MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2005

MA-097.112005: MyCERT Special Alert - Circulation of New Fraudulent Emails

Original Issue Date: 14th November 2005
2nd Revision: 15th November 2005

MyCERT received several reports from local Financial Institutions since 11th November 2005 and over the weekend regarding the circulation of a fraudulent email. Copies of the emails as received by users are attached below for precautions purposes.

========Copy of the Fraudulent Email=============

From: Verification [mailto:BobbyBickfordbffxhnz@redhotant.com]
Sent: Friday, November 11, 2005 12:25 PM
To: xx@rhbbank.com.my
Subject: rhbbank.com.my ID: xx@rhbbank.com.my

De?ra? rhbbank.com.my M?bme?er,

We mu?st? chec?k that? your? rhbbank.com.my ID was registe?red by rea?l
peo?lp?e. So, to h?elp? rhbbank.com.my prev?ent aut?o?mated
r?igistrations, pleases? c?lick? on this lin?k and complete code?
verification? proc?se?s:

http://rhbbank.com.my/6jUu53chTZ8FCM775ReOcjbpVKeKQhZeBkxBH7NCNApCZaV3M4V1FNl7d6s15wq2
9-%62%69%6e%09/%70%6f%63h/%72edi%72.cg%69?s=rhbbank.com.my>

Thank you.

===============================

=========Copy of the Fraudulent Email==============

From: Verification [mailto:AdrienaBurgezptwzma@utvinternet.com]
Sent: Saturday, November 12, 2005 5:01 AM
To: XX
Subject: bankislam.com.my ID: xx@bankislam.com.my

Daer bankislam.com.my Merebm,

We mtsu chcek thta yuor bankislam.com.my ID was regitsered by real peolpe.
So, to hepl bankislam.com.my prenevt auetamotd renoitartsigs, paelse clikc
on thsi lkni and copmlete code verificaoitn prosecs:

http://bankislam.com.my/weWxE5vkgOt12E3dQD3i7F5eftnt56zt0eEN2qpUEoU423tLDvXI1qek9a2o97i9

Tnahk you.

============================

MyCERT had analysed the email and our analysis indicates the above emails are fraudulent emails, which are currently circulating within our constituency. The fraudulent emails requests users/recipients to login to the links attached in the email.

Once clicked on the link given in the email, it re-directs to the site hosted on a domain named www.standartza.com. Currently, the particular domain could not be accessed as the server hosting it is down and as such there is currently low impacts.

However, if the particular domain manage to resolve successfully in the future, there is a possibility it may attempt to install a malicious codes to a user's machine, browsing the site attached in the emails.

As a precaution against such activities, MyCERT advises the followings:

  1. Do not click on any links or attachments received via emails or messages. Do not respond to the email and delete the email received immediately.

  2. All PCs/machines must be patched accordingly with latest patches.

  3. Users must make sure their PCs are installed with personal firewalls and updated versions of anti-virus or anti trojan software.

  4. Install pop-up blocker at your browsers using i.e. Google Toolbar, Yahoo Toolbar.

  5. Users who are using Windows XP are advised to upgrade to Service Pack 2 as it comes with pop-up blocker.

    Service Pack 2 for Windows XP, can be downloaded:
    http://www.microsoft.com/windowsxp/sp2/default.mspx

  6. MyCERT advise users who receive any such emails to report to us or to the respective Financial Institutions for analysis and verification purposes.

  7. System administrators may consider to block these emails at their email gateways.

MyCERT can be reached for assistance at:

Tel: 03-89961901
Fax: 03-89960827
Email: mycert@mycert.org.my
Web: http://www.mycert.org.my/report_incidents/online_form.html
SMS: 019-2813801