Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

Get answers from experts today. (it's 100% free). Spyware, Virus, Trojan, Rootkit? Remove malware > Virus Removal Forum. Learn how it works.

Create an Account Login to Account


Photo

SPAM frauds, fakes, and other MALWARE deliveries...


  • Please log in to reply
1426 replies to this topic

#1426 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,759 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Yesterday, 08:14 AM

FYI...

Fake 'scanned' results SPAM - PDF malware
- http://myonlinesecur...ke-pdf-malware/
26 Mar 2015 - "'Lou Ann Davis Indus Precision Mfg scanned' pretending to come from user <louann@ indusmfg .com> with a zip attachment is another one from the current bot runs... The email looks like:
    –
     Thank you,
    Lou Ann Davis
    Office Administrator
    Indus Precision Mfg., Inc.
    www .indusmfg .com
    Main: (845)268-0782
    Fax: (845)268-2106


26 March 2015 : Random zip name : Extracts to: scan.exe
Current Virus total detections: 3/57* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1427372574/
___

Fake 'Invoice' SPAM - PDF malware
- http://myonlinesecur...ke-pdf-malware/
26 Mar 2015 - "'Yarde Metals Invoice' pretending to come from email.invoice <email.invoice@ yarde .com> with  a zip attachment is another one from the current bot runs... The email looks like:
     Thank you for your order.
    Attached is your original invoice. If you would
    like to pay for
    your order with a wire transfer please contact Angela Palmer
    at 860-406-6311 for bank details.
    Friendly reminder:
    Yarde Metals terms
    are 1/2% 10, Net 30. We appreciate your prompt payment.


26 March 2015: random  zip name: Extracts to:  221324.exe
Current Virus total detections: 3/56* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1427380401/
... Behavioural information
TCP connections
216.146.43.70: https://www.virustot...70/information/
46.249.3.66: https://www.virustot...66/information/
46.160.125.167: https://www.virustot...67/information/
91.194.239.126: https://www.virustot...26/information/
93.123.40.17: https://www.virustot...17/information/
UDP communications
104.41.150.68: https://www.virustot...68/information/
___

BoA 'Over Limit' Spam
- http://threattrack.t...over-limit-spam
Mar 26, 2015 - "Subjects Seen
    Activity Alert: A Check Exceeded Your Requested Alert Limit
Typical e-mail details:
    A check exceeded your requested alert limit
    We’re letting you know a check written from your account went over the limit you set for this alert.
    For more details please check attached file


Malicious File Name and MD5:
    report_77076291400.scr (6B6E3D3FDE233FE75F64B517F2351D97)


.
___

Steam Codes and Countdowns - 'something for nothing'
- https://blog.malware...and-countdowns/
March 26, 2015 - "... 'something for nothing' makes a reappearance in the land of -gaming- with a twist designed to get would-be winners sending messages to their online friends as fast as they possibly can. The site we’re going to examine is located at: steamcode(dot)org
... which claims they have $20 Steam Codes to give away, as the “We’re the people who give away free $20 Steam Codes!” makes clear on the frontpage. We could have an interesting philosophical debate about when free means free, but we could also just chalk it up as “free, as long as you send some links and fill in a bunch of stuff”. Here’s the nicely designed frontpage:
> https://blog.malware...5/03/stmcd1.jpg
Clicking the button reveals two things – a tantalizing glimpse of half a code, and the reveal that you must share a link with 15 people in 45 minutes or else the code will expire. If you don’t have Under Pressure on your playlist, you might want to go dig it out now:
> https://blog.malware...5/03/stmcd2.jpg
Sites don’t normally place a timer on link sending, because not many people immediately whip out a list of likely candidates to start spamming when confronted with a rapidly diminishing timer. Indeed, start quickfiring identikit messages to all and sundry and you may find more than a few of them either think you’ve been hacked or turned into a spambot for the day. Should the required amount of referrals be reached, the end result is a selection of survey pages for the would-be $20 code recipient... There’s -no- guarantee the full code will be released even with a completed survey – the only person who has anything to lose in this situation is the individual filling in whatever forms are presented, working on the basis that they’re simply hoping the website will hand over a code at the end of the process. Freebie sites offering up items such as vouchers, gift cards and game codes typically resort to surveys at some point in the chain – it’s just how they roll. Displaying a portion of the code and adding in a time sensitive instruction to send URLs to all and sundry focuses on the “So near, yet so far” pressure point, and is a great way to ensure people desperate for free game codes start yelling “How high?” before jumping."
 

:ph34r:  <_<


Edited by AplusWebMaster, Yesterday, 10:42 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#1427 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,759 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Today, 04:55 AM

FYI...

Fake ebill Invoice SPAM - doc/xls malware
- http://myonlinesecur...dsheet-malware/
27 Mar 2015 - "'UK Fuels ebill for ISO Week 201512' pretending to come from invoices@ ebillinvoice .com with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs...

Screenshot: http://myonlinesecur...Week-201512.png

27 March 2015 : 22328_201512.doc
Current Virus total detections: 3/57* | 2/56** | 2/57*** | 3/57****
... So far I have seen 4 versions of this malware, but previous campaigns over the last few weeks have delivered 2, 3 or even up to 10 or 12 different versions, some with word doc attachments and some with Excel xls attachments... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustot...sis/1427446840/

** https://www.virustot...sis/1427447362/

*** https://www.virustot...sis/1427447494/

**** https://www.virustot...sis/1427447285/
___

Fake 'NASA MSBA' SPAM – PDF malware
- http://myonlinesecur...ke-pdf-malware/
27 Mar 2015 - "'NASA MSBA 27th, 2015' pretending to come from MSBA <NVDB@ nasa .gov> with a zip attachment is another one from the current bot runs... The email looks like:
    Good Afternoon.
    MSFC has posted the upcoming MSBA 27th event on NAIS and
    Fed Biz Ops (Solicitation No.: SB-85515).
    NAIS Posting:
    Please click on
    Mod. 1 Posting.
    Attached is the MSBA Agenda.
    Please join us for this event!


27 March 2015: Random  zip name: Extracts to: MSFC.exe
Current Virus total detections: 4/57* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1427455905/
... Behavioural information
TCP connections
216.146.43.70: https://www.virustot...70/information/
46.249.3.66: https://www.virustot...66/information/
UDP communications
23.99.222.162: https://www.virustot...62/information/
___

Fake 'ADP Payroll Invoice' SPAM – PDF malware
- http://myonlinesecur...ke-pdf-malware/
27 Mar 2015 "'ADP Payroll Invoice for week ending 03/27/2015' pretending to come from user <run.payroll.invoice@ adp .com> with a zip attachment is another one from the current bot runs... The email looks like:
     Your ADP Payroll invoice for last week is attached for your review. If
    you have any questions regarding this invoice, please contact your ADP
    service team at the number provided on the invoice for assistance.
     Thank you for choosing ADP Payroll.
     Important: Please do not respond to this message. It comes from an
    unattended mailbox.


27 March 2015: random attachment zip name: Extracts to: ADP.exe
Current Virus total detections: 3/57* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1427467488/
___

Fake 'Information Request' SPAM – PDF malware
- http://myonlinesecur...ke-pdf-malware/
27 Mar 2015 - "'Information Request' pretending to come from Nicksen Stone <sale20@ thrivigor .com> with a zip attachment is another one from the current bot runs...
     Hello,
     We specialize in designing and manufacturing high quality metal and
    plastic parts suitable for electronic,industrial,agricultural and
    various applications.
    If you need any parts please feel free to send us drawing or sample for
    free quotes. Thank you.
     With Kind Regards,
    Nicksen Stone, Director
     Ningbo Efforteam Machinery Co.,Ltd
    Phone: +86-13777 101 355


27 March 2015: Random attachment zip name: Extracts to: Information.exe
Current Virus total detections: 3/57* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1427472615/
... Behavioural information
TCP connections
216.146.38.70: https://www.virustot...70/information/
46.249.3.66: https://www.virustot...66/information/
66.147.244.169: https://www.virustot...69/information/
UDP communications
104.41.150.68: https://www.virustot...68/information/
 

:ph34r: :ph34r:  <_<


Edited by AplusWebMaster, Today, 11:06 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.



9 user(s) are reading this topic

0 members, 9 guests, 0 anonymous users