Bank of America Spam Email

This is a very popular format for the Bank of America spam email. The spammers are trying to lure you into clicking on a link to take to Bank of America’s online banking. The link you are actually clicking on which as shown in the picture of the email below is not exactly a “Click here to sign in to Bank of America Online Banking”

The link actually goes to a Click here to Sign in <h t t p ://w w w . stu d iora .ru/ boa /index.htm>  to Online Banking to reactivate your Bank account now.

Note: The URL above has spaces added

Bank of America spam

The content of the email is as follows

Read the rest of this entry »

Comments (20)

Pay Pal Fraud Email

Another one of the Pay Pal fraud emails floating around. The PayPal fraud email has a subject line of “Message from support, please confirm your information!”

The spammer doesn’t even try to obfuscate their email address with the reply email going to a address. Following is the content of that Pay Pal Fraud email which tries to lure a potential PayPal customer into clicking the link in the email which is a spoof of the PayPal website. Once you enter your username and password, you just gave away your PayPal account to the fraudster.

Pay Pal Fraud Email content

Dear PayPal Member,

As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.

Case ID Number: PP-392-735-806

This is a reminder to log in to PayPal as soon as possible.

Read the rest of this entry »

Comments (31)

How to remove Powered by Zedo popups

If you are plagued with the annoying pop-up windows which say “Powered by Zedo”, I wrote an article on, describing in detail how to remove these Powered by Zedo popups.

These powered by zedo ad popups would usually launch in Internet Explorer or your default browser which might be Firefox  and open up advertisements linking to auctions on Ebay or open up other advertising sites. This spyware also tracks your browser history. So say, you have just been to, the spyware would launch a site relating to football.

Click here to go to the article on how to remove powered by zedo popups

Comments (9)

Generate a Strong Password using the Password Chart

I think I came across one of the best strong password generators on the Internet at Password Chart. Picking a strong password is very important. A strong and secure password should go beyond just a simple number such as passw0rd where you replace the o with a zero(0) or a special character in the end such as password!. However, when you have to go picking numbers, special characters for a strong password of more than 7 characters, it can become hard to remember such a strong password.

For using the password chart, enter any common phrase you might use or known to you. For example, I used the phrase “the ipod rocks“. Now, using this phrase, the password chart generates a chart for you. If you are online, you can enter a password you wish to convert using this chart. You can enter a simple word or words here. For example, I used the word “zune” as a password I wished to convert to generate a strong password. I end up with a strong password of “%^Ed8u63G“. Once you generate a password chart, you can also print it out and use it for generating other strong passwords without the need to access the internet.

strong password generator

Read the rest of this entry »

Comments (52)

Generate secure Passwords using the Enigma Code Machine

The Enigma was a rotor machine used by the German Military during WW II to encrypt messages they sent to each other. It was invented by German Engineer Arthur Scherbius in 1923. The Enigma Code Machine consisted of a plugboard, three rotors and a reflector which redirected the electrical current. Each letter entered by a keyboard was matched by an encrypted letter by closing an electrical circuit which was reconfigured after each entry.

We need to use secure passwords for our everyday computing. So how about using the Enigma Code Machine to generate secure passwords for us. Dr. Frank Spiess helps us out here with a very good flash Enigma Code Machine.

A brief example: Open the machine window, click on the “Input:” textbox and enter “c” on the keyboard. The plugboard leaves C as C while highlighting the specific wire in red. The electrical current then moves to the rightmost rotor, that is, to its letter A. A is then connected to B. The current enters the middle rotor, that connects G with R. The third (leftmost) rotor maps V to I. In the next step, the reflecor maps B to R. Then the current moves way back along the green wires through the rotors back to the plugboard, where Q leads to Q. As a result, we have the encryption of C to Q. If you now enter “c” again, you see that in this case it yields G! This is because the rightmost rotor moves one step to the left before a letter is entered.

So, click here to access the Flash Enigma Code machine built by Dr.Frank Spiess

In my example of a secure password, I enter a simple plain text of “securityblog”. This plain text is converted to a cipher text by the Enigma Code Machine resulting in a secure password of “BMGNHOIPWRNB”

generate password using enigma

Read the rest of this entry »

Comments (30)

Compromised University Server being used to send out Spam

When I investigated further trying to pinpoint the source of the UK Lottery Scam email, I discovered this that a University server was compromised and in turn was being used to send out spam emails.

Return-Path: <>
Received: from ( [])
by with ESMTP id b2si6730331rvf.2007.;
Fri, 10 Aug 2007 20:50:32 -0700 (PDT)
Received-SPF: neutral ( is neither permitted nor denied by domain of client-ip=;
Received: from localhost ( [])
by (Postfix) with ESMTP id 2B654C278C6;
Fri, 10 Aug 2007 20:48:00 -0700 (PDT)
Received: from
( []) by (Horde MIME library) with HTTP; Fri, 10 Aug 2007
20:47:58 -0700
Message-ID: <>
X-Priority: 3 (Normal)
Date: Fri, 10 Aug 2007 20:47:58 -0700
To: undisclosed-recipients:;
Subject: YOU WON
User-Agent: Internet Messaging Program (IMP) H3 (4.0.4-RC2)


1. Google is hosting the email of this university

2. Spammers are sending out mail from a university email server that of or Westmont College in California, USA to send out a UK Lottery Scam EMail

3. Does this mean we are dealing with a hacked email account of a Westmont student, a hacked email server of Westmont College or is the an open relay server which spammers can use to bounce email of and make it appear as if the email was coming from Westmont College.

Nearly all of the internet-connected computers that send email are controlled by spammers, according to Return Path, a company that compiles email reputation data.

Of the 20 million IP addresses that send email and are tracked by Return Path, only 0.9 per cent have earned a reputation score that will allow their emails to be delivered to Return Path clients. About 2.5 per cent encounter problems such as spam traps or having garnered too many complaints. But 96.7 per cent score so badly the sending computer is likely to be a hacked PC, the company said.

Spam makes up almost 75 per cent of all messages sent today, according to email security service Postini.

This email needs further investigation. I will follow up on this.

I just received a mail from the Associate Director of IT at Wesmont College

Read the rest of this entry »

Comments (23)

UK National Lottery Scam

UK National Lottery Scam or UK Lottery Scam is gaining popularity among spammers these days who specialize in scam email and scam fraud. You might have heard about Nigerian Scammers among many others.

I have previously blogged about Microsoft Lottery Award email scam which was one of the most popular articles on my blog.

In this article I am going to share with you the generic content of the UK National Lottery Scam or the UK Lottery Scam

Uk National Lottery
PO Box 42 Peter borough
SE15 2UD

Ref: BTL/491OXI/04
Batch: 12/ 25/0304


This is the official result of the UK 2007 LOTTERY PROGRAM. held on 5th. of August, 2007. Your e-mail address drew the winning lucky numbers:04, 05, 16, 19, 21, 49 & 20. You have therefore been approved to claim a total sum of
£500.000.00(G.B.P) in cash credited
To file for your claim please kindly provide the following informations and send it to our Fiduciary Agent who shall clear you as a winner

1.Full Name:……………………………………………………..
4.Age:…………………….Date of
6.Phone:……………Phone 2:……………….Fax:……………..
7.State of Origin:………………….Country:……………………

contact our claims agent below.
Mr.Alen Foster

Brian Hunt
On line Coordinator
The Uk National Lottery

Comments (201)

Computer Security Tips and best practices

Protecting yourself is very challenging in the hostile environment of the internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses, and exploit them to gain access to your most sensitive secrets.

They can even use your computer to store data like stolen credit-card numbers or child pornography, or to attack another innocent home user or business from your system.

Here’s Kevin Mitnick’s Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.

#1. Back up everything! You are not invulnerable. Catastrophic data loss can happen to you — one worm or Trojan is all it takes.

#2. Choose passwords that are reasonably hard to guess — don’t just append a few numbers to a no-brainer. Always change default passwords.

#3. Use an antivirus product like AVG or Norton, and set it to update daily.

#4. Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.

Read the rest of this entry »

Comments (16)

Video of NBC Dateline Reporter Fleeing DEFCON

An Associate producer of Dateline, a NBC show, Michelle Madigan tried to attend this year’s DEFCON psing undercover where she registered as a programmer and came to the annual Hacking/Security conference with a hidden camera hoping to get some hidden scoops for her show.

However, there was one small problem. DEFCON has a strict rules prohibiting media from photographing or videotaping without approval. Another Michelle was never really undercover. The organizers of DEFCON got a tip off from a mole at NBC that she was showing up posing undercover. So the organizers politely tried to give her a press pass which she repeatedly refused. So the geeks took it into their own hands.

The organizers in a conference in between held an impromptu “spot the undercover reporter”. Madigan fled, much to the delight of the convention attendees who mocked her all the way to the parking lot. Check out the video below.

Read the rest of this entry »

Comments (27)

Kevin Mitnick’s Business Card

Uber Hacker turned Security Expert Kevin Mitnick has a business card that definitely goes with his high profile image. Kevin Mitnick is now a professional computer consultant (doing business as Mitnick Security Consulting, LLC), and has co-authored two books on computer security: The Art of Deception (2002), which focuses on social engineering, and The Art of Intrusion (2005), focusing on real stories of security exploits.I would highly recommend “The Art of Intrusion” which I got when in the second year of my grad school in a security class of Dr. Richard Ford

Meanwhile, check out Mitnick’s business card filled with images of various lock picking tools … the art of “prying out information” definitely Kevin’s speciality. You can learn about Kevin Mitnick here

Kevin Mitnick's Business Card

Comments (36)

« Previous entries Next Page » Next Page »