At least one of the larger spam botnets is hard at work these last few days spreading itself via spoofed Amazon.com emails.
For the most part, these frauds do an excellent job of mimicking legitimate Amazon emails.
The arrive with a Subject line of:
From: ”Amazon.com E-mail Subscriptions” <delivers@amazon.com>
Subject: Amazon.com: Please verify your new e-mail address
And the design, layout and attention to detail within the email is quite good:
Click for Larger Image
In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.
The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.
The Subject lines of the emails are consistently:
Subject: Scan from a Xerox WorkCentre Pro N 5458581
Subject: Scan from a Xerox WorkCentre Pro $4181035
In order to attempt to evade spam filtering systems, the very last part of the Subject line is a completely random number, so that no two emails will look exactly alike.
Another high volume campaign spoofing Amazon email receipts that arrive:
Subject: Your Amazon.com Order (D17-3394363-2558346)
From: ”Amazon.com” <digital-no-reply@amazon.com>
Notice that these email arrive from hijacked zombie PC’s from across the globe and the “Order” number in the subject is randomized in an attempt to evade spam filtering.
The message itself is well designed, using actual Amazon graphics, and the Order numbers and purported sales amounts are both randomized as well:
Click for Larger Image
Looked at as art, most spam is the email equivalent of a two year old scribbling with a crayon. Every once in a while, though, we see something outstanding. In this post we’re going to give a shout out to a spammer who obviously cares about their work.
We grabbed a few examples of this campaign and most of them have fairly innocuous subjects that might be likely to get you to open the message like:
You have new ticket
Your payment has been done
Tracking confirmation
Oddly there were a few obviously spammy ones like:
The best way to please her
Maybe they were trying to make sure they got the people who like to open spam messages too?
This campaign is sent though AOL.com servers, which simply goes to prove that no matter what the big “webmail” firms claim about their commitment to preventing spam, they’re easily and consistently exploited day in and day out. The four above all connected from different AOL servers:
And all of them originated on different Webmail servers too:
We could go on down the line, but the point is that the spammer in question easily hacks and abuses AOL accounts with impunity.
Another version of the Google Groups hosted virus is actively spreading.
This version also spoofs “123greetings.com” and arrives with a subject of:
Subject: You Have Received a Greeting Card
The contents of this version does not contain graphics, but is instead all text:
Now we have an apparent “kitchen sink” Trojan and virus attack where the spammers are throwing multiple attack vectors within the same campaign and are just hoping something sticks.
The emails are sent from a remarkably wide variety of infected mail servers and individual personal computers spanning the globe. They are spoofing everything from completely random email addresses to claiming to come from the recipient’s own email account.
What is consistent within the current campaign now circulating is that they will include your domain in the subject line, followed by the phrase “account notification” such as:
Subject: yourdomain.com account notification
According to a recently published Messaging Anti-Abuse Working Group (MAAWG) survey, “half of email users in North America and Western Europe have opened or accessed spam and large proportions, representing tens of millions, have taken action like clicking on links or opening attachments”. Worse yet, nearly half of those did so on purpose “to unsubscribe, out of curiosity, or out of interest in the products or services being offered.”
We have to wonder if these same people would leave the keys in their cars to find out if there are really car thieves or would by a luxury watch from a guy on a street corner?
Probably not, as they would likely see the inherent danger in the physical world. However, in a world where most financial transactions are handled electronically, inviting strangers into your computer is an equally bad idea. (more…)
It’s back….. the email confirmation (really a Trojan/Virus) for the airline ticket you never purchased is again making the rounds.
The subject line is pretty straightforward:
Online order for airplane ticket N648365
Though the “order number” at the end is randomized in order to try and evade some of the simpler spam filtering systems.
A few weeks ago we posted about Internet Explorer’s most recent vulnerability issue. In that post we noted that IE’s security problems allow millions of computers to be turned into zombie slaves for spammers and other unsavory elements on the Internet. This week one of the worst offenders in the IE family is being buried in effigy by Denver based design firm Aten Design Group. (more…)
A newer and very popular tactic with “Viagra and Cialis” spammers is to move part of their sales pitch out of the email “Subject” and into the “From” address instead.
This technique takes advantage of the fact that email standards allow for the
“From” address to include both an actual email address <user@domain.com> and also what’s commonly referred to as a “Pretty Address” where the sender can include any name or title they choose.
