We’ve all heard it – “Have any nude pictures of your wife? “Want to buy some?” It’s an old joke, but the Internet has given the “ Want to buy some?”, new meaning.
Straight from the headlines here in Canada – Judge temporarily off bench over online sex photos. Since this women is an Associate Chief Justice, I suppose the idea that one could view her (absent her clothes), on the Internet, makes this a titillating newsworthy event. I won’t get into the whole story here, but there’s a 67 Million dollar lawsuit involved.
In the broader sense though, it’s not much of a story. The particulars in this case may be unusual, to some extent, but the concept certainly isn’t. Google – “pics of your wife”, and be prepared for 262,000,000 links. I must admit, I was taken aback with the sheer volume of the results. It seems as if nude wife pictures has a certain cachet!
It’s no surprise then, that Cyber-crooks continue to use the “pictures of your wife” social engineering email hook, to entice potential victims to click on an email containing a link to that all time spamming champion – Canadian Pharmacy, which is (no surprise here), controlled by a Russian botnet.
So, what would you have done if you had received the following email in your inbox this morning? Would you have been curious enough to read the email shown below – including clicking on the enclosed .jpeg.
Hello,
I apologize for my frankness. I’m sorry for not being able to speak to you in person, but I can only talk to you via email and I feel obliged to notify you to open your eyes, you are being betrayed.
I know it is difficult to prove, but every picture tells a story, I’ll send you these pictures so that you can see it with your own eyes. Take care…a big hug
From a good friend who is very fond of you
View photos here
As part of what I do, I occasionally follow emails like this all the way down the trail. And, in this case, I ran both the attached .jpeg, and the site, (before opening either one), through VTzilla, an Internet Browser malware checking add-on. The initial 7 engine scan showed the site to be safe. A follow-up scan with all 43 engines produced the same result – a safe site.
OK, that was cool – Firefox, Google Safebrowsing, Opera, Paretologic, Phistank, and TRUSTe, amongst others, gave this site a clean bill of health. So, I should have felt confident in opening this site, right? Well, not quite. There was one problem – I KNOW this is an unsafe site!
On attempting to open the site though, WOT, another Internet Browser security add-0n, intercepted the connection and overlaid the following warning.
Clicking on the “View rating details” button, gave me the following site information.
Here’s the point of all this:
Do NOT open titillating, or salacious emails, no matter how tempting.
Do NOT trust to a single Browser security add-on to protect you on the Internet. Any statement to the contrary is sheer BS. No such single tool exists.
I encourage you to add WOT to your Browser. For more information on this critical add-on please read – Safe, Secure Browsing, with Free WOT Browser Add-on, on this site.
For a listing of additional Browser add-ons, please read – An IT Professional’s Must Have Firefox and Chrome Add-ons, on this site.
In the final analysis, in this particular case, no harm was done. I can of course, look forward to a barrage of spam email, directed at my honeypot email account, from this botnet.
I should point out however, that of the five emails (with the heading “Your wife’s pics”), I’ve tested in the last six months, three downloaded Trojans to my test machine.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
###
Hi Bill ~ an insight into the status of the Man in the marital home follows…
I googled (.co.uk) & here are my results in descending order:
“nude pics of your wife” 313k
“nude pics of your girlfriend” 253k
“nude pics of your dog” 5
“nude pics of your cat” 5
“nude pics of your husband” 2
“nude pics of your boyfriend” 2
Depressing ~ my mutt gets more hits than I do 🙂
Peace’n’Love ~ Nightjar
###
Hey Nightjar,
LOL!! Thanks for a good laugh.
The results say something about us, alright.
Best,
Bill
Hi Bill,
Thanks to the marvels of digital technology, I, as a bachelor, also got these pictures of the wife I don’t have. Great fun for security-obsessed Internet users to pit their defenses against such attacks and see how things develop.
All others, please use webmail and delete before downloading.
All the best
Georg
Hi Georg,
As a confirmed bachelor, I can join you in this. Still, I have to laugh when I get this sort of thing.
Best,
Bill
Hey Bill,
I haven’t seen that email yet, but I know I would treat it with the contempt it deserves.
In a similar vein, just last night I was running Advanced System Care when some crapware popped up, something called Zwinky, some type of Avatar rubbish linked to MyWebSearch or something like that. On looking it up on Google, WOT rated it very bad. I tried an experiment, disabled WOT, and then ClearCloud blocked it. So your point of not relying on one Browser security addon is spot on.
I’m not sure how this crap popped up on my machine but the fact I was running ASC without any browser opened worried me enough that I uninstalled it.
Cheers
Hey Mal,
I can tell you that Advanced System Care was not responsible – at least not directly. Advanced System Care, when running, will open an Internet connection in the background (like most such programs), unless the Firewall is set to disallow so called “trusted” programs, from connecting. Which is why, my personal setup demands all programs ask permission, at least the first time they attempt a connection. I can then make a decision. As you know, any application where “check for updates” is turned on, will also automatically connect to the Net.
You may have MyWebSearch toolbar on you’re system (installed surreptitiously), which, when it senses a connection, does the dirty (it’s main purpose is to act as a tracker). This is a possibility only – since it’s difficult to be sure without a system audit.
Run HijackThis to see if you get any references that look similar to this –
R3 – URLSearchHook: (no name) – {00A6FAF6-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
If you do, use Add/Remove Programs, or better yet, Revo Uninstaller to get rid of it.
Reboot, and run HijackThis again to be sure it’s gone.
Best,
Bill
Hey Bill,
I ran all my scanners after I saw this thing pop up, including Hijack this and Spybot S&D. All is well, there was nothing untoward on my system. As I said, I wasn’t sure if ASC was responsible, it just seemed weird that this rubbish kept popping up only when I opened ASC.
Maybe something was hanging around in the cache. It disappeared once I cleared the cache. I guess I’ll never know, but the good thing is, all is clear now.
Thanks for the advice.
Cheers
Great news Mal!
It was just a guess really – weirder things have happened. On the other hand, I knew that you would have done all the right things. That’s what makes you a pro.
Excellent move on clearing the cache, BTW. That’s a very good lesson/pointer, for less experienced readers.
Best,
Bill
Hi Bill,
Another problem you can have is, is your less sophisticated significant other happens to look in your email and see’s pics from some hot sounding women, opens them thinking she has totally busted you and voila you’re computer is hosed.
Happened to a friend of mine, at least his wife minds her own business and became more computer literate in one expensive lesson.
Mark
Hey Mark,
I can’t help but chuckle at this one. I’ll wager that happens more often than some might think.
Great story with an important lesson. Thanks.
Best,
Bill
Hi Bill
Great blog full of excellent advice as always. Not only do we get great tips from you but your fellow pros add their experiences too. Invaluable for us computative types.
Kind regards
John
Hi John,
Comments, since they can often be an extension of an article, are very important. Even comments that disagree, can open up additional areas for discussion – always a good thing.
Best,
Bill
Bill,
Great article… Amazing the bait the cybercriminals use. They should be psychologists!
Sort of off track, but to interject some humor here: Reminds me of one time, years ago, I was helping someone with a problem on their PC and “nude pics of his wife” jumped out at me… Needless to say the pics weren’t pretty and I haven’t been right since : )
Rick
Hey Rick,
LOL! I must admit, that I’ve come across a nude pic a time or two, while working on friends’ machines. One of the first things I do then is, introduce them to TrueCrypt.
“They should be psychologists” – I have NO doubt, that the more sophisticated criminals responsible for the *”Here you have virus*currently ravishing the net, have used socially aware input – psychologists, or the like.
Have a great weekend.
Bill