Turn Around Business Development Group, INC

So I got this call from this guy yesterday,
Voicemail from:”this guy” at 1:34 PM

Hi John, I’m leaving some very important information in your box is. And with the with the C D in it and it as a letter of explanation so. If you will look it over and read the letter and get back to me. I would appreciate it. Thank you.

So i’m kind of curious but ok.. I went by to pick up the envelope and in there was a note from Pastor, and what looked like a cd printed with some office depot cd printing software. Not a very professional first impression. A logo of “Turn Around Business Development Group, INC” and “BI.T.S”, Binary IT Solutions and a number, 702-233-2487

Also was a card entitled “Website Start-Up Info”
The card is basically a welcome letter “to bring increased exposure to your business”

So i pop the cd in my mac and besides the fact that there was just an autorun on it for pc, (not like i want some strange cd autoruning anyway) I saw what looked like a complete website site’s source files. The best i can piece together, this company came to that guy and said that they would make a new website for him. and this is it. I’m not quite sure how to describe it so i’ll just show you what they sent. Note, this was designed to be published as it. they seam to think this is a complete and accurate site ready for the world to see. In the application from the company they even asked for our current site’s ftp info. (perhaps they wanted to push this content themselves?)

No where in any of their documentation did they mention their own website or other sites they had created. So I googled them to see what i could find.
This one was one of my personal favorite results.

It just goes to show that before you enter into a business deal with anyone, be sure and do your homework. You don’t need a private investigator, just google.

over the river and on the wall…


I got a facebook wall-to-wall from someone i’ve never gotten a face book message from before.  Being the overly suspicious person i am, i queried the domain name,

Domain name:
      BV Dot TK
      Dot TK administrator
      P.O. Box 11774
      1001 GT  Amsterdam
      Phone: +31 20 5315725
      Fax: +31 20 5315721
      E-mail: abuse: , copyright infringement:
   Domain Nameservers:

I then looked at her wall and saw that she posted similar messages to over 20 other people’s wall.. each with a similar message..


with one of these three variants:
This seems like a good deal, what do you think? www.bk9wh.tk
Do you know anyone that has tried this? www.bk9wh.tk
Do you think this stuff works? www.bk9wh.tk

The link takes you to a redirect that then reinfects you with the same bug and on and on it goes. 

Common Sense:  Don’t click on links directly, and especially not suspicious ones from someone you know wouldn’t send you one otherwise. 

Facebook assuming you want to share your information

Under account, Privacy Settings, Applications and Websites you’ll find a new option:


Facebooks states:

Allowing instant personalization will give you a richer experience as you browse the web. If you opt-out, you will have to manually activate these experiences. Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application. Learn more.

By default they have this option ON.  If you don’t want your information automatically shared with 3rd party sites uncheck this option.

Sometimes it’s like they aren’t even trying

This was in my inbox today…


The email address it was sent to isn’t the email address i use for my fb account.  And seriously, is there any legitimate use for zip files inside of email anymore?

Common Sense:  Don’t even bother with zip files as attachments in email messages.  If you need to move data try dropbox or iFolder or some other transport system.

My wife pointed out that facebook wouldn’t address me as “Dear user of facebook” they would say “Dear John”, they wouldn’t sign it “Your facebook”, and they would ask me to log in and change my password, not send me a new password.

Facebook’s gone phishing

I just got this group message from someone i know (but never gotten a message from before)


asking me to go “check out this interesting article”  DANGER WILL ROBINSON.  This is a common way of saying let me scam your money.

Their wasn’t a link on this but a typed out website.  So i typed that website which was a spoof from a common reputable news source. With a character added to the address.  Firefox immediately told me not to go any further, it was a scam.  Ok.. so i tried on IE (because i knew it wouldn’t block me) and this is what i saw.

facebook scam2

They scraped the site from the reputable news agency, and added some links “Google Pay Day” Which takes you to what looks like a very well done version of an advertisers page.  Allot of time and money went into this one.  Obviously they are making quite a bit from it to justify the expense.  Don’t be fooled into adding to their pockets.

Common Sense: If something looks suspicious, take extra caution to be sure your getting what your want to get to.  Only use websites you recognize, not only by look but by URL too.

The actual site seams to be owned by someone in China.  (Darn Chinese Hackers (inside joke))

Registrant Contact:
053182149514 fax: 053182149514
JN SD 250019
Administrative Contact:
053182149514 fax: 053182149514
JN SD 250019
Technical Contact:
053182149514 fax: 053182149514
JN SD 250019
Billing Contact:
053182149514 fax: 053182149514
JN SD 250019
Created: 2010-03-30
Expires: 2011-03-30

Update: 4/11/2010 Got the same message today this time asking for Local8News.net but the same scheme.

Is my antivirus actually working?

as more and more people become aware of all the bad things out there in the tangled mess of the interweb, most people just take for granted that their antivirus software is actually working.

virus-pendriveI have a stock pile of known virus’s but they are not what i would want to use to test an otherwise healthy computer with, hence the EICAR test virus is the perfect solution.  Back when i first started using EICAR it stood for European Institute for Computer Antivirus Research.  Now EICAR is just known for their name as an security company rather than just AV.

You can download the test virus’s from their website,


The signature of the file is designed to set off any virus and label it as the EICAR Test-Virus but no actual harm is done to your computer if the antivirus doesn’t catch it.  It does give you the chance to see if your antivirus is actually working and picking up treats.

Even my sister has joined the bad guys.

not willingly i hope though.  Got this email from her a few moments ago.  It was from someone i knew so i didn’t hesitate to open and investigate further. 

Image of infected email

The email was also CC’d to other friends and family members i knew.  It had these three thumbnails with links.  I didn’t recognize the people in the images.  There were not actual embedded attachments (kind of odd) i checked the link to see if it would actually go to an image and found it wanted to take me to:


Taking me to a Russian website.  At the time i attempted to investigate the site further it was being overwhelmed by request to try and access that site.  Those poor souls…

Common Sense People:  If your not expecting people to send you files, be weary.  If it looks suspicious.. it probably is.

Banking in my sleep?

I must have done it in my sleep because i don’t ever remember opening a checking account with Yorkshire Bank. Come to think of it.. i don’t even know where to find my local Yorkshire Bank. 


This should be the first sign of a bogus email.  But for those who actually DO have a Yorkshire account it may appear legitimate.  Clicking on the link does not take you to the bank however.  It goes


FireFox, Chrome blocked the site, IE reported it as unsafe but brought it up

The site would then ask for your customer number, your password, all three of your security questions and answers as well as your email address.  After entering such information and submitting would take you to the actual bank’s site, http://www.ybonline.co.uk/personal/ib-logout  but by then, it’s probably to late.  you’ve just give all your sensitive information to the Russians. 

Common sense: If you bank does send you an email, log on to your banks site yourself.  don’t use any enclosed links.  That way you know your not being directed somewhere else without your knowledge.

The IRS is emailing me now?

I doubt the federal government would ever become that efficient.


no paypload in the email itself.. but a few things to notice on this one.  my email address isn’t in the to.  The website at first glance looks like irs.gov but it’s actually eawsqu.pl registered to a guy in Germany:

DOMAIN: eawsqu.pl is releasing after termination
created:                2010.03.31 13:08:04
last modified:          2010.03.31 18:02:42
expiration date:        2010.04.05 18:02:42
no option
Key-Systems GmbH
Prager ring 4 – 12
66482 Zweibrücken 
+49 6332791850

Firefox gave me a big red warning when trying to visit the site.  I much rather like FF’s warning rather than IE’s


IE let the site come up but a tiny warning in the title bar



Telling me that the website may be unsafe.  The site then ask users to download an EXE.  I wonder what that could do…

Another case where common sense goes a long way. 

UPS delivers everything, even virus’?

Well, they might deliver bio hazards but not via email.  Here’s a letter i got this evening.


symantec let the file go right through the email.

extracted the zip,


scanned the file again with symantec and


doubled check the date on my definitions.  they are current.  I’ll test it against sophos tomorrow and see what they say.