Archives for : MALWARE

Losses from reported Australian hacking victims quadrupled in 2016: ACCC


The Australian Competition and Consumer Commission (ACCC) has reported a four-fold increase in hacking scams, with AU$2.9 million lost to such activity in 2016, up from AU$700,000 in 2015.

According to Targeting scams: Report of the ACCC on scams activity 2016, businesses bore the brunt of these scams, with over half — AU$1.7 million — being attributed to businesses.

“While the digital economy presents many opportunities and efficiencies for businesses, it also presents significant risks,” ACCC deputy chair Delia Rickard says in the report’s foreword.

“Scams targeting businesses are becoming increasingly sophisticated using modern technology to make fake emails, invoices and websites appear legitimate to even the astute business person.”

While the digital age is hitting businesses in Australia, the report [PDF] highlights that consumers are also being affected by scammers, with digitisation providing the opportunity for scammers to try new tricks.

Online scams — those executed via the internet, email, social networks, and mobile apps — outnumbered phone-based scams in 2016, with an increase of 130 percent over 2015.

Elsewhere in the report, losses to online scams accounted for 58 percent — AU$48.4 million — of total losses, while social media was a particularly busy platform used by scammers to lure victims, netting losses of AU$9.5 million in 2016 compared with AU$3.8 million in 2015.

Of the social media scams, the most prevalent were related to online dating and sextortion, a form of blackmail in which compromising images of the victim are used to extort money.

Thousands targeted by ‘ransomware’ email scam which copies AGL Energy Bills

A destructive scam email that infects computers and holds them hostage has successfully targeted at least 10,000 Australians since it was detected this week, a cybersecurity analyst says.

The email, purporting to be from energy company AGL, sends a fake bill and prompts the recipient to click on a link to download a copy.

agl energy fake web page image

The fake AGL webpage that prompts users to download malware. 

It then saves a .zip file on the computer which, when extracted, locks the machine down using malware known as “ransomware”. The recipient is prompted to pay $US640 ($A880) to unlock it.

Raymond Schippers ​, a senior analyst at global cybersecurity firm Check Point, said once the file has downloaded ransomware such as Torrentlocker or Cryptolocker – sometimes spelled with 0 in place of o – the only way to get rid of it is to restore from a backup or to wipe the computer and start over again.

fake AGL invoice, containing a link to a virus image

A fake AGL invoice, containing a link to a virus, which is being sent to Australians. 

The fake AGL email has successfully infiltrated companies across Australia. It aims to get users to install the file at their work, where it could then cause widespread damage by gaining access to legitimate corporate emails which could be used to send the scam on.

“It’s across pretty much all kinds of sectors, from other utilities to education to finance, mining and resources, so it’s widespread throughout Australia,” said Mr Schippers, who has worked in online security for 10 years.

He said an analysis of the malware website by Check Point found at least 10,000 people had actually gone to the end of the download process, and were “very likely to have been infected”, while “many more” could have been affected.

The website used URLs such as “” or “” and would look legitimate to “most users”, he said.

ransom screen seen by those who download the infected .zip file image

However, there were several things that could tip off AGL customers that the email is fake.

When a recipient attempts to open it on their phone or on a Mac computer, it gives an error message and says to use a Windows computer, and the .zip file type is also suspicious.

“Realistically, if you open it on your iPhone and it says ‘this doesn’t work on an iPhone’, it probably isn’t a real website,” Mr Schippers said. “All the websites from all Australian utilities work on phones these days.

“The .zip file is another indication that it’s not usually a bill either. They usually don’t send bills as .zip files, they’ll send them as .pdf or something similar.”

Energy company AGL has acknowledged the scam, which it says “contains malicious malware that has potential to access personal information”.

In a statement, AGL said it had reported the scam to the Australian Federal Police, the government’s Scamwatch website, and to the Australian Competition and Consumer Commission.

The company said any customers who think they have received the email should delete it immediately, run antivirus software and add the sender to their junk email list.

“The scam email presents as an e-Account and asks readers to click on a link,” the statement said. “AGL advises it will never send an email asking for personal banking or financial details.

“Anyone receiving a suspicious email should delete it immediately or, if opened, not click on any links within the email. Anyone with concerns relating to this scam email should call AGL on 131 245 or contact Scamwatch on 1300 795 995.”

Even if the ransom is paid the malware will continue to monitor the computer, Mr Schippers said, recording keystrokes and mouse movements.

He said Australians accounted for 25 per cent of victims of malicious email attacks around the world, because “quite a number” of people continue to click on them and may have the cash to pay up.

“Australia seems to be very vulnerable to these kind of attacks,” Mr Schippers said. “It just relies on peoples’ nature to want to click on things and open things, so I would really just implore people to take a second to think about it before clicking on it.”


What to do if you’re infected:

  • check if your computer has any back-ups
  • consult with an IT professional and seek advice on what can be recovered
  • restore computer from back-ups or wipe it back to factory settings


Henry Sapiecha

Million victims worldwide of an International click-fraud bot strike

botnet-infections-world-map image

A botnet which has infected systems around the world counts almost one million victim PCs within its network, researchers say.

Bitdefender says that victims are mainly from India, Malaysia, Greece, the US, Italy, Pakistan, Brazil and Algeria.

Botnets are networks of PCs which have been infected with malicious software designed to take control of the system without the owner’s knowledge. This can lead to ‘slave’ PCs being forced to send spam or launch distributed denial-of-service (DDoS) attacks against web domains, but controllers may also redirect slave PC users to malicious domains.

Another feature of botnets is altering PCs to change where traffic goes in the quest for ad clicks. If the operator tampers with internet configuration settings, they can forward searches to third-parties which manipulate search engine results to push users towards pages injected with ads that generate money for the cybercriminals.

One botnet which has been in operation since 2014 has managed to spread across country borders and is now potentially earning vast amounts of fraudulent revenue for the group, having infected at least 900,000 PCs worldwide.

In a blog post, researchers from Bitdefender said the botnet is based on the Redirector.Paco Trojan, which often finds its way onto systems as bundled software with installers for popular applications such as WinRAR or the YouTube Downloader.

The malware is added to legitimate installers through specialized tools.

If an unwitting victim uses the installer, they are infected and their PC now belongs to the network.


Henry Sapiecha


malware_1043-screen-pic image

Malware scammers will upload a video to social media, or offer “free” music, movies, torrents, or adult content – often via a pop up window.

When you attempt to watch the video, you’re asked to download a particular codec or program to access the format, infecting your computer with malicious code that steals your information and sends it to a third party.

Likewise, ransomware is a form of malware that locks your computer or files and demands payment be made in the digital currency ‘bitcoin’ to receive the virtual key for their release.

The latest scams include a phoney subpoena from the AFP asking you to download your case files, or appear to be a shipment confirmation from Australia Post, to collect a parcel.

In short:

  • Never open attachments from strangers, or click through links on social media that require you to log onto another site to view. Look for reputable news services, rather than unknown web links.
  • Be wary of free downloads that may install snooping programs without you knowing. Remember if the product is free, you’re what’s being sold.

    Remember that paying the ransom is still no guarantee that your computer will be unlocked, so it’s a good idea to always back up your files, in the unfortunate event you can no longer access them.

  • And finally, make sure your computer anti-virus and anti-spyware software is up to date.

    If you notice your computer is sluggy, you get lots of pop-up windows that are hard to close, or your browser looks different, disconnect from the Internet and talk to the pros.

Now if you’ll excuse me, I’m off to reverse Google image search some photos!


Henry Sapiecha