Posts Tagged ‘zombie’

Newegg.com – Payment Changed – Spam Campaign

Thursday, August 26th, 2010

The trend for the summer is for the major botnets to spoof a different brand-name domain every week.

This week’s victim is Newegg.com with large volumes of these bogus emails being sent by infected personal computers (zombies) acting to distribute these “Newegg.com – Payment Change” spoofs.

A typical example comes:

Subject:      Newegg.com – Payment Charged
From:     Newegg <info@newegg.com>

more »

That Ol’ Black (Email) Magic That You Weave So Well

Friday, August 20th, 2010

Yes Virginia, there is Black Magic (BM).

If there wasn’t, nobody would send spam like this:

Subject: cure black magic

From: “batool fatima” <nbhgyt@yahoo.com>

more »

Virus Emails Gone Wild

Wednesday, August 11th, 2010

Apparently the botnets in charge of spreading viruses have decided to go random and wild this week. In an attempt to evade filtering and confuse end user recipients, they’re spewing vast amounts of emails and using a shotgun approach of randomization.

Sending addresses are all random and spoofed and the emails themselves are short and cryptic. Subject lines tend to be short and simple and run the gamut, just a few examples (we’re seeing hundreds of variations):

more »

Welcome to Friendster – Virus/Malware in Disguise

Thursday, August 5th, 2010

Watch out for well designed, but spoofed invitations from Friendster currently making the rounds through spam driven email campaigns.

The samples we’ve reviewed so far arrive as:

Subject:      Welcome to Friendster
From:     Friendster <join@mail.friendster.com>

more »

You’re Invited to Google Mail – Virus & Malware

Monday, August 2nd, 2010

We’re seeing quite the uptick in spoofed “Your Friend has invited you to open a Google mail account” emails lately.

The typical email comes with a subject line and From address such as:

Subject:      Edmond Fletcher has invited you to open a Google mail account
From:     “Edmond Fletcher” <auntee8@rosesbooks.com>

more »

Amazon.com: Please verify your new e-mail address – Fraud

Tuesday, July 20th, 2010

At least one of the larger spam botnets is hard at work these last few days spreading itself via spoofed Amazon.com emails.

For the most part, these frauds do an excellent job of mimicking legitimate Amazon emails.

The arrive with a Subject line of:

From:      “Amazon.com E-mail Subscriptions” <delivers@amazon.com>
Subject:     Amazon.com: Please verify your new e-mail address

more »

Scan from a Xerox WorkCentre Pro – Virus

Monday, July 19th, 2010

In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.

The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.

more »

Your Amazon.com Order – Malware!

Thursday, June 24th, 2010

Another high volume campaign spoofing Amazon email receipts that arrive:

Subject:      Your Amazon.com Order (D17-3394363-2558346)
From:     “Amazon.com” <digital-no-reply@amazon.com>

Notice that these email arrive from hijacked zombie PC’s from across the globe and the “Order” number in the subject is randomized in an attempt to evade spam filtering.

The message itself is well designed, using actual Amazon graphics, and the Order numbers and purported sales amounts are both randomized as well:

more »

High Quality Spam

Monday, May 24th, 2010

Looked at as art, most spam is the email equivalent of a two year old scribbling with a crayon. Every once in a while, though, we see something outstanding. In this post we’re going to give a shout out to a spammer who obviously cares about their work.

We grabbed a few examples of this campaign and most of them have fairly innocuous subjects that might be likely to get you to open the message like:

more »

You Have Received a Greeting Card – Virus

Monday, May 17th, 2010

Another version of the Google Groups hosted virus is actively spreading.

This version also spoofs “123greetings.com” and arrives with a subject of:

Subject: You Have Received a Greeting Card

The contents of this version does not contain graphics, but is instead all text:

more »