed-recipients:;
Subject: EMAIL UPGRADE NOTICE!!!

Account Department!

Net Idea Telecommunications Inc.

Upgrade/Maintenance All netidea.com Email Accounts

We regret to announce to you that we will be making some system maintenance on
our netidea.com Webmail account. During this process you might have
login problems in signing into your netidea.com Webmail account, but to
prevent this you have to confirm your account immediately after you
receive this notification.

To confirm and to keep your netidea.com webmail active during and after
this process, please reply to this message with the below netidea.com
Webmail account information. Failure to do this might cause a permanent
deactivation of your netidea.com Webmail account from our data base to
enable us create more spaces for the 2009 session.

Send your netidea.com Webmail account for confirmation stating:

* netidea.com ID:
* Password:
* Date of Birth:

Your account shall remain active after you have successfully confirmed
your account details. We thank you for your prompt attention to this
notification.

Please understand that this is a security measure intended to help protect
your netidea.com Webmail account.

We apologize for any inconvenience.

Net Idea Telecommunications Inc.
ACCOUNT SUPPORT

.

We’ve seen 2 separate phishing emails sent out over the weekend. They are both very similar and ask for your username and password. The emails are sent from email@info.com, but replies will go to rest777@att.net. These are fairly obvious scams. What these criminals want is your username and password so they can use your email account to send out spam.

We will never email you to ask for your password. Ever.

Read the rest of this entry »

.

There are a number of emails making the rounds today claiming to be an updated Facebook user account agreement. These emails contain an attached zip file containing a trojan horse type virus. Do not open the attachment and delete the message on sight. Here are some examples:

Read the rest of this entry »

.