We’re seeing quite the uptick in spoofed “Your Friend has invited you to open a Google mail account” emails lately.
The typical email comes with a subject line and From address such as:
Subject: Edmond Fletcher has invited you to open a Google mail account
From: ”Edmond Fletcher” <auntee8@rosesbooks.com>
The latest twist on virus/malware campaigns pretends to be an email from the Social Security Administration that supposedly contains a copy of your annual statement.
The email arrives with the headers:
Subject: Review your annual Social Security statement
From: ”Social Security Administration” <notification@ssa.gov>Due to possible calculation errors, your annual Social Security statement may contain errors.
Open attached file to review your annual Social Security statement.
This weeks most popular virus email variant attempts to use vague to it’s advantage.
Rather than trying to convince you that the emails is an official message from Ebay, Visa, Paypal, Chase or some other well known business, these messages are intentionally non-specific.
Subject lines refer only to some sort of “statement” like:
Subject: Statement of Fees
Subject: Statement of fees 2010
At least one of the larger spam botnets is hard at work these last few days spreading itself via spoofed Amazon.com emails.
For the most part, these frauds do an excellent job of mimicking legitimate Amazon emails.
The arrive with a Subject line of:
From: ”Amazon.com E-mail Subscriptions” <delivers@amazon.com>
Subject: Amazon.com: Please verify your new e-mail address
In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.
The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.
A new variant of the Delivery Status Notification (Failure) – Virus is widely circulating that arrives with a completely random From: sender address and a subject line, such as:
From: ”wafersf25@resourcemining.com” <wafersf25@resourcemining.com>
Subject: The results of your email commandsFrom: ”hackingj@robe.riotinto.com” <hackingj@robe.riotinto.com>
Subject: The results of your email commandsFrom: “smirnoff9@royal-fiesta.com” <smirnoff9@royal-fiesta.com>
Subject: The results of your email commands
Regardless of the random and fictitious sender addresses, the emails are originating from previously infected personal computers from across the globe. A few widely diverse examples include:
We’re seeing a slew of spoofed Delivery Status Notifications that pretend to be “bounced emails” but which are actually attempting to use JavaScript code to cause the recipient’s computer to download viruses to their systems.
The typical example comes with a fairly common Subject/Sender combination:
Subject: Delivery Status Notification (Failure)
From: ”System Administrator” <postmaster@roomswithviews.com>
Another high volume campaign spoofing Amazon email receipts that arrive:
Subject: Your Amazon.com Order (D17-3394363-2558346)
From: ”Amazon.com” <digital-no-reply@amazon.com>
Notice that these email arrive from hijacked zombie PC’s from across the globe and the “Order” number in the subject is randomized in an attempt to evade spam filtering.
The message itself is well designed, using actual Amazon graphics, and the Order numbers and purported sales amounts are both randomized as well:
