The latest twist on virus/malware campaigns pretends to be an email from the Social Security Administration that supposedly contains a copy of your annual statement.
The email arrives with the headers:
Subject: Review your annual Social Security statement
From: ”Social Security Administration” <notification@ssa.gov>Due to possible calculation errors, your annual Social Security statement may contain errors.
Open attached file to review your annual Social Security statement.
This weeks most popular virus email variant attempts to use vague to it’s advantage.
Rather than trying to convince you that the emails is an official message from Ebay, Visa, Paypal, Chase or some other well known business, these messages are intentionally non-specific.
Subject lines refer only to some sort of “statement” like:
Subject: Statement of Fees
Subject: Statement of fees 2010
At least one of the larger spam botnets is hard at work these last few days spreading itself via spoofed Amazon.com emails.
For the most part, these frauds do an excellent job of mimicking legitimate Amazon emails.
The arrive with a Subject line of:
From: ”Amazon.com E-mail Subscriptions” <delivers@amazon.com>
Subject: Amazon.com: Please verify your new e-mail address
And the design, layout and attention to detail within the email is quite good:
Click for Larger Image
In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.
The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.
The Subject lines of the emails are consistently:
Subject: Scan from a Xerox WorkCentre Pro N 5458581
Subject: Scan from a Xerox WorkCentre Pro $4181035
In order to attempt to evade spam filtering systems, the very last part of the Subject line is a completely random number, so that no two emails will look exactly alike.
While the dominant Internet email providers (Hotmail, MSN, AOL, Gmail & Yahoo) frequently talk about their commitment to fighting spam, they are actually amazingly inattentive to the rampant spam abuses allowed and enabled by their own systems.
We only occasionally point out examples of how sloppy, permissive and ineffectual these firms are in regards to spam, because thoroughly documenting the spam faults of these enterprises would be a full time job in and of itself.
That said, from time to time the abuses are just so obvious (easy to spot and catch) rampant and perpetual that we can’t help but wonder if they even deploy more than 2 or 3 high-school summer interns to their entire anti-abuse efforts.
We realize that they do all expend effort on filtering inbound spam emails from reaching their own users. Where they are apparently asleep at the wheel is in preventing their systems from being abused by spammers to send out emails and/or to host spam landing pages.
The latest example of such unchecked abuse is the spammers using Yahoo Groups to host and promote online sales of spammed pharmaceuticals (or at least brightly colored pills claiming to be the real thing).
A new variant of the Delivery Status Notification (Failure) – Virus is widely circulating that arrives with a completely random From: sender address and a subject line, such as:
From: ”wafersf25@resourcemining.com” <wafersf25@resourcemining.com>
Subject: The results of your email commandsFrom: ”hackingj@robe.riotinto.com” <hackingj@robe.riotinto.com>
Subject: The results of your email commandsFrom: “smirnoff9@royal-fiesta.com” <smirnoff9@royal-fiesta.com>
Subject: The results of your email commands
Regardless of the random and fictitious sender addresses, the emails are originating from previously infected personal computers from across the globe. A few widely diverse examples include:
A new spam campaign is circulating that is spoofing “WordPress” blog subscriptions.
Emails most commonly arrive as:
Subject: [WordPress.com] Activate http://stephen.wordpress.com/
From: WordPress.com <donotreply@wordpress.com>
Below is a screen shot of an example email:
WordPress Phishing Fraud
Another variant of the Hallmark E-Card virus is out and it’s a rather nicely designed email, as far as viruses go.
The latest version arrives:
Subject: You Have Recieved a Hallmark E-Card!!!
From: ”Office@Hallmark.com”<Office@Hallmark.com>
Note that the spammers in this case are apparently not aware of the “I before E, except after C rule of grammar, and thus the mis-spelling in the Subject line is part of the current campaign.
A screen shot of the content layout shows good attention to design and detail, likely helping this campaign infect more users than the average:
Looked at as art, most spam is the email equivalent of a two year old scribbling with a crayon. Every once in a while, though, we see something outstanding. In this post we’re going to give a shout out to a spammer who obviously cares about their work.
We grabbed a few examples of this campaign and most of them have fairly innocuous subjects that might be likely to get you to open the message like:
You have new ticket
Your payment has been done
Tracking confirmation
Oddly there were a few obviously spammy ones like:
The best way to please her
Maybe they were trying to make sure they got the people who like to open spam messages too?
This campaign is sent though AOL.com servers, which simply goes to prove that no matter what the big “webmail” firms claim about their commitment to preventing spam, they’re easily and consistently exploited day in and day out. The four above all connected from different AOL servers:
And all of them originated on different Webmail servers too:
We could go on down the line, but the point is that the spammer in question easily hacks and abuses AOL accounts with impunity.
This is another form of email fraud that really burns us.
We don’t really mind the fraud campaigns that seek to ensnare the greedy. If you’re dumb/greedy enough to believe that you won the lottery because of your email address; amoral enough to want to help smuggle someone else’s ill gotten gains for them or have done something that makes you believe someone would want to assassinate you then maybe you deserve to be fleeced.
Fraud that targets people who are looking for help is another matter and pretending to offer GI Benefits is particularly scummy.
