More malicious "Voice Message from Unknown", jConnect Fax SPAM
FYI...
More malicious "Voice Message from Unknown" SPAM
- http://blog.dynamoo.com/2014/01/more...nown-spam.html
8 Jan 2014 - "Another bunch of fake "voice message" spams with a malicious payload are doing the rounds, for example:
Subject: Voice Message from Unknown (996-743-6568)
Subject: Voice Message from Unknown (433-358-8977)
Subject: Voice Message from Unknown (357-973-7738)
Body:
- - -Original Message- - -
From: 996-743-6568
Sent: Wed, 8 Jan 2014 12:06:38 +0000
To: [redacted]
Subject: Important Message to All Employees
Attached is a file VoiceMessage.zip which in turn contains VoiceMessage.exe which has a VirusTotal detection rate of 11/47*. Automated analysis tools... show an attempted connection to casbir .com .au on 67.22.142.68 (Cologlobal, Canada). This appears to be the only server on this IP address, so blocking or monitoring it for the time being may be prudent."
* https://www.virustotal.com/en-gb/fil...is/1389191399/
___
jConnect Fax Spam
- http://threattrack.tumblr.com/post/7...nnect-fax-spam
Jan 8, 2014 - "Subjects Seen:
jConnect fax from “<phone number>” - 21 page(s), Caller-ID: <phone number>
Typical e-mail details:
Fax Message [Caller-ID: <phone number>]
You have received a 21 page(s) fax at 2012-12-17 05:25:32 EST.
* The reference number for this fax is lax3_did10-1514386087-4062628129-11.
This message can be opened using your PDF reader. If you have not already installed j2 Messenger, download it for free: j2.com/downloads
Please visit j2 .com/help if you have any questions regarding this message or your j2 service.
Thank you for using jConnect!
Malicious File Name and MD5:
FAX_93-238738192_19.zip (3A8CAA5972CF72CCEB0C40531C28B5AB)
FAX_93-238738192_19.exe (CA2628B955CAC2C8B6BD9F8C4C504FA4)
Screenshot: https://31.media.tumblr.com/24541843...Lm51r6pupn.png
Tagged: jconnect, Upatre
___
LinkedIn Makes Federal Case Out of Fake Accounts
- http://blogs.wsj.com/digits/2014/01/...fake-accounts/
Jan 7, 2014 - "LinkedIn, the business-focused social network, charged in a federal civil lawsuit that 10 unnamed people had created thousands of fake accounts that can be used to pass on malicious computer code or puff up users’ profiles. In a suit filed Monday in U.S. District Court for the Northern District of California, LinkedIn said it had deleted the abusive accounts and traced them to an Amazon Web Services account. It’s asking the cloud computing giant to hand over the names of the owners of the web-services accounts. Amazon Web Services offers computing power for rent via the Internet. An Amazon spokeswoman did not immediately respond to a request for comment. LinkedIn accuses the unnamed people of violating its user agreement by creating multiple fake accounts that stole data from legitimate LinkedIn profiles through a method called scraping*..."
* http://www.hotforsecurity.com/blog/l...tors-7594.html
Jan 8, 2014 - "... In November, Bitdefender warned about fake LinkedIn profiles that gather personal details** and lead users to dangerous websites..."
** http://www.hotforsecurity.com/blog/a...fers-7362.html
Nov 21, 2013 - "... As many users speak English and a native language, the scam aims at most countries in the world especially the US, where over 84 million users are active on LinkedIn. The fake recruiter spreads the link to the scam using URL shortening techniques. The bogus profile of “Annabella Erica” was already injected into authentic LinkedIn groups such as Global Jobs Network, which includes 167,000 users worldwide. Members of the social network are now sharing insights on more than 2.1 million groups, so the number of victims exposed to the scam could be a lot higher. The fake employment website is registered on a reputable “.com” domain to avoid raising doubts as to its authenticity. Scammers gather e-mail addresses and passwords they may later use for identity theft. Fraudsters usually register websites for longer periods and sometimes make their pages look even better than legitimate websites..."
___
inTuit/TurboTax phish
- http://security.intuit.com/alert.php?a=95
1/7/14 - "Here is a copy of the phishing email people are receiving. Be sure -not- to open the attachment.
TurboTax Alert: Your $4,120.55 Tax Refund!
> http://security.intuit.com/images/ttphish.jpg
Dear Customer,
You've received a Tax Refund of $4,120.55.
Kindly find attached file to view your Refund Confirmation from TurboTax.
Please keep this refund confirmation for your records.
NOTE: TurboTax/IRS will not request your banking details through email, sms or telephone.
Thank you for using TurboTax
This is the end of the -fake- email.
Steps to Take Now:
Do -not- open the email attachment...
Delete the email."
