Page 118 of 118 FirstFirst ... 1868108114115116117118
Results 1,171 to 1,171 of 1171

Thread: SPAM frauds, fakes, and other MALWARE deliveries...

  1. #1171
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,519

    Thumbs down Fake 'Important matter' SPAM, 'Message from IT' - Phish

    FYI...

    Fake 'Important matter' SPAM - delivers unknown malware
    - https://myonlinesecurity.co.uk/distu...known-malware/
    28 Mar 2017 - "This email was forwarded to me by a contact who works for a public service agency. I have redacted the actual recipients domain and any email address. There is a 'Charmaine' [redacted] living at the address listed according to google searches. I am sure that there will be a lot of other emails with other real details that will really scare the recipients into opening these emails and being infected. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain .com >. That is why these scams and phishes work so well... The email looks like:
    From: Antony Gfroerer <antongfoufou@ wanadoo .fr>
    Date: Tue, 28 Mar 2017 09:37:38 +0000
    To: Charmaine [redacted] <c*********@ [redacted]>
    Subject: Charmaine
    Attachment: victim.dot (renamed from recipients name)
    Hello, Charmaine!
    I am disturbing you for a very important matter. Though we are not familiar, but I have considerable ammount of information concerning you. The matter is that, most probably mistakenly, the data of your account has been sent to me.
    For example, your address is:
    5 [redacted] Lane
    Perth
    Perthshire and Kinross
    PH2 [redacted]
    I am a lawful citizen, so I decided to personal details may have been hacked. I pinned the file victim.dot that that was emailed to me, that you could find out what information has become accessible for fraudsters. File password is 2131
    I look forward to hearing from you,
    Antony Gfroerer ...


    victim.dot - Current Virus total detections 0/55*. Payload Security** is unable to analyse as an unsupported format. MALWR*** shows nothing... I am informed that they download:
    galaxytown .net/store/read.gif -and- effeelle .eu/img/logo.gif which appear to be genuine gif files from the headers, although they refuse to display as any sort of image file and must contain some sort of embedded -malware- content... DO NOT follow the advice they give to enable macros or enable editing to see the content... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
    * https://www.virustotal.com/en/file/d...is/1490695414/

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    Contacted Hosts
    62.149.140.45: https://www.virustotal.com/en/ip-add...5/information/
    > https://www.virustotal.com/en/url/fa...3c34/analysis/

    *** https://malwr.com/analysis/NDQ3MDg1O...lhNWUyNDViYjQ/

    galaxytown .net: 67.225.216.115: https://www.virustotal.com/en/ip-add...5/information/
    > https://www.virustotal.com/en/url/7b...8912/analysis/
    ___

    'Message from IT' - Phish
    - https://myonlinesecurity.co.uk/impor...-365-phishing/
    28 Mar 2017 - "... slightly different than many others and much more involved and complicated. It pretends to be a message from IT support to update webmail to use Office 365 / Outlook web access...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...-IT-Sector.png

    This email has a genuine PDF attachment:
    > https://myonlinesecurity.co.uk/wp-co...65_upgrade.png
    If you follow the link inside the pdf you see a webpage looking like this:
    [ http ://radioclassicafm .com.br/lr/barracuda/barracuda/index.html ]
    >> https://myonlinesecurity.co.uk/wp-co...da_signin1.png
    After you input your email address and password, you get told -incorrect- details and -forwarded- to an almost identical looking page where you can put it in again:
    >> https://myonlinesecurity.co.uk/wp-co...cuda_login.png
    Then you get sent to an imitation of the Google Verification page where they ask for either your phone number or alternative email address...
    >> https://myonlinesecurity.co.uk/wp-co...gle_verify.png
    Then you get a 'success' page... All of these emails use Social engineering tricks to persuade you to open the -attachments- that come with the email..."

    radioclassicafm .com.br: 216.172.173.156: https://www.virustotal.com/en/ip-add...6/information/
    > https://www.virustotal.com/en/url/2f...bdc8/analysis/

    Last edited by AplusWebMaster; Yesterday at 17:46.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •