Posts Tagged ‘botnet’

Introducing Your US Department of Justice and FBI Victim Notification System

Thursday, January 19th, 2012

Here’s something we really don’t see every day….

We recently received an email claiming to be from the U.S Department of Justice Victim Notification System (VNS)

Subject:     US Department of Justice Victim Notification System
From:     Courtney Walker <fedemail@vns.usdoj.gov>
To:     Business Representative <address>

Our typical “common sense” check for email Phishing Fraud starts with the obvious:

  1. Overly serious/threatening Subject line…. check!
  2. Human sender doesn’t match email address…. check!
  3. Impersonal and generic salutation… check!

The email itself open with:

DO NOT REPLY TO THIS EMAIL.

U.S. Department of Justice
Federal Bureau of Investigation
FBI – New York
26 Federal Plaza, 23rd Floor
New York, NY 10278
Phone:  (212) 384-2564
Fax:  (212) 384-4104

more »

Rejected ACH payment – Virus/Fraud

Monday, August 15th, 2011

Look out for fraudulent emails spoofing “The Electronic Payments Association” that are arriving as:

From:     risk_manager@nacha.org
Subject:     Rejected ACH payment

In reality these messages are from previously infected personal computers from across the globe:

from [122.168.251.32] (helo=ABTS-mp-dynamic-032.251.168.122.airtelbroadband.in)

These messages include a fictional warning that includes content such as:

The ACH transaction (ID: 32604668345041), recently sent from your checking account (by you or any other person), was rejected by the other financial institution.

more »

New Skype Has Been Releases ! Upgrade Now

Saturday, July 16th, 2011

Mailboxes are now receiving fake Skype upgrade spam sent from hijacked Rhapsody.com mail servers.

The current campaign arrives as:

Subject:     New Skype Has Been Releases ! Upgrade Now
From:     ”Skype” <newsletter@news.skype.com>

In an interesting twist, the spammers involved appear to have hacked and are in control of Rhapsody.com mail servers as the samples we’ve reviewed so far are actually from:

  • mta900.e.rhapsody.com ([63.211.90.40]
  • mta902.e.rhapsody.com ([63.211.90.42]
  • mta903.e.rhapsody.com ([63.211.90.43]
  • mta904.e.rhapsody.com ([63.211.90.44]
  • mta905.e.rhapsody.com ([63.211.90.45]
  • etc., etc.

The spam email itself is as follows:

more »

USAA.Web.Services@customermail.usaa.com – Phishing Frauds

Tuesday, November 30th, 2010

We’re currently seeing a significant volume of bogus USAA Phishing fraud emails that all claim to come from “USAA.Web.Services@customermail.usaa.com.”

These messages are of course spoofed, actually originating from infected and compromised personal computers around the globe, operating as part of larger zombie bot-nets.

While the fake sending address is consistent, subject line content is varied, such as: more »

Miss Freya and the Taliban Virus

Monday, November 22nd, 2010

Today, in the “more proof that there’s nothing new under the sun” category, we’re going to discuss the Taliban Virus.

The so-called “Taliban Virus” is a MANUAL virus. A manual virus requires you to voluntarily damage your computer because the virus is not sophisticated enough to do it by itself.

Yes, this is a joke. more »

NY Times Reports World Spam Shortage

Wednesday, November 3rd, 2010

no spamOver the past few weeks the blogosphere has been abuzz with the news that Russia has put an end to all spam.

Okay so we’re exaggerating a little.

Forgive us, we’re just trying to get into the spirit of things. Actually,  the NY Times article that started it all says “the world supply of Viagra ads and other e-mail spam has dropped by an estimated one-fifth.” more »

Newegg.com – Payment Changed – Spam Campaign

Thursday, August 26th, 2010

The trend for the summer is for the major botnets to spoof a different brand-name domain every week.

This week’s victim is Newegg.com with large volumes of these bogus emails being sent by infected personal computers (zombies) acting to distribute these “Newegg.com – Payment Change” spoofs.

A typical example comes:

Subject:      Newegg.com – Payment Charged
From:     Newegg <info@newegg.com>

more »

Linked In Message – Virus

Wednesday, August 18th, 2010

Social networking spam and virus messages are currently second only to online pharmacy spam, with the latest campaigns spoofing Linked In notification emails.

Most are Arriving with subjects of either:

Subject:   LinkedIn Messages
Subject:   Join my network on LinkedIn

The body of the messages themselves are fairly accurate spoofs of actual LinkedIn communications, for example:

more »

Virus Emails Gone Wild

Wednesday, August 11th, 2010

Apparently the botnets in charge of spreading viruses have decided to go random and wild this week. In an attempt to evade filtering and confuse end user recipients, they’re spewing vast amounts of emails and using a shotgun approach of randomization.

Sending addresses are all random and spoofed and the emails themselves are short and cryptic. Subject lines tend to be short and simple and run the gamut, just a few examples (we’re seeing hundreds of variations):

more »

Your Target.com order has shipped – Virus/Malware

Monday, August 9th, 2010

Heavy volume over the last few days in spoofed Target shipping confirmation emails which arrive from completely random addresses, such as:

Subject:      Your Target.com order has shipped
From:     ”Earnest Dickinson” <magma@rilapublicidad.com>

The spammers in the case have paid great attention to replicating legitimate Target emails:

more »