If you receive an email along the lines of the following:

(Please forward this to your CEO, because this is urgent. Thanks)

We are the domain name registration service company in China. On July 24, 2017, we received an application from Jiarui Ltd requested "winnershtriangle" as their internet keyword and China (CN) domain names (winnershtriangle.cn, winnershtriangle.com.cn, winnershtriangle.net.cn, winnershtriangle.org.cn). But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it's necessary to send email to you and confirm whether this company is your distributor in China?

 

Best Regards,

Peter Liu | Service & Operations Manager

China Registry (Head Office) | 6012, Xingdi Building, No. 1698 Yishan Road, Shanghai 201103, China

Tel: +86-02164193517 | Fax: +86-02161918697 | Mob: +86-13816428671

Email: peter@chinaregistry.net

Web: www.chinaregistry.net

 

This email contains privileged and confidential information intended for the addressee only. If you are not the intended recipient, please destroy this email and inform the sender immediately. We appreciate you respecting the confidentiality of this information by not disclosing or using the information in this email.

As we can see from the above, the email has no direct addressee and is just being sen to whichever email address the domain is registered with - this is a shame as it enables more and more companies to provide registration blocking services legitimately and so assist companies that are avoiding being held to account for their websites and other internet behaviour. 

Looking at the originating email address below we can see that the sender is simply using the free account chinaregistry1088@aliyun.com which is, of course, not affiliated with any reputable registry.

As we can see the suggested originating email address is peter@chinaregistry.net which is a fairly unlikely address for China. 

This email should be discarded and no action need be taken. This type of behaviour will end up with all domains having their registry withheld and no one being accountable for the contents of their website.

Lloyds Bank scam emails originating from the University of Southern Mississippi - Watch out !!!!

The following email may arrive in your account:

Lloyds 0nline. <usmlloyds@usm.edu> is obviously a spam address - the zero (0) in 0nline is designed to stop the email being filtered out by spam filters checking for 'Lloyds Online' and so this message should instantly be deleted.

Any email from your bank explaining that urgent action needs to be taken is false - your bank would never rely on an action that does not guarantee reception for an urgent matter, they would always phone.

If we look at the language in general below:

1. As we can see the 0nline zero is present
2. USM.EDU is the email domain of the University of Southern Mississippi who most definitely do not send email on behalf of Lloyds Bank
3. https://security.lloydsbαnk.co.uk/updates actually point to: https://www.smartideas.bg/sma.htm and if we hover over the link, we can see the true destination.

1. 
2. Lloyds Bαnk is a Greek Alphabet character for αlpha which is another tactic to avoid being filtered, as you can see if you examine the a which has been replaced with α.
3. If we reply to the email we receive:

========================================

Clicking the link:

The website that we are taken to when clicking the link certainly looks like Lloyds Bank:

But if we look at the address in the address bar:

We can see that the address is all wrong. If we click the 'How do I know that this site is secure?' link, then there is no satisfactory result. 

This is an effective impersonation of the Lloyds login page and has several verification rules for the input boxes.

This page will return with a different domain once the owners of smartideas.bg realise they have been hacked and they restore the correct website.

Keep an eye out for all emails from the bank - they never email you about security!!!!

As another set of domains names to watch with the same page as above:

http://ourbabyshower.co.za/LLOHDBU0/

http://darylconner.com/LLHSUUNDFY830/V6/ 

Both of the above are fake Lloyds related URLs.

AsiaRegistration.net and other Domain Name Registration and Scams

Look-out!!! Someone in China is going to take over our sector online!

At least I think that is the response this email is expecting.

So my company name is allegedly being registered in China and all of the trademarks etc. are in danger dot dot dot.

I have an email here from jim.wang@asiaregistration.net who assures me I need to act fast!

Well first of all, let us look at the email in question:

Dear CEO, Well the CEO is not likely to receive this email but this is a great way of panicking his PA or whoever may receive messages sent to 'info@'

(If you are not the person who is in charge of this, please forward this to your CEO, because this is urgent. If this email affects you, we are very sorry, please ignore this email. Thanks) This is more of the same - panic panic panic - must act now. It is a bit like finding a hotel room online (always phone around as you will pay half the price)

We are a Network Service Company which is the domain name registration center in China. OK
We received an application from Huadu Ltd on July 18, 2017. They want to register " insolvencyit " as their Internet Keyword and " insolvencyit .cn "、" insolvencyit .com.cn " 、" insolvencyit .net.cn "、" insolvencyit .org.cn " 、" insolvencyit .asia " domain names, they are in China and Asia domain names. But after checking it, we find " insolvencyit " conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not? No registration of any domain will affect a company in any other country - there are so many national domain suffixes and other suffixes that registering them all would be a serious drain on your company profits for no reason.

Best Regards,

Jim | Service Manager

Asia Registration (Head Office)I have removed the phone numbers etc. for the purposes of this email.

Web: www(dot)asiaregistration(dot)net This is important as they are trying to stop their email pointing to www.asiaregistration.net in order to disassociate themselves for some reason - this would indicate wrongdoing of some kind and suggests this email is spam and should be ignored.

Do not ever register domains you do not need - they are a waste of time and should not be bought defensively - unless you are an online retailer and want to prevent a specific competitor buying a certain keyword domain. Stick to your single website and invest in that and the quality of your work will be concentrated in one place to get you a good ranking. Everything else is hearsay and happenstance.

Juniper SSG5 to DrayTek Vigor 2860 IPSec VPN

The DrayTek Vigor router range are very straightforward routers with which to configure a VPN and only get really complicated to work on when dealing with multiple firewall rules that may conflict or override each other. The Junipers are highly configurable in a a very ordered manner, but this does mean that there are extra considerations and stages to configuration when programming a VPN.

The Juniper needs to be told to allow traffic through a VPN and also needs a tunnel and an endpoint configured and so let us deal with that first.

We are assuming that you already have access to the Juniper via the web browser and can reach the configuration screens.

Go to the Network menu and select Interfaces and List.

Now with the drop down top right, choose Tunnel IF and then click New.

Set the Zone to be Untrust (trust-vr)

Check the bubble for Unumbered as this is a route-based VPN

Choose the interface to be the internet facing interface with the IP address that you will be pointing the DrayTek Vigor VPN at.

Now click the Tunnel link at the right of the links at the top of your configuration panel.

Once again the destination will be left as 0.0.0.0 as this is a route-based VPN and the Gateway we define in a minute will determine the endpoint for the VPN.

Now we have the tunnel configured we move on to configure the VPN:

Click Autokey IKE and then New:

Rather than configure a gateway in advance we will simply create one in this page. Click the bubble to Create a Simple Gateway and enter a name for the remote gateway. Leave IKE as ver.1 and choose Static IP and enter the Vigor WAN IP or hostname.

Now enter the pre-shared key which is a code that you will enter into the Vigor or share with the admin of the remote Vigor by some secure means. The Outgoing Interface will be the Juniper physical interface on which the WAN IP address resides to which you will be pointing the Vigor VPN.

Now click Advanced:

Here we are choosing the Phase 2 encryption proposal which is simply the encryption types - AES 256-bit in this case with DH Group 14 PFS (Perfect Forward Secrecy) and 3600 seconds time-out, but feel free to simply select a standard choice and simply make a note of the one you are choosing. Is it AES or 3DES or DES? What is the time-out, is it in seconds, minutes or hours? What is the PFS DH group? All of these should be noted as the Vigor must be configured to accept them.

Now enter the local and remote IP / Netmask where the local is the LAN address and teh subnet and the remote is the LAN which resides behind the Vigor which we are going to have remote access to once the VPN is established. In this case both subnets are set at /24 meaning 255.255.255.0 Class-C subnets but you must obviously enter your own details for each network.

Set service to Any which will allow all traffic to pass between the sites via our VPN.

Tick VPN Monitor, Optimised and Rekey  and leave the destination as default whilst choosing the external interface to which you will point the Vigor as the Source Interface.

Now click Return and OK. Now move on to configure the policies. The Gateway settings below are just for reference.

Here are the configurations for the Gateway but these two pages have been configured already when we configured the VPN but they are included as reference if you need to troubleshoot your Gateway settings:

Now click Advanced:

Now we must configure the policies to allow traffic between the sites. Go to Policy then Policies and at the top select from Trusted to Untrusted and click New.

Give the policy a name and enter the local subnet in the source and the remote subnet in the destination address boxes.

Choose the service type as Any and click OK. There is no need to configure advanced options in this instance.

Now at the top of the policy screen, select from Untrusted to Trusted and New and configure the settings as above but with the Vigor remote LAN subnet as the source and the local Juniper subnet as the destination with the service set as Any.

This completes the Juniper set-up and we can now configure the DrayTek Vigor 2860.

 Log into the admin web page of the DrayTek and go to the VPN and Remote Access section on the right-hand side. Click on LAN to LAN and then click an empty profile so that you can begin to populate the necessary information:

Name the VPN, indicating where it is connecting your local subnet to.

Tick to enable the profile.

Choose which WAN port/interface the VPN will be established through.

We are allowing NetBIOS naming packets as this will be for a Windows computer network and we may wish to enable inter-site computer browser functioning etc.

Multicast via VPN we will leave disabled.

Set the direction to be Both so that either site can initiate the connection.

Set the VPN type to be IPSec and enter the WAN IP or hostname of the Juniper we are connecting to.

Populate the bubble for Pre-Shared Key and click the IKE Pre-Shared Key button. Here you must enter the same key you entered into the Juniper and click OK.

Below that, choose the bubble for High(ESP) and set the dropdown box to be AES with Authentication. Then click the Advanced button:

Here we are selecting Main mode as we did on the Juniper and out phase 1 proposal as AES256_SHA1_G14

Our phase two proposal is set as AES256_SHA1

Timeouts are once again 28800 seconds and 3600 seconds for phase one and two respectively and the Perfect Forward Secret (PFS) is enabled. Now click OK.

Moving down the VPN LAN to LAN page we come to the Dial-In setings:

Tick IPSec Tunnel as the VPN type and untick the others.

Tick the box to Specify Remote VPN Gateway and enter the Juniper WAN IP once more.

Tick the box for the Pre-Share Key and enter it as before by pressing the appropriate button.

Tick the AES button for the IPSec Security Method.

Leave section 4 blank here as we are not using GRE in this example.

Finally section 5 we enter the Vigor WAN IP in My WAN IP. The Juniper WAN IP in Remote Gateway IP.

The Juniper LAN subnet in Remote Network IP such as 192.168.10.0 and the subnet mask below, in this case 255.255.255.0 rather than /24.

The local network IP is the LAN subnet being the Vigor such as 192.168.11.0 and the subnet for the Vigor below.

The RIP direction is set to both and the traversal method is set to Route.

Now click OK.

Go to VPN and Remote Access and Connection Management and see if the VPN is up:

DrayTek Vigor 2830 Dynamic IP to 3900 Static IPSec VPN

There are two main points to bear in mind when configuring the dynamic IP address connections to a static Vigor. The first is that you need to configure the IPsec shared key in two places on the static host DrayTek Vigor VPN router. Firstly under IPSec General Set-up (which is the same place as you configure the IPSec key for L2TP) and then under the VPN Profiles (or LAN to LAN if it is an older model.)

Lets configure the DrayTek Vigor 3900 static IP host router first:

Go to IPSec General Setup:

Enter the IPSec shared key you are going to use for your VPN, or if you are already using that shared key for other connections, look up what you are using and make a not of it as we will need to enter that shared key again shortly.

Now go to VPN Profiles and we will configure the IPSec specifics for the host static end of the VPN. To continue, click Add to open a new profile window and choose an IPSec VPN. Leave the 'For remote dial-in user' selection at disabled.

So in the above we use the wan port that the external IP being targeted by the other VPN router.

The local IP/Subnet mask is the IP range used by the internal network of the 3900 with the static external IP. In this case we are using a class C subnet of 192.168.x.0

The local next hop is left as the default to use the wan1 default gateway (in the above we are using wan1 but as stated you must use the external IP that the 2830 is pointed towards)

The remote host remains at 0.0.0.0 as the remote Vigor 2830 is on a static IP

The remote network mask is the internal IP LAN subnet of the 2830 with a dynamic WAN address - in this case we are using another 192.168.x.0 address

For the IKE phase 1 we will stick with Main Mode

The authentication type we will leave as PSK - Pre-Shared Key

The pre-shared key we entered earlier we enter again here...

The security protocol we are choosing is encrypted and so we select ESP

Now we move onto the Advanced tab:

We are sticking with the default time-outs for DrayTek Routers.

We are selecting Perfect Forward Secrecy to be enabled (PFS)

Dead peer detection can be enabled to allow for VPNs to be picked up again quickly after a brief connectivity issue.

Route/NAT mode should be: Route

Apply NAT policy should be: Disable

NetBIOS naming packets in this case I am selecting: Enable as this will allow ICMP traffic for Windows client/server communications to behave as if on the same network. 

Multicast via VPN we will leave: Disabled

RIP via VPN we will leave: Disabled to simplify getting the VPN up and running - you may wish to enable this at each end afterwards for router discovery.

Now we proceed to the Proposal Tab as we are not enabling GRE in this example:

Now we configure the encryption methods:

We are using AES G5 (Group 5) and AES with authentication as above and leaving the other options as accept all to bring the VPN up reliably and quickly.

To enable compatibility with the 2830 we are sticking to Group 5 but if you are using a 2860 you can use Group 14 (G14) instead as long as you match both ends.

Once all of this has been entered we can click Apply and await the router to confirm that it has accepted our VPN details...

Now we configure the 2830

In this example we are going to stick with using the LAN to LAN or VPN profiles tab as not all models have the VPN client and server wizard options, but either method will work as long as you get all of the encryption, LAN and endpoint data correct:

Below we have already gone to VPN>LAN to LAN and clicked on a profile number to start entering the data:

Give your profile a name and tick the box to enable it.

On this router we are using WAN 2 as it is behind another router (and yes it will still work with or without passthru as this is a dial out only configuration from the dynamic end. There is no point trying to dial back to a router you do not know the WAN IP address of.)

We are selecting the VPN type as Dial-Out only. If you wish the VPN to allow for full time connection so that you can access the remote computers then be sure to tick 'Always On' and Enable Ping to Keep Alive and use the IP address of the remote router LAN port on the other internal network (in this case the LAN port IP of the Vigor 3900.) This will basically make the VPN permanent allowing you to easily administer the computers at the dynamic WAN IP site where the 2830 is located.

Once again we are enabling the NetBIOS packets tick box.

Multicast via VPN is disabled again.

We enter the Vigor 3900 WAN IP/Host name in the server IP/Host Name box.

Click the IKE Pre-Shared and enter the same Pre-Shared key as before and click OK

Leave the dial in boxes empty as nothing can dial into a dynamic WAN router.

Do not specify the other end of the VPN as it is a dynamic IP address.

Leave the IKE authentication box as it is as there is no dial in IKE

My WAN IP should remain 0.0.0.0

The remote VPN gateway is the WAN IP of the 3900 static IP router

The remote Network IP is the subnet of the remote 3900 static IP router, in this case 192.168.x.0 and the remote network mask is a class C of 255.255.255.0 in this case which is the LAN subnet of the 3900

The Local Network IP is the LAN subnet of the router you are configuring and the subnet is once again a class C of 255.255.255.0

We are leaving RIP as disabled and Route as the method of traversal between subnets.

Now we can click OK and go to the VPN connection management page to see how our VPN is getting on:

On the 2830 the HQ VPN has come up and will stay up as we have configured 'always on' and 'ping to remote IP' meaning that when the IP changes at the 2830 WAN it will pickup and stay up allowing us to configure the remote router and PCs securely if we wish.

Now on the 3900 status we see:

Where the VPN is showing happily at the other end also proving that the VPN is encrypting data and sending and receiving successfully.

Buy the DrayTek Vigor 2860

Buy the DrayTek Vigor 3900

DrayTek Vigor 2860 to 3900 IPSec VPN

Connecting a VDSL/FTTC satellite office to a Dedicated Ethernet Fibre Hub Office with DrayTek IPSec. Both offices have a static IP in this example.

Firstly we shall configure the hub Vigor 3900 endpoint. Login as normal to see the home screen:

Now go to VPN and Remote Access and choose VPN Server Wizard and select IPSec as your VPN type:

Click to select creating a new VPN profile, choose a name - I have called this one HubOffice -  and click next:

Now we are going to enter the VPN specific information to allow our satellite office to connect:

• Tick the Enable box to enable the VPN
• Choose the WAN port you are using for the internet connection that will carry the VPN and for which we will be using the external IP address of
• Enter the local subnet - this is not provided automatically so enter your local subnet that the satellite office is being provided access to - this may well be the subnet you are using
• Leave the next hop as 0.0.0.0
• The remote host is the external WAN IP of the satellite office Vigor 2860
• The remote host IP/subnet mask is the internal LAN subnet of the Vigor 2860 LAN
• If there are any other subnets hung of the back of the Satellite office - if it is a hub in itself - then you can add the extra subnets here but this can often be a hinderence in getting the VPN to come up so we shall leave it blank for now.
• Auth type is PSK for passphrase/shred secret that we will enter momentarily
• Pre-shared key - enter a long string that you have made a note of, as it is to be entered in the 3900 router later
• Security protocol - leave at ESP
• We are leaving the DPD delay and timeout boxes as default

Click finish to complete the setup...

You will be asked if you wish to proceed to the VPN status page and that is what we shall do:

Now we shall proceed to configure the 2860 which has a pretty much identical interface:

We won't use the VPN Client Wizard so that you can see all of the steps, we will configure the VP manually, click VPN and Remote Access > LAN to LAN:

then select a number corresponding to the profile you wish to configure:

• Fist tick the Enable box to enable the profile
• Give the profile a name
• Choose the WAN1 interface for the VDSL interface if that is what you are using for the VPN external WAN IP address
• Click the pass NetBIOS box to allow ICMP traffic between the offices
• Leave Multicast blocked
• To the right of that leave the call direction as Both
• Below to the left select IPSec as the VPN type
• Below that, enter the IP address or A record host name of the hub office Vigor 3900 WAN
• To the right, click on the IKE Pre-Shared Key button and enter the key as you entered it into the Vigor 3900:

• Now below that enter the IPsec method as High(ESP) AES with Authentication, then click the advanced button
• Click the option to enable PFS - perfect forward secrecy

• Leave the other timeouts as they are and click OK
• Tick the box Specify Remote VPN Gateway and enter the 3900 WAN IP address
• Leave the GRE settings as blank and proceed to the bottom section 5.

• Enter the 2860 WAN IP in the first box
• Enter the 3900 WAN IP in the second box
• Enter the 3900 LAN IP network address in the third box
• Enter the 3900 LAN subnet in the fourth box
• Enter the 2860 LAN network address in the fifth box
• Enter the 2860 LAN subnet in the final box
• Leave the RIP settings as they are.

Now you should be able to go to the connection status on either router and see that the connection is live and be able to ping the other office from each respectively...

Buy the DrayTek Vigor 2860

Buy the DrayTek Vigor 3900

Google’s top 10 hidden features

If you’re only using Google to search the web then you are missing out on quite a bit. Have a look at these tips to get the most from the world’s most popular search engine.

We all know that Google is the world’s most advanced search engine, but did you know there are a host of hidden features that make it even more effective to use?

1: The easy way to convert currency

Do you want to find out how much money is in a different currency? Don’t go searching for a dedicated currency converter; you can do it through the Google search box. Just type out your amount – 100 euros, say – followed by ‘in’ and the currency you’d like to change it to, and hey presto, it’ll convert it for you. You can also do the same with number conversions like miles to kilometres and ounces to litres etc., and even translate short phrases from one language into another.

2: Make calculations

Pretty much every computer and mobile device has a calculator built in, but thanks to Google you don’t need to go searching for it. Just type the sum into the Google search bar, and it will perform the calculation for you.

3: See news results

If you are researching something, and want the most up-to-date info available, click the News tab at the top of the results page. This will show recent news articles featuring your search term.

4: Find out what an image is of...

You may know you can search for images online, so if you always wanted to see what someone looks like, now’s your chance. But did you know you can find out what an image is of as well?

Stumble across an interesting picture online, and you can find out more about it by going to images.google.com and clicking the camera icon in the search bar. This brings up two options: either paste the url of the image you’ve found (i.e. what’s in the address bar when the image is the only thing on the screen), or upload an image from your computer to find out what it is.

5: Search a site from Google

Some websites’ own search functions are terrible, but don’t worry, you can also search them direct from the Google home page. Type your search term followed by “site:” and then the address of the website you want to search, so ‘flood warning site:bbc.co.uk’ for example. Then only results from the website you include will show up.

6: Search by file type

Similarly, you can search by the type of file you’re looking for, which is perfect if you’re searching for a specific PowerPoint presentation or PDF. Just type the name of the file, followed by ‘filetype:’ and then the document’s extension, so ‘pptx’ for PowerPoint, ‘docx’ for Word document or xlsx for Excel.

7: Google Doodles

Google regularly changes its logo on its home page to tie in with an occasion. Often to commemerate a famous person, a notable anniversary or a national holiday. Whatever it is, Google always manages to work its logo into the image.

This one pictured celebrates the birth of French architect Eugène Viollet-le-Duc, but they’re always varied, sometimes taking the form of animated films or even playable games. You can find a full archive here and even buy merchandise featuring your favourite doodle.

8: Get results in your locality...

If you choose to let Google know your whereabouts, you can find results in your area without having to specify where you are. Click Search Tools under the search bar and your location is listed on the right, if you are going somewhere new and need to find something, simply enter it on the right.

Search for ‘pizza restaurant’, for example, and it’ll show a list of nearby pizzerias, without you having to enter your postcode. Which is handy if you’re hungry.

9: Search using your voice

What if you don't fancy typing out a search query? No problem – you can just say it. You’ll need to launch Google’s Chrome browser on your computer, then go to google.co.uk and click the microphone icon in the search bar. Say what you want to find, and it’ll speak back to you with the results.

10:  Check flight times

If you’re planning a trip, just go to Google, type ‘flights to’ or ‘flights from’ and the name of your city or airport or three letter airport code. You will see a list of flights complete with flight times, prices, and everything else you could need to know. It’s the only way to fly.

DrayTek Vigor 2830/2860 to 3300/V/+ router IPSec VPN

This example is for an environment with a static IP at each office.

Firstly let us set-up the 3300 head office router:

After logging in, go to the VPN menu, then to IPSec and then to 'Policy Table'

In this example we are going to use AES encryption with authentication for the maximum security available.

Firstly we enable the profile.

We name the profile something that explains the VPN and then we choose preshared key, which in this example is our preferred security key. Our security protocol will be ESP and we choose NAT Traversal to be enabled. In this example I am not enabling NetBIOS but if you are adding a VPN to extend a Windows domain then you should choose Pass here.

As we are connecting to another DrayTek device we are not going to change the default time-outs but if you do, they must be mirrored at the other end to enable the VPN. We will change the security settings though as we wish to ensure AES256-sha1 encryption and authentication.

We are ticking the PFS Perfect Forward Secrecy box also:

Now we can click Apply and configure the DrayTek Vigor 2830/2860...

Under the VPN menu, go to Lan to LAN to set-up your connection to the DrayTek 3300

Click the number corresponding to the first available unused profile...

Now we are going to enter the details required to connect to the 3300 router:

We are once again giving it a name relevant to the connection. In this case we are connecting through WAN2 but you can choose WAN1 if you are using ADSL/VDSL

NetBIOS should be enabled/disabled depending on whether you are allowing file access to Windows machines across the VPN. In most cases with Windows machines you would pass NetBIOS packets.

The call direction is set to Both to allow either end to start the VPN.

Under Dial-Out settings we set the VPN type to IPSec once again.

We enter the domain name/ip address of the external interface of the other 3300 router in the box below.

We now tick the Pre-Share Key box to the right and click the Pre-Shared Key button to enter the same key as we entered into the 3300 Pre-Shared Key box.

Below that we select the High(ESP) option and choose AES with Authentication as we did on the 3300

Now click the Advanced Box:

We are mirroring the settings from the 3300 here so we choose the AES256-SHA1_G5 for phase one and AES-256 for the phase two proposal.

Once again we select the Perfect Forward Secret option and the timeouts are already consistent.

Click OK when done.

Now under IPSec security method, tick only the AES box and then enter the IP address details at the bottom of the page:

We enter the external IP of the 2860/2830 first in the My WAN IP box.

Enter the remote 3300 router external interface address in Remote Gateway IP addres box.

Then enter the remote DrayTek 3300 internal network subnet details in the two boxes below that.

Finally enter the DrayTek 2860/2830 local network subnet details in the two boxes below that.

Click OK when done.

Now under VPN and Remote Access on the 2860/2830 you should see the connection as live:

Buy DrayTek routers here 

So now we are looking at eBay scams that are interested in hacking your eBay account so that they can get details or account information.

Here is a typical email - the first thing to do is notice that there is a big button with 'dispute this transaction' which is not normally present. Also notice that the email is originating from outlook.com which is unusual for an eBay email:

Also notice that that if we hover over the 'Dispute this transaction' button we see the following:

So the domain name, although having the rover.ebay.com part in, is actually pointing to t.co which is Twitters forwarding domain (Ooops, that's a bit embarrassing) which then forwards you to http://disputetransactionebaycommunicationreview.com/webapps/a3889/websrc 

This page shows up as PayPal:

You can still see the phantom domain at the top though. This is obviously where they are interested in grabbing your PayPal details so do not.

Report this website address as false as soon as you can.

Forward the email to your ISPs spam service email support.

It should be noted that Outlook.com and Twitter.com are both being hijacked for this so beware as it will more than likely pass your anti spam filters!

OK, so you have your new Computer and you are dying to get cracking on the Internet as your ISP has just made live your new broadband connection. Your computer was pre-installed and appears to have everything that you need including your bonus installation of Norton Antivirus or similar and free downloads for a year. You install your modem and are ready to go so lets go...

Antivirus Questions?

But maybe we should hold on a second. Norton Antivirus wins a lot of awards etc but then it would. It is manufactured by Symantec and they are definitely a leader in corporate antivirus technology and a good supplier to deal with on that level but they will charge you for any support as a home user and charge you to update your signature files after your trial period. A better option is to lose the installed antivirus and get AVG Free Edition from Grisoft which picks up as many viruses as any other home edition antivirus package. Grisoft's solution is available from http://free.grisoft.com/doc/1 and I would urge you to pay for the full edition if you are a business as the extra functionality is worth it. Avast Antivir are also perfectly good examples and are also free. Whatever you do, make sure you have a suitable solution before just surfing unknown pages.

You should also equip yourself with a Firewall. Surfing the internet without a firewall is leaving yourself open to attacks so at the very least make sure you have either the Microsoft XPSP2 firewall or one of these free firewalls: Kerio, Sygate, ZoneAlarm

ALSO: Keep Windows Updated! Many Windows updates are to close holes exploited by malicious programs and simply staying updated will keep a lot of infections off your system.

But what about Spy-ware?

What antispyware system should I use? Well first of all, a lot of decent antivirus solutions get spy-ware as well as ad-ware and viruses as they are all basically the same thing. They are all darn annoying and the primary reason new internet users run into trouble. Most of the anti-spy-ware solutions these days use all of the spy-ware and virus hassles to try and sell themselves - I have people calling me asking how to get spy-axe and spy-ware-killer OFF of their machines. These are not solutions being sold to enrich computer use, they are immature, trip-you-up pieces of software designed for a quick buck and some new users will be caught out. In my experience there is no anti-spy-ware solution - even the ones from Microsoft and the like - that catch most of the ad-ware and irritations that can be removed simply by going into Control Panel in Windows and removing everything you do not use or recognise.

If you are determined to use other means or have tried all of the above you can also run these on-line scans. PandaActivescan Housecall Scan although they require an Active X download which your Firewall may object to.

The following examples are all free also, and can happily coexist on the same computer:
Free Anti-Spyware: MS Antispyware AdAwareSE SpybotSD SpywareBlaster
It is important that your computer is run at minimum functionality. Windows is like a pen-knife - it can do almost anything you need it to - but if you are not hosting a website then make sure that the Web-Hosting features are uninstalled. You can do this in Control Panel under add/remove programs and then by clicking add/remove windows components on the left (Windows XP - the others are similar.) Every bit of unnecessary functionality can be used against you so try and run a tight ship. Make sure you have a reason to keep everything you see in this screen. If you don't use network printing then get rid of it. If you don't use Fax services then get rid of them. Every one you can dump frees memory and so decreases the work your computer is doing to swap out the page-file which equals more speed.

Once you have spy-ware/ad-ware or a virus infesting your system it will be taking you to an undesirable website or you will be getting pop-ups of some kind or whatever. Do not go running to the first advert you see. Your friends are the other people who have had the problem. Do a search on the Internet for a description of the symptoms and have a read of some articles that do not get money off of you for your custom. Forums and the like. There will be instructions. If you cannot get to a website other than the one to which you are unwittingly directed, go into control panel and add/remove programs, and get rid of anything with an incomplete name (I mean uninstall it by get rid of) or anything that you do not knowingly use. If you are unsure, then have a look in the documentation for the software name in question. Do not just uninstall everything you do not recognise, check the system again at each uninstall to see if the problem is cured so you know for sure which application was causing the problem.

Many viruses and the like kick-off their processes at boot up. There are many places in the Registry (a set of files that do a lot to tell Windows how it should behave) that these processes can give themselves shortcuts to start-up. If you go to the start button on your task bar and choose run and then type regedit into the box which appears, you will be presented with the registry editor. Beware!!!! The Registry is critical to Windows and if you mess about with it you can stop Windows booting up altogether so do not change anything without verifying the information from at least two sources!!! If you look at HKey_Local_Machine -> Software -> Microsoft -> Windows -> CurrentVersion -> Run and Runonce etc. you will see something like that below:

Many of the processes aggravating you or your computer are to be found here or other similar places in the Windows Registry. Note that in a lot of articles it is common to substitute HKLM for HKey_Local_Machine and that there are as many trouble causers as do-gooders so try and find a good source of information and verify it. Once you have found a source to be good more than a few times you can start to trust the information you find there.

With issues like SpyAxe where the product repeats that you have a virus, remember a few things. If the product it is asking you to install is not already installed then how can the computer know it has a virus? 

Please feel free to submit any other spy-ware problems at http://forum.sircles.net for us to have a look at. If you wish to try an anti-spy-ware application to help clear up your PC, have a look at the anti-spy-ware review site for a decent opinion of which one works best as we prefer companies to be inspired to make a good product rather than just hard-selling via cheap viruses and ad-ware; if they keep trying to hard-sell you things, tell us, and we will find a better link.