Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

Get answers from experts today. (it's 100% free). Spyware, Virus, Trojan, Rootkit? Remove malware > Virus Removal Forum. Learn how it works.

Create an Account Login to Account


Photo

SPAM frauds, fakes, and other MALWARE deliveries...


  • Please log in to reply
1531 replies to this topic

#1531 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,038 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Yesterday, 06:53 AM

FYI...

Fake 'toll road invoice' SPAM – JS malware
- http://myonlinesecur...297-js-malware/
2 Sep 2015 - "An email with the subject of 'Pay for driving on toll road, invoice #00212297' [ random numbered] pretending to come from E-ZPass Agent with a zip attachment is another one from the current bot runs...

Screenshot: http://myonlinesecur...97-1024x476.png

2 September 2015: E-ZPass_00212297.zip: Extracts to:  E-ZPass_00212297.doc.js
Current Virus total detections 2/57*  which downloads 2 files  51053011.exe (virus total**) and 9360abf00281f3aa[1].gif (VirusTotal***) from a combination of these 3 sites
ihaveavoice2 .com
leikkihuone .com
etqy .com
... the 51053011.exe has a stolen digital signature from ESET Antivirus, which has been blocked and at least in Internet Explorer, Smart Filter warns about an invalid digital signature and blocks the file. This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a DOC file instead of the .exe/JS file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1441173827/

** https://www.virustot...sis/1441160077/

*** https://www.virustot...sis/1441173275/

ihaveavoice2 .com: 50.116.104.205: https://www.virustot...05/information/
leikkihuone .com: 23.91.123.160: https://www.virustot...60/information/
etqy .com: "... query for etqy .com failed"
___

Fake 'order cancelled' SPAM - PDF malware
- http://myonlinesecur...ke-pdf-malware/
2 Sep 2015 - "An email with the subject of 'The shipment of your ordered goods is impossible' pretending to come from random companies with a zip attachment is another one from the current bot runs... The content of the email says :
    Hello!
    Unfortunately, the delivery of you order # 003313 was cancelled since
    the specified address of the recipient was not correct. You’re recommended to
    complete the attached form and send it back or print it and get this package
    on your own at our office.
    Alf Gottlieb, Corporate Intranet Director ...

-Or-
    Hello!
    Unfortunately, the delivery of you order # 4534481 was cancelled since
    the specified address of the recipient was not correct. You’re recommended to
    complete the attached form and send it back or print it and get this package
    on your own at our office.
    Arnoldo Strosin, Dynamic Markets Producer


And hundreds of other random names and job titles and companies. Some of the subjects in this series of emails include:
    The shipment of your ordered goods is impossible
    The delivery of your ordered goods isn’t finished
    The shipment of your parcel is impossible
    The shipping of your parcel is impossible to complete
    The shipping of your items has failed
    The shipping of your items isn’t finished
    The delivery of your items was cancelled
    The shipping of your goods is impossible
    The delivery of your parcel has failed ...
2 September 2015: orderHayes Flat.zip: Extracts to: orderYost Dale.exe
Current Virus total detections 1/57* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1441191343/
___

Fake 'Companies House' SPAM – PDF malware
- http://myonlinesecur...ke-pdf-malware/
2 Sep 2015 - "Another perennial email that constantly does the rounds has a subject matter about 'Companies House WebFiling service' and pretends to be either a complaint or a filing acknowledgement. They come with a zip attachment which is another one from the current bot runs... The content of the email says :
    This message has been generated in response to the company complaint submitted to Companies House WebFiling service.
    (CC01) Company Complaint for the above company was accepted on 02/09/2015.
    The submission number is 1GS31QZLMK1BCRG
    Please quote this number in any communications with Companies House.  
    All WebFiled documents are available to view / download for 10 days after their original submission. However it is not possible to view copies of accounts that were downloaded as templates.
    Not yet filing your accounts online? See how easy it is…
    Note: reference to company may also include Limited Liability Partnership(s).
    Thank you for using the Companies House WebFiling service.
    Service Desk tel +44 (0)303 1234 500 or email...
    Note: This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message.


2 September 2015: Case_1GS31QZLMK1BCRG.zip: Extracts to: Case_081415.scr
Current Virus total detections 2/57* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1441193027/
 

:ph34r: :ph34r:   <_<


Edited by AplusWebMaster, Yesterday, 07:40 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#1532 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,038 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 52 minutes ago

FYI...

Fake 'chat history' SPAM – PDF malware
- http://myonlinesecur...ke-pdf-malware/
3 Sep 2015 - "An email with the subject of 'You need to read this chat history' coming from random senders and email addresses from with a zip attachment is another one from the current bot runs... The content of the email says :
    Good day!
    You should know this. View the chat history that I’ve attached. Remember
    it’s strongly confidential, so please don’t show it to anyone.
    Mrs. Edmund Schultz | (859) 913-2400
    Toys | Hackett-Kiehn


And hundreds of other random names, email addresses, phone numbers and companies. Other subjects in this series include:
    You should view this correspondence
    Please view this correspondence
    You need to view it
    Please see it
    You need to review this information
    You need to review this chat history
    Please see this messages
    You need to read this chat history
    You should read this messages
    You should view this correspondence
And hundreds of other similar variations on the theme of messages and chat history...
3 September 2015: history Ward LockUG.zip: Extracts to:  history Chelsea VillagePY.exe
Current Virus total detections 2/57* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1441271691/
___

Fake 'Invoice / credit note' SPAM - PDF malware
- http://myonlinesecur...ke-pdf-malware/
3 Sep 2015 - "The latest set of -Upatre- downloader emails are 'Invoice' or 'credit note' from random companies. An email with the subject of 'Invoice INV-91659 from [random company]' for [Your web domain] (random numbers) or 'Credit Note CN-85402 from [random company]' for [Your web domain] (random numbers)   pretending to come from Accounts with a zip attachment is another one from the current bot runs...

Screenshot: http://myonlinesecur...94-1024x493.png

3 September 2015: Invoice INV-91659.zip: Extracts to: Invoice.scr
Current Virus total detections 1/56 . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1441279729/
 

:ph34r: :ph34r:   <_<


Edited by AplusWebMaster, A minute ago.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.



4 user(s) are reading this topic

1 members, 3 guests, 0 anonymous users


    AplusWebMaster