Looked at as art, most spam is the email equivalent of a two year old scribbling with a crayon. Every once in a while, though, we see something outstanding. In this post we’re going to give a shout out to a spammer who obviously cares about their work.
We grabbed a few examples of this campaign and most of them have fairly innocuous subjects that might be likely to get you to open the message like:
This is another form of email fraud that really burns us.
We don’t really mind the fraud campaigns that seek to ensnare the greedy. If you’re dumb/greedy enough to believe that you won the lottery because of your email address; amoral enough to want to help smuggle someone else’s ill gotten gains for them or have done something that makes you believe someone would want to assassinate you then maybe you deserve to be fleeced.
Fraud that targets people who are looking for help is another matter and pretending to offer GI Benefits is particularly scummy.
Another version of the Google Groups hosted virus is actively spreading.
This version also spoofs “123greetings.com” and arrives with a subject of:
Subject: You Have Received a Greeting Card
The contents of this version does not contain graphics, but is instead all text:
Note right off that this virus/trojan email has a Subject line of:
You Received Online Greeting Card
not
You Received An Online Greeting Card
Right away you should be alerted that this is not likely a legitimate greeting. The image contained in the email appears to be one actually used by 123Greetings.com:
http://i.123g.us/c/efeb_cuddleday/card/104506.gif
Now we have an apparent “kitchen sink” Trojan and virus attack where the spammers are throwing multiple attack vectors within the same campaign and are just hoping something sticks.
The emails are sent from a remarkably wide variety of infected mail servers and individual personal computers spanning the globe. They are spoofing everything from completely random email addresses to claiming to come from the recipient’s own email account.
What is consistent within the current campaign now circulating is that they will include your domain in the subject line, followed by the phrase “account notification” such as:
Subject: yourdomain.com account notification
An oldie but a goodie, the Greeting Card Virus is back. The current campaign spoofs your own address as the sender, or uses a random address pretending to be from your same domain. For example:
Subject: You Have Received a Greeting Card
From: “123greetings.com” <administrator@YourDomain.com>
To: <administrator@YourDomain.com>
Notice that the “Pretty From Address” claims to be from “123greetings.com” when if fact these emails are not from 123greetings.com nor are they actually from your own domain. Instead the infection is spread by infected personal computers that are now zombie machines as part of a larger bot-net.
It’s back….. the email confirmation (really a Trojan/Virus) for the airline ticket you never purchased is again making the rounds.
The subject line is pretty straightforward:
Online order for airplane ticket N648365
Though the “order number” at the end is randomized in order to try and evade some of the simpler spam filtering systems.
