There is zero chance that I would click on this box on a web page. Neither should you.

Its very common for malware to do a bit of social engineering, trying to convince users to download a plugin or application to view special content (especially videos). Its a really bad idea. The most dangerous malware you might face will record every keystroke you make (including your passwords) and send those keystrokes off to someone ready to hijack your accounts. Another type of malicious software will encrypt your computer files and demand payment to release them. Ransomware. This stuff is tough to detect and tougher to get rid of.

Oh yeah, in case you forgot, I work for a company that is very interested in computer security.

Digging into the web page code it appears to be an ad generated from The Rubicon Project, an online advertising platform. Might be legit, but certainly doesn’t look like it, especially the gobs of script code that is attached to the iframe.

This was seen on a Cheezburger site (can’t remember which one). No sane person should ever click on that. Never, ever.

The best advice I can give is to keep your OS and applications up to date, disable Java applets in your browser, and never download programs or plugins from sites you didn’t explicitly visit. And of course never open those files sent to you in email even if it appears to be from a close friend or family member. Spoofing email accounts is a common social engineering trick.

Lastly if you use Windows, upgrade to Windows 7 or 8. If you us Mac OS X, upgrade to 10.7 or 10.8. Really.

I was looking for something on walmart.com this morning. I don’t particularly want to shop at Walmart (I personally think it is a very bad idea to economically support Walmart) but I was looking for an example of 1/4″ automotive pinstripe tape to send to someone via email, and it seemed the big-box-store sites might have what I was looking for. They don’t have it, at least not on their website. I struck out at other places too, seems this kind of product is too trivial to put onto a website. Oh well.

Then I noticed the upper right corner of the walmart.com page containing the message “Welcome back, null. Not null?” (have a look at the picture I included above, and click the picture to see the full size version). This amused me and also reinforced the notion that programming is somewhat hard. The details matter. Or at least they should. Apparently not at Walmart though. You see, “null” is a value that is is programmer-speak for “no value available.” The programmers who create the walmart.com website apparently aren’t clever enough to test for this condition and respond appropriately. Dumb.

If you saw an item on eBay titled “$$ NEW IN BOX WII VIDEO GAME CONSOLE WHOLESALE LIST $$” that was listed for $99 USD would you buy one?

Likely you would if you are as smart as the average pet rock.

The seller (derek34786) posts big headlines such as “SAVE HUNDREDS OR THOUSANDS OF DOLLARS WITH THIS WHOLESALE LIST FOR WII VIDEO GAME CONSOLES”.

Here is the posting: don’t bother with this stupid offer.

The best part is reading the fine print towards the end of the listing. Statements such as “You are not getting what is pictured in the photo” and “Ignorance is not an excuse if you did not read or misread this auction” are strong indications of predatory behavior yet I suspect eBay will be powerless to stop such stupidity due to their own acceptable use policies.

As of 9pm there were nine bidders, with less than 10 minutes remaining. Idiots.

Today I received a spam that neither SpamAssassin or Mozilla Thunderbird caught. The title is “Business proposal for SHARE owners”. It contains the usual random word gibberish on the first and last lines but none of the image spam that has become so popular.

The primary text in this little gem contains an offer to create a “pump and dump” stock spam scheme for my company. The sender claims they have been operating in the U.S. market for three years with huge success, but “now it is getting harder and harder to work on US market”.

The spam’s claim of 200% increase seems wild until you read what the SEC is saying about these schemes. Remember this article? Joel Spolsky wrote an interesting article about this phenomenon a while back; its worth reading if you haven’t seen it before.

Back to the spam under the microscope: it also outlined their handling fee for such an amazing service: 10% of closing price times daily volume. There is no indication of how long this fee applies; maybe indefinitely, sort of like paying protection money to the mafia? There isn’t any offer of a refund the day-over-day share price decreases, but at least (I was assured) there was no upfront payment required.

The spam originated from the networks of ITnet S.p.A. of Genova, Italy. Most likely a hijacked computer that is relaying email.

Have you seen any really unusual or interesting spam recently?

I’ve made a couple of Wordpress themes myself (here and here) but nothing quite like this one. Check it out and maybe you’ll be as impressed as I was.

I think its really clever. Seen any other really good themes lately?