Fake Amazon SPAM - Word doc malware
13 Oct 2014 - "'Your Amazon.co.uk order #} random letters and numbers' pretending to come from AMAZON .CO.UK <order@ amazon .co.uk> and all being sent to 1122@ eddfg .com with a bcc to your email address is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment...
13 October 2014 : 575-3010892-0992746.doc Current Virus total detections: 0/54*
Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... The basic rule is -NEVER- open any attachment to an email, unless you are expecting it... The best way is to just delete the unexpected zip and not risk any infection."
13 Oct 2014
Fake BankLine SPAM - malware
13 Oct 2014 - "A couple of unimaginative spam emails leading to a malicious payload.
You have received a new secure message from BankLine
From: Bankline [secure.message@ bankline .com]
Date: 13 October 2014 12:48
Subject: You have received a new secure message from BankLine
You have received a secure message.
Read your secure message by following the link ...
You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it...
You've received a new fax
From: Fax [fax@ victimdomain .com]
Date: 13 October 2014 13:07
Subject: You've received a new fax
New fax at SCAN2166561 from EPSON by https ://victimdomain .com
Scan date: Mon, 13 Oct 2014 20:07:31 +0800
Number of pages: 2
Resolution: 400x400 DPI
(Dropbox Drive is a file hosting service operated by Google, Inc.)
Clicking the link downloads document_312_872_pdf.zip from the target site which in turn contains a malicious executable document_312_872_pdf.exe which has a VirusTotal detection rate of 3/54*... Also dropped are a couple of executables, egdil.exe (VT 2/54**, Malwr report) and twoko.exe (VT 6/55***, Malwr report).
isc-libya .com "
Barclaycard phishing ...
13 Oct 2014 - "We are seeing quite a few Barclaycard phishing attempts today trying to get your Barclaycard details. These are not very well crafted and look nothing like any genuine Barclaycard emails. Do -not- click any links in these emails. Hover your mouse over the links and you will see a web address that isn’t Barclaycard. Immediately delete the email and the safest way to make sure that it isn’t a genuine email from Barclaycard is to type the Barclaycard web address in your browser. and then log in to the account that way...
... using what look like they are hijacked/compromised subdomains of a real website. All of them use a random subdomain and then the website name and then /clients/? The site looks like:
Following the link in this Barclaycard or other spoofed emails takes you to a website that looks exactly like the real Barclaycard site. You are then through loads of steps to input a lot of private and personal information. Not only will this information enable them to clear out & use your Barclaycard account, but also your Bank Account, and potentially your email details and webspace (if you have it). They want enough information to completely impersonate you and your identity not only in cyberspace but in real life..."
Fake Bank application SPAM - malware
Oct 13 2014 - "Email purporting to be from First National Bank of Omaha (FNBO) claims that your account application has been received and invites you to open an -attached- file to view documents about your application:
Re: Applicant #9908541042
Your application for an FNBO Direct account has been received. As an FNBO Direct customer, not only will you receive an exceptional interest rate, you can be confident your accounts are held by a bank established in values of trust, integrity, and security.
Please find in the attached document information concerning your application.
Copyright © 2014 FNBO Direct, a division of First National Bank of Omaha. All Rights Reserved. Deposit Accounts are offered by First National Bank of Omaha,
Member FDIC. Deposits are insured to the maximum permitted by law.
P.O. Box 3707, Omaha, NE 68103-0707
Email ID: A0963.6
(Email included attached file with the name: 'FNBO_Direct_application_9908541042.zip')
According to this email, which claims to be from First National Bank of Omaha (FNBO), your application for an FNBO Direct account has been received. The message advises that information about your application is contained in an -attached- document... it masquerades as a seemingly legitimate business message and uses the name of a real company... the attached .zip file... contains a .exe file. Clicking the .exe file would install a trojan on your computer... do -not- open any attachments or click any links that it contains. You can report fraudulent FNBO emails via the reporting address on the bank's website*."
Fake FedEx SPAM
Oct 12, 2014 - "... intercepted a new trojan distribution campaign by email with the subject “Your Payment Invoice Slip”. This email is send from the -spoofed- address “info@ ukboxingstore .co.uk” and has the following body:
A parcel was sent to your home address.
And it will arrive within 3 business day.
More information and the tracking number are attached in the document.
Please do not respond to this message. This email was sent from an unattended mailbox.
This report was generated at approximately GMT on 06/10/2014.
To learn more about FedEx Express, please visit our website at fedex.com.
All weights are estimated.
To track the latest status of your shipment, View on the tracking number on the attached document
This tracking update has been sent to you by FedEx on the behalf of the Request or noted above.
FedEx does not validate the authenticity of the requestor and does not validate,
guarantee or warrant the authenticity of the request, the requestor’s message, or the accuracy of this tracking update...
Thank you for your business.
FedEx Customer Service
The attached ZIP file has the name FEDEX SHIPPING NOTIFICATION (1).zip and contains the 396 kB large file XXXX.exe. The trojan is known as TR/Dropper.Gen8, a variant of Win32/Injector.BNJA, HB_Ispi or Win32:Malware-gen. At the time of writing, 5 of the 55 AV engines did detect the trojan at VirusTotal*..."
Edited by AplusWebMaster, 13 October 2014 - 02:06 PM.