Posts Tagged ‘malware’

Rejected ACH payment – Virus/Fraud

Monday, August 15th, 2011

Look out for fraudulent emails spoofing “The Electronic Payments Association” that are arriving as:

From:     risk_manager@nacha.org
Subject:     Rejected ACH payment

In reality these messages are from previously infected personal computers from across the globe:

from [122.168.251.32] (helo=ABTS-mp-dynamic-032.251.168.122.airtelbroadband.in)

These messages include a fictional warning that includes content such as:

The ACH transaction (ID: 32604668345041), recently sent from your checking account (by you or any other person), was rejected by the other financial institution.

more »

New Skype Has Been Releases ! Upgrade Now

Saturday, July 16th, 2011

Mailboxes are now receiving fake Skype upgrade spam sent from hijacked Rhapsody.com mail servers.

The current campaign arrives as:

Subject:     New Skype Has Been Releases ! Upgrade Now
From:     “Skype” <newsletter@news.skype.com>

In an interesting twist, the spammers involved appear to have hacked and are in control of Rhapsody.com mail servers as the samples we’ve reviewed so far are actually from:

  • mta900.e.rhapsody.com ([63.211.90.40]
  • mta902.e.rhapsody.com ([63.211.90.42]
  • mta903.e.rhapsody.com ([63.211.90.43]
  • mta904.e.rhapsody.com ([63.211.90.44]
  • mta905.e.rhapsody.com ([63.211.90.45]
  • etc., etc.

The spam email itself is as follows:

more »

You have notifications pending – Facebook Fraud

Tuesday, December 14th, 2010

Emails spoofing Facebook notifications are back in force.  Even though our filters stop them, many users assume they must be legitimate and will release them from quarantine, resending the original frauds to themselves.

Subject lines most commonly seen in this campaign are: more »

Worldofwarcraft Account login – Phishing Example

Thursday, September 23rd, 2010

World of Warcraft is so successful that it has spawned its own economy. So it’s no surprise that WoW accounts are a phishable commodity. And, since some gamers take this very seriously (just look up “wow addiction”), stealing a WoW account is identity theft at its most heinous.

As phishing campaigns go, this one’s pretty good. The fake website is a decent replica of the battle.net login page and it has a pretty tricky URL. more »

How To Take Advantage of the Economic Stimulus Plan

Tuesday, September 14th, 2010

The American Recovery and Reinvestment Act of 2009 has been controversial since before its passage in February of 2009. Everyone seems to have an opinion on whether or not it’s a good idea; if it’s enough or not; or how it should be implemented.

Regardless of the relative merits of the idea, there are many ways of cashing in on the stimulus package and not all of them involve the government.

more »

Your Order with Amazon.com – Not!

Monday, August 23rd, 2010

Another twist in the continuing spam campaigns that spoof Amazon notifications arrives:

From:      “auto-confirm@amazon.com” <auto-confirm@amazon.com>
Subject:     Your Order with Amazon.com

And while past fake Amazon emails intended on spreading malware to the recipient’s computer, this one is just old fashioned spam, looking to sell pirated software online.

more »

Linked In Message – Virus

Wednesday, August 18th, 2010

Social networking spam and virus messages are currently second only to online pharmacy spam, with the latest campaigns spoofing Linked In notification emails.

Most are Arriving with subjects of either:

Subject:   LinkedIn Messages
Subject:   Join my network on LinkedIn

The body of the messages themselves are fairly accurate spoofs of actual LinkedIn communications, for example:

more »

Virus Emails Gone Wild

Wednesday, August 11th, 2010

Apparently the botnets in charge of spreading viruses have decided to go random and wild this week. In an attempt to evade filtering and confuse end user recipients, they’re spewing vast amounts of emails and using a shotgun approach of randomization.

Sending addresses are all random and spoofed and the emails themselves are short and cryptic. Subject lines tend to be short and simple and run the gamut, just a few examples (we’re seeing hundreds of variations):

more »

You’re Invited to Google Mail – Virus & Malware

Monday, August 2nd, 2010

We’re seeing quite the uptick in spoofed “Your Friend has invited you to open a Google mail account” emails lately.

The typical email comes with a subject line and From address such as:

Subject:      Edmond Fletcher has invited you to open a Google mail account
From:     “Edmond Fletcher” <auntee8@rosesbooks.com>

more »

Scan from a Xerox WorkCentre Pro – Virus

Monday, July 19th, 2010

In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.

The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.

more »