About Joe Wein

Software developer and anti-spam activist

JWHOIS uses 100% of CPU on CentOS

Occasionally we hit a bug where the ‘whois’ command hangs on one of our CentOS servers and goes CPU-bound. This has been happening on several CentOS versions, including 6.8. Specifically, this is a problem in jwhois, the whois client included in CentOS.

Apparently, CentOS (and RHEL, on whose source code it’s based) is missing a number of fixes that have been added to other Linux versions including Fedora over the last couple of years. So the problem is actually known and a fix has been available for years, it’s just not included in the product.

Comparing the change logs for jwhois between CentOS and Fedora, everything matches up to and including build 4.0-18 in September 2009, but then the two diverge.

On Jan 26, 2010, Fedora received a fix (“Use select to wait for input (patch by Joshua Roys <joshua.roys AT gtri.gatech.edu>)”) for a new 4.0-19 build that resolved bug #469412 for precisely this issue. There are many more changes in Fedora’s jwhois after that, unlike its RHEL and CentOS equivalent, which in all the years since then received only a single update. This is also called 4.0-19, but it was made on Jun 23, 2011 and it includes only two fixes for unrelated issues that were fixed in Fedora’s jwhois updates 4.0-24 (Dec 20, 2010) and 4.0-26 (Mar 15, 2011), but not the earlier select fix or fixes for any of the other issues. CentOS is missing the “jwhois-4.0-select.patch” and that’s why WHOIS hangs.

Olympic Hydrogen Hype

Today’s Japan Times reports that the Organizing Committee of the 2020 Tokyo Olympics is considering the use of hydrogen torches to light the Olympic flame (“Olympic panel mulls high-tech hydrogen torch, pares soccer venues” — JT, 2017-02-27):

“An important theme of the Olympics is how to promote environmental sustainability. We will talk to experts and see how realistic it is in terms of technological development,” a committee member said.

One official said there are still safety and cost concerns, and asserted that there also was a need for a lightweight torch that can be easily carried.

In March 2016, the Tokyo Metropolitan Government announced a project to have the 6,000-unit athletes’ village for the games run entirely on hydrogen power.

The Japanese government is one of the most active promoters worldwide of a so called “hydrogen economy”. It sees the 2020 Olympics as an opportunity to showcase Japan’s lead on hydrogen. Other projects are the construction of a nationwide network of hydrogen filling stations for hydrogen fuel cell vehicles (HFCV) such as the Toyota Mirai, research into shipping liquefied hydrogen from overseas using special tankers and production of hydrogen from lignite (brown coal) in Australia for export to Japan.

Let’s start with the most obvious problem in the article, the hydrogen fueled torch: The usual Olympic torches use LPG (propane/butane) as a fuel, a gas mixture that can be stored as a liquid under moderate pressure at normal outdoor temperatures. This makes it easy to carry a significant amount of fuel in a light weight container. Hydrogen by contrast does not liquefy unless chilled to about -252 C. Hydrogen powered vehicles run on compressed hydrogen instead, at pressures of up to 700 bar, equivalent to half the weight of a car on each cm2 of tank surface. As you can imagine that kind of pressure calls for some fairly sturdy containers. An even bigger problem is that pure hydrogen flames are invisible because they radiate energy not as light but as UV. You could feel the heat, but you couldn’t directly see if the flame is burning or not, which makes it quite hazardous. Talk about playing with fire…

The comment about running the Olympic village on “hydrogen power” is quite misleading. It’s like saying they would run the Olympic village on battery power, without explaining where the energy to charge those batteries came from. Like batteries, hydrogen is not a primary energy source, it’s an energy carrier. Since elementary hydrogen does not exist in significant quantities on earth, it has to be produced using another energy source such as natural gas or electricity generated using coal, nuclear, wind or solar.

Though it’s possible to produce hydrogen from carbon-free energy sources such as solar electricity (splitting water through electrolysis) and then produce electricity from hydrogen again, this process is far less efficient than either consuming renewable electricity directly or via batteries. When you convert electric energy to chemical energy in hydrogen and back to electricity, about 3/4 of the energy is lost in the process. This is incredibly wasteful and far from green.

With its sponsorship of hydrogen, the Japanese government is trying to create business opportunities for industrial companies such as Kawasaki Heavy Industries, a Japanese shipbuilder (see “Kawasaki Heavy fighting for place in ‘hydrogen economy'” — Nikkei Asian Review, 2015-09-03) and for its oil and gas importers, as almost all hydrogen is currently made from imported liquefied natural gas (LNG). In the longer term, the government still has a vision of nuclear power (fission or fusion) producing the electricity needed to make hydrogen without carbon emissions. Thus the ‘hydrogen economy’ is meant to keep oil companies and electricity monopolies like TEPCO in business. The “hydrogen economy” is coal, oil and nuclear hidden under a coat of green paint.

These plans completely disregard the rapid progress being made in battery technologies which have already enabled electric cars with ranges of hundreds of km at lower costs than HFCVs and without the need for expensive new infrastructure.

Hydrogen, especially when it’s produced with carbon-intensive coal or dangerous nuclear, is not the future. Japan would be much better served by investing into a mix of wind, solar, geothermal and wave power, combined with battery storage and other technologies for matching up variable supply and demand.

See also:
Hydrogen Fuel Cell Cars Are Not The Future (2016-12-05)

Google broke Picasa uploads

Having used Google Picasaweb for picture-hosting for many years, Google’s transition to Google Photos has been a frustrating experience. The original Picasaweb has always worked better for me than its supposed replacement. Several friends of mine who had also been using Picasaweb have already switched to other services, including Facebook.

The latest nail in the coffin came a few days ago, when the Picasa 3 application failed to upload new albums to Google Photo. The error message was:

Error: Request failed
Click here to View Errors

The link revealed that it was a server error:

HTTP Error 400 – https://picasaweb.google.com/post?tok={long-token-here}[156]

It looks like someone at Google broke the upload servers. When they announced the transition a year ago, Google wrote:

Desktop application
As of March 15, 2016, we will no longer be supporting the Picasa desktop application. For those who have already downloaded this—or choose to do so before this date—it will continue to work as it does today, but we will not be developing it further, and there will be no future updates.

For now, the workaround appears to be to use “File | Export Picture to Folder” in the Desktop application to create files no wider than 1600 pixels (below the limit for unlimited free uploads) and then upload those file sets to Google Photo using its web interface.

At the moment it is still possible to share Google Photo images in blog and forum posts but for how much longer? First you must share the album, for example by clicking on the “share” icon in the album in Google Photo, then “Get Link” to generate a link, which you don’t actually have to use. Then you can view an image, right-click on it and select “Open image in new tab”. The URI above the new tab that opens can be used for embedding images in blogs and forums. If or more precisely, when Google also breaks this feature then Google Photos will become unusable for me.

I am looking for a good solution to be hosted on one of my own servers that will replace Google Photos, without size limits and without any hassle for resizing images for public sharing, that will let me control who can see what images like the old Picasaweb did.

Native ads, a race to the bottom for online media

Over the past year you will have seen a steady increase of so-called “native ads” while reading articles online. You know, those half dozen or more links with pictures to what at first looks like other articles recommended by the publisher. Only, they are really outside links. Many are click-bait ads, with pictures and headlines designed to grab your attention. They are introduced with tags like “From the web” or “Promoted stories”. The small print will mention companies like Outbrain, Taboola or Revcontent that place the ads in the space that they rent from the website owner.

At best, the advertised content doesn’t live up to the attention-grabbing ads. At worst, the advertisers try to sell you something utterly worthless through deception and lies, including miracle weight loss, anti-aging and anti-Alzheimer pills or promises of jobs that make thousands of dollars a month with no special skills required. Many of these offerings involve recurring credit card charges that are very difficult to get out of.

So why have reputable publishers like the Washington Post, Newsweek and The Atlantic embraced “native ads” on their websites? The answer of course is money. As the Internet grew, print advertising revenues have been collapsing for traditional media as much of the ads have moved online. What’s worse, with Google Adsense and Facebook ads, traditional publishers now have to compete for eyeballs against an almost unlimited number of websites and SNS, making it very hard to replace print ad revenue with online ad revenue. Companies like Outbrain and Taboola (both based in Israel) and RevContent (based in Florida) are offering better rates to site owners, but they can only do that because they seem to have few ethical problems selling anything that makes money.

Back in the 1990s I used to read High Times, which always carried pages of “fake pot” ads. The description for these products might lead naive readers to think that these legal products offered some of the effects of illegal marijuana, but it was really just bullshit and the High Times editors knew that. Their dilemma was that Congress had passed anti-paraphernalia laws that discouraged their traditional advertisers (e.g. for glass pipes) from advertising and the “fake pot” scammers were ready to fill the gap. When rival magazine Cannabis Culture pointed out the hypocrisy of High Times helping to defraud their readers, one of the editors offered an excuse along these lines: “If you don’t like these ads, why don’t you buy that advertising space yourself?” It’s not quite as simple as that.

While every business needs revenue to survive, I think ultimately, accepting money from unethical sources such as scammers does undermine your credibility. Gradually, more and more consumers will realize these “promoted stories” and “sponsored content” are nothing but deceptive junk. Taking money from these advertisers is a devil’s bargain that will damage the reputation of sites running unethical ads. If readers of reputable news sites lose faith in them, what will they have left that distinguishes them from fake news sites?


Never buy stock advertised via spam (especially penny stocks), such as this one:

Subject: This company is a rare opportunity to quintuple your money before Christmas.

Appswarm needs your attention. This is the only stock you need to buy today.
Keep on reading to find out why..

Appswarm (ticker: SWRM) is a mobile games developer that has built some of
the most popular games on the planet.

The games have been downloaded more than 100 million times and the company is
planning to launch 5 new titles in January 2017 (next month).

SWRM is extremely undervalued and there are serious rumors circulating that the maker of
Candy Crush (King, a multi billion dollar company) is about to buy it out for $1.17 per share before Christmas.

At this moment SWRM is trading at just pennies but a buy out from King will automatically
send it to over $1 in a matter of minutes.

This is your chance to buy a stock just days before a major acquisition and stand to
gain more than 1,500% just days before Christmas.

This is a scam, the only people making money on this stock are the spam senders who will be trying to offload their existing holdings.

What’s the Deal with Son and Trump?

President-elect Trump got plenty of headlines out of his recent meeting with Softbank president Masayoshi Son, boasting afterwards:

“Masa, a great guy of Japan, he’s pledged that he’s going to put $50 billion into the United States because of our victory. He wasn’t investing in our country — $50 billion. Fifty thousand jobs — 50,000 jobs he’s going to be investing in. He is a great guy.”
Donald Trump, in Fayetteville, N.C., 2016-12-06

Clearly, Trump is hoping to get some mileage out of this meeting with Son, but what’s in it for Softbank? Why is he meeting up with the next president and not just with business leaders?

It’s unlikely the surprise victory for Trump was much of a factor in the announced investment plans. Three weeks before the election, when most pundits were still expecting a Clinton victory, Softbank already announced it was setting up a $100 billion dollar investment fund, with Saudi Arabia supplying the biggest share of the funds. Given the size of it and the special role the US plays for technology startups, it is unlikely most of it wasn’t meant to be invested there anyway. So take any claims that Son will be investing in the US only because Trump won with more than a pinch of salt.

Softbank already made a huge investment in the US under Trump’s predecessor, President Obama. In 2013 Softbank acquired US mobile carrier Sprint for $22 billion. However, its plans to acquire smaller carrier T-Mobile were thwarted by the FCC. And this is the likely background for the recent meeting and announcement:

Analysts said Son may be seeking to improve the chances of a merger between Sprint and T-Mobile. Sprint and SoftBank abandoned an effort to buy T-Mobile in 2014 after the Federal Communications Commission signaled the deal might violate antitrust laws.

Trump will be responsible for appointing the next FCC chairman. Speaking from the lobby of the Trump Tower on Tuesday, Son said that he wanted to celebrate Trump’s election “because he would do a lot of deregulation.”

“SoftBank’s original plan may come true with the new FCC chairman,” Naoshi Nema, analyst at Cantor Fitzgerald, said in a note.
The SoftBank investment Trump touted looks pretty great for SoftBank (LA Times, 2016-12-07)

By flattering Trump’s ego, Son is hoping to gain political influence to pull off a plan that was shot down by the FCC because it would be bad for competition and bad for consumers. With fewer players in the market, mobile plans will go up in price. Most likely a merger of Sprint and T-Mobile would would also lead to “synergies” (aka layoffs) as the companies would share infrastructure and other resources. Sprint already laid off thousands of employees to save billions of dollars under Softbank. But never mind reality when headlines of “50,000 new jobs” sound much better! 😉

This is not how a market economy should work in a country operating under the rule of law. Trump has not even taken office yet and the US is already starting to look like a Third World country, where the key to doing well in business is to cozy up to the president.

Get the Facebook “See translation” button back

I used to get a “See translation” link when browsing Facebook posts of my Japanese friends, but at some point that went away. I would still see it offered on languages such as Dutch, Swedish or Spanish though. It turns out that Facebook didn’t give me the “See translation” link for Japanese posts because in my language settings I had included Japanese along with English, French and German. I speak it, but unlike my other languages I can’t necessarily read it.

Having lived in Japan for many years I do speak Japanese well enough to talk to friends and family, to go to the bank, to travel and go shopping. I deal with officials at the city office or to renew my driver’s license, no problem. However, I do not do too well with written Japanese and its almost 2000 Kanji characters, so I’m still relying on translation tools for that. It was actually easy to re-enable the option in Facebook.

In Facebook, click on the triangle to the right of the padlock. Click on “Settings” in the drop-down menu. Click on “Language” on the left. Click on “Edit” next to “Which languages do you understand?”. Remove any languages that you still want to get a “See translation” option for. Click “Save changes”. Now view a Facebook post in that language and you should see the “See translation” option displayed below it 🙂

Hydrogen Fuel Cell Cars Are Not The Future

On my bicycle ride last Saturday I passed a service station near Hachioji in western Tokyo that is being set up as a hydrogen station for fuel cell cars. Japan is in the process of setting up such infrastructure to support a small fleet fuel cell vehicles such as the Toyota Mirai (its name means “future” in Japanese).

For decades, hydrogen has been touted as an alternative fuel for transport once we move beyond fossil fuels. The idea was that it can be made in essentially unlimited amounts from water using electricity from solar, wind or nuclear power (from either fission or fusion reactors). The only tailpipe emission would be water, which goes back into nature.

Unlike electric cars, which have limited range compared to fossil fuel cars, hydrogen cars can be refilled fairly quickly, like conventional cars, giving them a longer operating range. Car manufacturers have experimented with both internal combustion engines (ICE) running on hydrogen and fuel cell stacks that produce electricity to drive a traction motor. Both liquefied and compressed hydrogen has been tested for storage.

Here is a Honda fuel cell car I photographed on Yakushima in 2009:

It’s been a long road for hydrogen cars so far. Hydrogen fuel cells were already providing electricity for spacecrafts in the Apollo missions in the 1960s and 70s. With the launch of production cars and hydrogen fuel stations opening now in Japan, the US and Europe it seems the technology is finally getting ready for prime time. However, the reality is quite different.

Arguably the biggest challenge for hydrogen cars now is not the difficulty of bringing down the cost of fuel cells or improving their longevity or getting refueling infrastructure set up, but the spread of hybrid and electric cars. Thanks to laptops and mobile devices there has been a huge market for new battery technology, which attracted investment into research and development and scaled up manufacturing. Eventually reduced costs allowed this technology to cross over into the automotive industry. The battery packs of the Tesla Roadster were assembled from the same industry standard “18650” Li-ion cells that are the building blocks of laptop batteries.

Li-ion batteries have been rapidly falling in price year after year, allowing bigger battery packs to be built that improved range. A car like the Nissan Leaf that is rated for a range of 135 to 172 km (depending on the model) would cover the daily distances of most people on most days without recharging during daytime. Not only are prices falling and range is increasing, the cars can also harness the existing electricity grid for infrastructure. A charging station is a fraction of the price of a hydrogen filling station.

Here in Japan I find many charging stations in convenience store parking lots, at restaurants, in malls and at car dealerships – just about anywhere but at gasoline stations, which is where the few hydrogen stations are being installed.

After the tsunami and nuclear meltdown hit Japan in March 2011, some people here viewed electric cars and their claimed ecological benefits with suspicion: The Nissan Leaf may not have a tail pipe, but didn’t its electricity come from nuclear power stations? This criticism is not entirely justified, because electricity can be produced in many different ways, including wind, sun and geothermal. Car batteries of parked cars are actually quite a good match for the somewhat intermittent output of wind and solar, because they could act as a buffer to absorb excess generating capacity while feeding power back into the grid when demand peaks. If cars were charged mostly when load is low (for example, at night) then no new power stations or transmission lines would have to be built to accommodate them within the existing distribution network.

The dark secret of hydrogen is that, if produced from water and electricity through electrolysis, it is actually a very inefficient energy carrier. To produce the hydrogen needed to power a fuel cell car for 100 km consumes about three times as much electricity as it takes to charge the batteries of an electric car to cover the same distance. That’s mostly because there are far greater energy losses in both electrolysis and in fuel cells than there are in charging and discharging a battery. On top of that, even fuel cells still costing about $100,000 are not powerful enough to handle peak loads in a car, so during low engine load the fuel cell is run at constant output to charge a small battery, which then supplies boost power during peak load. This means a fuel cell car suffers the relative small charge/discharge losses of a battery-electric car on top of the much bigger losses in electrolysis and fuel cells that only a hydrogen car has.

What this 3x difference in energy efficiency means is that if we were to replace fossil-fueled cars with hydrogen-fueled cars running on renewable energy, we would have to install three times more solar panels and build three times as many wind turbines as it would take to charge the same number of electric cars. Who would pay for that and why?

Even if the power source was nuclear, we would be producing three times as much nuclear waste to power hydrogen cars than to power battery-electric cars — waste that will be around for thousands of years. That makes no sense at all.

So why are hydrogen fuel cell car still being promoted then? Maybe 20-30 years ago research into hydrogen cars made sense, as insurance in case other alternatives to petroleum didn’t work out, but today the facts are clear: The hydrogen economy is nothing but a boondoggle. It is being pursued for political reasons.

Electrolysis of water is not how industrial hydrogen is being produced. The number one source for it is a process called steam reformation of natural gas (which in Japan is mostly imported as LNG). Steam reformation releases carbon dioxide and contributes to man-made global warming. By opting for hydrogen fuel cell cars over electric cars, we’re helping to keep the oil industry in business. That you find hydrogen on the forecourt of gas stations that are mostly selling gasoline and diesel now is not a coincidence. Hydrogen is not the “fuel of the future”, it’s a fossil fuel in new clothes.

Due to the inefficiency of the hydrogen production it would actually make more sense from both a cost and environmental point of view to burn the natural gas in highly efficient combined cycle power stations (gas turbines coupled with a steam turbine) feeding into the grid to charge electric cars instead of producing hydrogen for fuel cell cars from natural gas.

Even if electrolysis is terribly inefficient, by maximizing demand for electricity it can provide a political fig leaf for restarting and expanding nuclear power in Japan. Both the “nuclear fuel cycle” involving Fast Breeder Reactors and the promise of nuclear fusion that is always another 30-50 years away were sold partly as a power source for a future “hydrogen economy”.

While I’m sorry that my tax money is being used to subsidize hydrogen cars, I don’t think it will ever take off in the market. Electric cars came up from behind and overtook fuel cell cars. The price of batteries is falling rapidly year after year, driven by massive investment in research and development by three independent powerful industries: IT/mobile, automotive and the power companies. The hydrogen dream won’t die overnight. I expect the fuel cell car project will drag on through inertia, perhaps until there will be more battery electric cars than fossil fueled cars in Japan and then will be cancelled.

Elephant Bikes NFE Goes 11 Speed (with OX601D and hydraulic brakes)

It’s been almost 8 months since I started riding my Elephant Bikes National Forest Explorer (NFE). See the original build report here. Since then I have made several significant changes. Here is my bike as I was taking a box full of bike parts to GS Astuto, my local bike shop, to do the upgrade:

In May I switched from Compass Babyshoe Pass EL tyres with Schwalbe tubes to regular Compass Babyshoe Pass (non-EL) set up tubeless. In November I switched back to the original setup. Basically, it wasn’t worth the hassle. The front tyre started leaking through its side walls and no amount of sealant added would stop the leakage. The valves got pretty badly clogged by sealant foam injected through the valve. And finally I found that when switching back to the BSP EL tyres remounting them was trivially easy, quite unlike my experience when I had the first puncture, probably because I had since learnt how to properly mount a tyre on tubeless ready rims (hint: push the beads towards the centre channel of the rim to create enough slack).

The second change was to get rid of the Honcho Turtle 58 mudguards and replacing the with SKS plastic mudguards. The Honcho mudguards were beautiful, made from hammered aluminium. They gave the bike a classic look that drew many admiring glances. Trouble is, they were too tight. Even though they were advertised for 650B tyres as wide as 42 mm, I would not recommend them for anything beyond 38 mm. If either the mudguard or the wheel was not exactly centered I would sometimes get wheel rub, which really scared me: I do not want the mudguard to wear through the tyre sidewall.

I bought some SKS Bluemels (SKS-K-BM65-26-21-235) for 5700 yen instead. These 65 mm wide mudguards are designed for 26″ MTB wheels with tyre withs of 2.1-2.35 inches, but they work great for 650B. There’s plenty of clearance with 42 mm tyres and I may even get away with 47 m if wanted to go that way. The only difficult part of the installation was trimming the fairly beefy steel stays to the appropriate length.

The third change was the biggest: I replaced the crank set, chain, cassette, derailleurs, shifters and brakes. I had been unhappy with the shift quality on my TD-2 touring triple, which was nothing like what I was used to from my Shimano 5703 triple. I ended up with dropped chains, chains that slide between the middle and the inner ring, upshifts and downshifts that overshoot, upshifts that require immediate counter-trimming, etc. I don’t know if the culprit were the chain rings or if it was the front derailleur, but I finally decided to replace the triple with a Sugino “Compact Plus” small double. I could have stayed with a 10 speed setup, but I wasn’t so happy with my TRP Spyre mechanical disc brakes either. If I switched to 11 speed I had the option of installing Shimano hydraulic disc brakes. So that’s what I ended up doing.

The new crank set is a Sugino OX601D. It is very similar to its more upmarket siblings, the OX801D and OX901D, which basically work exactly the same, but look more refined and come with different chain ring options. It’s a two piece crank (the old triple was a square taper three piece design), much like modern Shimano cranks. With both a 110 mm and 74 mm bolt circle, it can fit an outer of 40-50T and an inner of 24-36T. Inner rings of 42T-32T are 74 mm BCD (Sugino bolt set B) while 34-36 use share the 110 mm BCD with the outer ring (Sugino bolt set A). The crank set offers a narrow Q-factor of 145 mm and a standard double chainline of 43.5 mm. I am using a Sugino PE110S-42T as my outer and a Sugino 74J-26T as my inner. Combined with a rear cassette of 11-32 I get gearing all the way from 21 to 100 gear inches. That means climbing as slow as 6 km/h at 60 rpm in the lowest gear or descending as fast as 47 km/h at 100 rpm and all without huge cadence jumps on rear shifts.

I went for ST-RS685 shifters, which are Ultegra grade. The 105-level ST-RS505 would have worked too. For the rear derailleur I went with the medium cage Ultegra RD-6800 GS — 105 RD-5800 GS would have been fine too. The new front derailleur is a FD-CX70, Shimano’s 10 speed Ultegra grade top-pull cyclocross derailleur. Shimano does not yet offer a top-pull derailleur for 11 speed road groups, but the 10 speed part works fine. There’s supposed to be a difference in cable pull, but it doesn’t really matter.

The new shifters and cables shift lighter than the previous Ultegra 6700 ones. The front shift is just as trouble free as on my Shimano 105 triple on my Bike Friday. Since the distance in gear ratios on the double front rings is wider than with the triple, I need to countershift three clicks instead of one on a front shift, but that’s easy.

I love the new disc brakes. The BR-RS785 calipers offer very light action with great modulation and plenty of bite when you mean business. On top of that they are self-adjusting. I basically won’t have to touch them until the pads wear out.

PayPal malware social engineering

I instantly got very suspicious when I received this from PayPal today:

Hello [my name here],

Colin Neal would like to be paid through PayPal.

Note from Colin Neal: Good afternoon. There was a pay of 200$ from my wallet on your wallet , as if I bought smth from you on Ebay. But I didn’t do this. It must be a mistake. Write me on kcsystems1@gmail,com i’ll send you the copy of invoice. Sorry to disturb you.


Request Date: November 29, 2016
Requested Amount: $200.00 USD
Your Email Address: [my PayPal email address]

Click the button below to send Colin Neal your payment and see the details of this money request.

[ Pay now! ]

Of course I did not click on the “Pay Now!” button, but looking at the email header, the mail was actually sent via PayPal’s mail servers!

I logged into PayPal from scratch on another machine by typing in the PayPal domain name and verified that there was indeed a money request for $200 in my PayPal account. However, it came from a random looking Gmail address, “pvbkrngkjqo@gmail.com” and not the address I was told to contact. Even more suspicious than the first email!

So I fired off an email from another mail account (not my PayPal mail account) to “kcsystems1@gmail.com” and explained that I had not received any funds and that this must be a scam. But as suggested in the initial message, they then sent me a link to an “invoice”:

Good afternoon. This is a copy of invoice.

Looking forward your reply. Thanks.

Looking at the actual target of the link, it pointed at a completely different location:


When I downloaded it using a secure tool and submitted it to VirusTotal.com, six of the tools consulted detected it as malware:

AVware LooksLike.Macro.Malware.k (v) 20161130
Avast VBA:Downloader-DSH [Trj] 20161130
Fortinet WM/Agent.CBW!tr 20161130
Qihoo-360 virus.office.gen.85 20161130
Symantec W97M.Downloader 20161130
VIPRE LooksLike.Macro.Malware.k (v) 20161130

This scam uses a clever bit of social engineering. The original email comes from a real PayPal server, a trusted source and it doesn’t include any malicious links or attachments.

By getting you to initiate contact with the malware scammer, the subsequent reply with its malicious link will arrive from an email address that you have previously contacted, which will subject that email to less severe filtering. This makes it more likely the malicious link goes through.

Always be alert to how scammers set up mail exchanges where malware will only arrive after several steps specifically designed to defeat filtering. For example, they may contact you first to ask for a quote and then email you what is supposed to be an order, but is really malware.