Results 1 to 10 of 1320

Thread: SPAM frauds, fakes, and other MALWARE deliveries...

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake Western Union SPAM

    FYI...

    Fake Western Union invoice SPAM – PDF malware
    - http://myonlinesecurity.co.uk/wester...e-pdf-malware/
    6 Oct 2014 - "'invoice 5751107 October' pretending to come from Western Union Inc and quite a few others coming from a random single name like Amelia, Fred, John etc at random email addresses is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email looks like:
    Please find attached your October invoice, we now have the facility to email invoices,
    but if you are not happy with this and would like a hard copy please let me know.
    New bank details for BACS payments are Santander Bank Sort Code 8017730 Account No 5608017730.
    Thanks very much
    Western Union Inc. 2014 @ All rights reserved.


    The earlier email looks like:
    Please find attached your October invoice, we now have the facility to email invoices,
    but if you are not happy with this and would like a hard copy please let me know.
    New bank details for BACS payments are Santander Bank Sort Code 5751107 Account No 5605751107.
    Thanks very much
    Amelia ...


    6 October 2014: invoice_5751107.zip: Extracts to: invoice.0914.1602783433405300232.exe
    Current Virus total detections: 9/55* . This invoice 5751107 October pretending to come from Western Union is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
    * https://www.virustotal.com/en/file/c...is/1412589518/
    ___

    Fake Bank confirmation SPAM - PDF malware
    - http://myonlinesecurity.co.uk/chen-y...e-pdf-malware/
    6 Oct 2014 - "'CHEN YOUNG BANK SWIFT' pretending to come from CHEN YOUNG is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
    Hello,
    My bank have made the payment and the funds will arrive your bank in 3 days time. Attached is the bank confirmation Swift, let me know if your bank details are ok in the SWIFT
    Thank you!
    Chen Young
    Branch Manager
    YangZhou Wells Imp&Exp Co., Ltd
    9-525 Modern Square,
    Wenhui West Road
    Yangzhou, Jiangsu. CHINA
    Fax: 0086 514 8795 1721 / 0086 514 8795 1752


    6 October 2014: SWIFT_0000019989399188321110000011.zip:
    Extracts to: SWIFT_000001998939918835961163324799.exe
    Current Virus total detections: 9/55* . This 'CHEN YOUNG BANK SWIFT' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
    * https://www.virustotal.com/en/file/f...is/1412582411/
    ___

    Fake Tiffany invoice SPAM – PDF malware
    - http://myonlinesecurity.co.uk/tiffan...e-pdf-malware/
    6 Oct 2014 - "'invoice copy (waiting for your confirmation)' pretending to come from Tiffany & Co. <j.parker@ tiffany .co.uk> is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
    Kindly open to see export License and payment invoice attached, meanwhile we sent the balance payment yesterday.
    Please confirm if it has settled in your account or you can call if there is any problem.
    Thanks J.parker
    Tiffany & Co.


    6 October 2014: Tiffany order details 06-10-2014.zip:
    Extracts to: Tiffany order details 06-10-2014.exe
    Current Virus total detections: 6/55* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
    * https://www.virustotal.com/en/file/f...is/1412597423/

    Last edited by AplusWebMaster; 2014-10-06 at 16:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •