Jump to content

Build Theme!
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


SPAM frauds, fakes, and other MALWARE deliveries...

  • Please log in to reply
1335 replies to this topic

#1336 AplusWebMaster



  • Authentic Member
  • PipPipPipPipPipPip
  • 8,516 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Today, 07:32 AM


Fake HMRC SPAM - fake PDF malware
- http://myonlinesecur...ke-pdf-malware/
27 Nov 2014 - "'HMRC taxes application with reference 68J9 WDWK 1NMJ P0ZA received' pretending to come from noreply@ taxreg.hmrc .gov.uk with  a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
    The application with reference number 68J9 WDWK 1NMJ P0ZA submitted by you or your agent to register for HM Revenue & Customs (HMRC) taxes has been received and will now be verified. HMRC will contact you if further information is needed.
   The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free.
    Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.

27 November 2014: HM Revenue & Customs – TAX.zip: Extracts to: HM Revenue & Customs – TAX.scr
Current Virus total detections: 2/56* ( same malware as THIS**). This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1417085413/
... Behavioural information
TCP connections https://www.virustot...37/information/ https://www.virustot...67/information/

**  http://myonlinesecur...ke-pdf-malware/

Tainted network: Crissic Solutions (
- http://blog.dynamoo....-solutions.html
27 Nov 2014 - "Several IPs hosted on the Crissic Solutions range of (suballocated from QuadraNet) have been hosting exploit kits in the past few days, leading to Cryptolocker and other nastiness. I analysed over 1500 sites hosted in the Crissic IP address range... and many sites were already marked as being -malicious- by Google, and some other sites obviously follow the same naming pattern and must be considered as malicious... Given the concentration of active malicious servers in and then I would recommend -blocking- your traffic to those ranges at least temporarily, despite there being legitimate sites in that range. You might choose to block the entire /19 of course, I will leave you to look at the evidence..."
More detail at the dynamoo URL above.)

:ph34r: :ph34r:  <_<

Edited by AplusWebMaster, 29 minutes ago.

9 user(s) are reading this topic

1 members, 8 guests, 0 anonymous users