Posts Tagged ‘spoofing’

Review your annual Social Security statement – Virus

Friday, July 30th, 2010

The latest twist on virus/malware campaigns pretends to be an email from the Social Security Administration that supposedly contains a copy of your annual statement.

The email arrives with the headers:

Subject:      Review your annual Social Security statement
From:     ”Social Security Administration” <notification@ssa.gov>

Due to possible calculation errors, your annual Social Security statement may contain errors.

Open attached file to review your annual Social Security statement.

(more…)

Bookmark and Share

Yahoo Pulse Blog – A Good Hosting Tool for Spammers

Friday, July 23rd, 2010

Yahoo has apparently found yet another way to assist spammers.

As if longstanding abuses of Yahoo Groups weren’t enough for the spammed masses to suffer though, their blog site, Yahoo Pulse, is now making life easier and more productive for spammers as well.

The latest emails being spewed throughout the Internet have long and convoluted Subject lines (in an attempt to evade spam filtering) that allude to online sales of medications, such as:

Subject:   extraordinary tablets tendered for superb way of life
Subject:   supplying exceptional capsule brands for lots of years
Subject:   web outlet tremendously suggested for pills purchases

Microsoft, itself a massive spam-enabler, is sending the vast majority of these emails (if not all of them) through hijacked Hotmail accounts abusing it’s mail servers. While the From addresses may or may not be legitimate Hotmail accounts:

From:     Boyd Owenby <boydowenbykac@hotmail.com>
From:     Stroum Elliff <estroumuel@hotmail.com>
From:     Elphonte Stutz <stutzelphoduec@hotmail.com>

The actual sending mails servers most certainly are Microsoft’s:

from col0-omc4-s15.col0.hotmail.com (65.55.34.217)
from col0-omc3-s9.col0.hotmail.com (65.55.34.147)
from snt0-omc1-s27.snt0.hotmail.com ([65.55.90.38])

(more…)

Bookmark and Share

Statement of Fees – Virus

Wednesday, July 21st, 2010

This weeks most popular virus email variant attempts to use vague to it’s advantage.

Rather than trying to convince you that the emails is an official message from Ebay, Visa, Paypal, Chase or some other well known business, these messages are intentionally non-specific.

Subject lines refer only to some sort of “statement” like:

Subject:      Statement of Fees
Subject:      Statement of fees 2010

(more…)

Bookmark and Share

Amazon.com: Please verify your new e-mail address – Fraud

Tuesday, July 20th, 2010

At least one of the larger spam botnets is hard at work these last few days spreading itself via spoofed Amazon.com emails.

For the most part, these frauds do an excellent job of mimicking legitimate Amazon emails.

The arrive with a Subject line of:

From:      ”Amazon.com E-mail Subscriptions” <delivers@amazon.com>
Subject:     Amazon.com: Please verify your new e-mail address

And the design, layout and attention to detail within the email is quite good:

Amazon Delivers Fraud

Click for Larger Image

(more…)

Bookmark and Share

Scan from a Xerox WorkCentre Pro – Virus

Monday, July 19th, 2010

In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.

The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.

The Subject lines of the emails are consistently:

Subject:      Scan from a Xerox WorkCentre Pro N 5458581
Subject:      Scan from a Xerox WorkCentre Pro $4181035

In order to attempt to evade spam filtering systems, the very last part of the Subject line is a completely random number, so that no two emails will look exactly alike.

(more…)

Bookmark and Share

Yahoo Groups Spam

Tuesday, July 13th, 2010

While the dominant Internet email providers (Hotmail, MSN, AOL, Gmail & Yahoo) frequently talk about their commitment to fighting spam, they are actually amazingly inattentive to the rampant spam abuses allowed and enabled by their own systems.

We only occasionally point out examples of how sloppy, permissive and ineffectual these firms are in regards to spam, because thoroughly documenting the spam faults of these enterprises would be a full time job in and of itself.

That said, from time to time the abuses are just so obvious (easy to spot and catch) rampant and perpetual that we can’t help but wonder if they even deploy more than 2 or 3 high-school summer interns to their entire anti-abuse efforts.

We realize that they do all expend effort on filtering inbound spam emails from reaching their own users.  Where they are apparently asleep at the wheel is in preventing their systems from being abused by spammers to send out emails and/or to host spam landing pages.

The latest example of such unchecked abuse is the spammers using Yahoo Groups to host and promote online sales of spammed pharmaceuticals (or at least brightly colored pills claiming to be the real thing).

(more…)

Bookmark and Share

The results of your email commands – Virus/Malware

Monday, July 12th, 2010

A new variant of the Delivery Status Notification (Failure) – Virus is widely circulating that arrives with a completely random From: sender address and a subject line, such as:

From:     ”wafersf25@resourcemining.com” <wafersf25@resourcemining.com>
Subject:      The results of your email commands

From:     ”hackingj@robe.riotinto.com” <hackingj@robe.riotinto.com>
Subject:      The results of your email commands

From:       “smirnoff9@royal-fiesta.com” <smirnoff9@royal-fiesta.com>
Subject:      The results of your email commands

Regardless of the random and fictitious sender addresses,  the emails are originating from previously infected personal computers from across the globe. A few widely diverse examples include:

(more…)

Bookmark and Share

Delivery Status Notification (Failure) – Virus

Thursday, July 8th, 2010

We’re seeing a slew of spoofed Delivery Status Notifications that pretend to be “bounced emails” but which are actually attempting to use JavaScript code to cause the recipient’s computer to download viruses to their systems.

The typical example comes with a fairly common Subject/Sender combination:

Subject:      Delivery Status Notification (Failure)
From:     ”System Administrator” <postmaster@roomswithviews.com>

However the “postmaster@” address will be from a randomly spoofed domain since these emails most likely come from already infected personal computers that are functioning as zombies in a spam bot network. The spoofed domain is never the true sender.  For example the one from “postmaster@roomswithviews.com” was actually delivered by:

‘from [109.108.46.163] (helo=isg-109-108-46-163.ivnet.ru) by MailFilter1.onlymyemail.com with esmtp

(more…)

Bookmark and Share

Wikipedia E-mail Address Confirmation – Phishing Fraud

Tuesday, July 6th, 2010

In a campaign that’s closely related to the [WordPress.com] Activate – Phishing Fraud we’re now also seeing a large volume of emails claiming to be Wikipedia e-mail address confirmations.

Messages arrive spoofing wikimedia.org senders, such as:

Subject:      Wikipedia e-mail address confirmation
From:     wiki@wikimedia.org

A screen shot of the fraudulent emails:

Wikipedia E-mail Address Confirmation - Phishing Fraud

Click for Larger Image

(more…)

Bookmark and Share

[WordPress.com] Activate – Phishing Fraud

Friday, July 2nd, 2010

A new spam campaign is circulating that is spoofing “WordPress” blog subscriptions.

Emails most commonly arrive as:

Subject:      [WordPress.com] Activate http://stephen.wordpress.com/
From:     WordPress.com <donotreply@wordpress.com>

Below is a screen shot of an example email:

WordPress Phishing Fraud

WordPress Phishing Fraud

(more…)

Bookmark and Share