In another crafty attempt to induce email recipients to voluntarily infect their own computers with a virus the latest campaign spoofs a scanned document email purportedly from a Xerox WorkCentre Pro multi-tasking machine.
The emails arrive from an endless variety of spoofed email From address senders, when they are actually sent from personal computers that have already been infected by this campaign.
Another high volume campaign spoofing Amazon email receipts that arrive:
Subject: Your Amazon.com Order (D17-3394363-2558346)
From: ”Amazon.com” <digital-no-reply@amazon.com>
Notice that these email arrive from hijacked zombie PC’s from across the globe and the “Order” number in the subject is randomized in an attempt to evade spam filtering.
The message itself is well designed, using actual Amazon graphics, and the Order numbers and purported sales amounts are both randomized as well:
Looked at as art, most spam is the email equivalent of a two year old scribbling with a crayon. Every once in a while, though, we see something outstanding. In this post we’re going to give a shout out to a spammer who obviously cares about their work.
We grabbed a few examples of this campaign and most of them have fairly innocuous subjects that might be likely to get you to open the message like:
Another version of the Google Groups hosted virus is actively spreading.
This version also spoofs “123greetings.com” and arrives with a subject of:
Subject: You Have Received a Greeting Card
The contents of this version does not contain graphics, but is instead all text:
Now we have an apparent “kitchen sink” Trojan and virus attack where the spammers are throwing multiple attack vectors within the same campaign and are just hoping something sticks.
The emails are sent from a remarkably wide variety of infected mail servers and individual personal computers spanning the globe. They are spoofing everything from completely random email addresses to claiming to come from the recipient’s own email account.
What is consistent within the current campaign now circulating is that they will include your domain in the subject line, followed by the phrase “account notification” such as:
Subject: yourdomain.com account notification
It’s back….. the email confirmation (really a Trojan/Virus) for the airline ticket you never purchased is again making the rounds.
The subject line is pretty straightforward:
Online order for airplane ticket N648365
Though the “order number” at the end is randomized in order to try and evade some of the simpler spam filtering systems.
A newer and very popular tactic with “Viagra and Cialis” spammers is to move part of their sales pitch out of the email “Subject” and into the “From” address instead.
This technique takes advantage of the fact that email standards allow for the
“From” address to include both an actual email address <user@domain.com> and also what’s commonly referred to as a “Pretty Address” where the sender can include any name or title they choose.
A new Phishing scam is making the rounds, targeting AOL’s Instant Messenger users and attempting to trick them into sharing their AIM login username and passwords.
Emails are currently making the rounds with subject lines like:
