Spam

As Easter approaches, spam related to this upcoming holiday is expected. Spammers didn’t send malicious greetings like last year—they sent out various product promotion ads instead. One particular coupon promotion page offers recipients a free coupon for digital TV service for Easter. A domain attack was observed from this spam attack, and the offer page changed to different product coupons on a daily basis. 1 2 _From: “The Easter Bunny” <easterbunny removed> Subject: How to make this Easter even more magical…</easterbunny>@>_ ...

Good God! A 419 scam email from someone in grade school! From: FBI AGENT [mailto:[email protected]] Sent: Wednesday, March 31, 2010 7:34 AM Subject: FBI AGENT Hello honest people……… We got your contact from our Microsoft data-base system. This is to inform you all that have lost money to Scammers in Africa, Europe and USA. We hear by inform you there is quick opportunity for you mostly on lottery. My name is FBI brad Martins I assure you am doing all I can to get your lost money back in 2 days . I know what scam means. I work with the global scam Fither in CA 93535.we have all the global scam computer to trace all Scammers Name and location. Reply back to us. We just caught a scammer now, and we found some money with him, we are returning it back to those involves. This mean your money will be refund back to you.Get back to the FBI through this email for immediate response [email protected]

Today, our friends at Trend Micro blogged about a new attack vector using Microsoft Word documents. We saw this as well last week, and have written a detection for the dropped trojan. It’s not just a “lawsuit” that’s being spammed, we also picked up another form of this attack in our honeypots over the weekend: When you open the Word document, you see a “PDF”, but it’s actually not. It’s a JPG, which links to an executable. ...

A few of days ago, we encountered an e-mail with a malicious RTF attachment. It was sent with a supposed lawsuit notification message. The e-mail didn’t mention any company by name and took a shotgun, rather than targeted, approach. Today, a security blogger forwarded us (and others) his version of the e-mail: At this point, it appears that the attachment has been replaced by hyperlink pointing to the Marcus Law Center. ...

Who wouldn’t want some tax benefits in the current economic times? Don’t phishers and scammers know that all too well! In a new phishing scheme, We found that Child Tax Credit is being used as bait to lure parents to disclose their financial data. This attack specifically tries to convince users to make claims for credit and lower their tax burden by using their children’s education expenses. According to the Internal Revenue Service (IRS) website [PDF], taxpayers may be able to reduce their federal income tax by up to $1,000 for each qualifying child. Making use of this information, spam email discusses the expensive education of children and quickly advises recipients to use this expense to make claims for tax credits under the numerous tax benefits provided by the IRS. They make a further appeal that as a U.S. citizen or resident, recipients should apply for their tax returns. According to the email, users can get a tax refund of $75,000 for their children’s education. To apply for a refund, users need to complete a form attached to the email message. The fraudulent email has an HTML attachment named “#1924819299.pdf.htm”. ...

In the security industry we often focus heavily on new technologies and shiny new software, and forget that so much of what we see is dependent on the person behind the computer. Today, a co-worker of mine was sent an email from someone she doesn’t know, with the following text: “I’m writing this with tears in my eyes,my fam and I came down here to Wales,United Kingdom for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us. ...

We’re investigating a series of SMS Worms, found in the wild in China. Known as Trojan:SymbOS/MerogoSMS, these worms try to spread on Symbian Series 60 3rd Edition devices. Symbian continues to be by far the most common smartphone operating system in the world. These worms spread by sending text messages to other phones. These text messages contain variable messages (in Chinese), and a link to a website. If the link is followed, user is prompted to install an application – infecting the phone and restarting the SMS spreading. ...

I have seen a lot of these lately. This one currently doing the rounds tries to dupe the reader into thinking that the International Monetary Fund (IMF) wants to use their accounts to transfer money meant for charity. In the email. the IMF (supposedly) wants to transfer $10 Million into the reader’s account using NatWest Bank. The contact details within the Bank are given as follows: Name: Mr. Donald Miller (Co-founder) Office Address: 11 El Shams Bldgs., 8th District Nasr City E-mail: Bernisecharityfoundationimf ‘at’ gmail.com Tel: (+44) 7031-939-750 Fax: (+44) 7011830323 ...

I won’t abuse it, I promise…. cross my heart… spit into the wind… etc. Hi folks, Yesterday, I received this SPIM (Instant message spam) … usnews3.com sounds kind of official, doesn’t it? and the page looks impressive… There are lots of links on the page, but unfortunately, a mouse-over of each link reveals that they all go to the same place… That’s not a good sign for a legitimate webpage. Moreover, a whois shows that it was registered just on 7th December 2009, and that the ownership is hidden behind a privacy protector service. ...

Or is it at the saturation point? The SANS Institute (acronym = SysAdmin, Audit, Network, Security) web site carried a blog piece that gives a good snapshot of the horrible ongoing plague of spam email that IT folks all over the globe must deal with. The writer, Deborah Hale, said the ISP in the Midwest where she works received almost 20 million pieces of email for more than 9,000 accounts since the beginning of March. Only 713,222 (3.6 percent) were NOT spam. ...