FYI...
Fake PayPal SPAM – PDF malware
- http://myonlinesecurity.co.uk/paypal...e-pdf-malware/
12 May 2014 - "PayPal Notification of payment received is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. These emails are absolutely identical to the genuine emails that you receive from PayPal when someone sends you money, especially after selling something on eBay . The difference is the link to the transaction goes to a fake site that tries to download a malware file to your computer, that appears to be a PDF...
Screenshot: http://myonlinesecurity.co.uk/wp-con..._new_funds.png
12 May 2014: PP_detalis_726716942049.pdf.exe ( 485 kb)
Current Virus total detections: 0/51*
This PayPal Notification of payment received is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/f...265f/analysis/
___
BBB SPAM - Washington Metro Area ...
- http://threattrack.tumblr.com/post/8...etro-area-spam
12 May 2014 - "Subjects Seen:
RE:Case #2475314
Typical e-mail details:
Owner/Manager
The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position. FILE ATTACHED (Adobe Photoshop format)
As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct...
We look forward to your prompt attention to this matter.
Sincerely, BBB of Metropolitan Washington DC and Eastern Pennsylvania
Malicious File Name and MD5:
Complaint.zip (F72C05A0A0C4C188B07ECE7806CC0F44)
ComplaintToManager.scr (F89D06A787094FE2DC1AF6B2C0914C17)
Screenshot: https://gs1.wac.edgecastcdn.net/8019...QFX1r6pupn.png
Tagged: bbb, Upatre
- http://myonlinesecurity.co.uk/better...e-pdf-malware/
12 May 2014 - "Better Business Bureau Complaint with subject of RE:Case #8396880 pretending to come from Refugio Ratliff [Refugio_Ratliff@ bbb .org] is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers...
Email looks like:
May 12, 2014
Owner/Manager
The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position. FILE ATTACHED (Adobe Photoshop format)
As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct...
We look forward to your prompt attention to this matter.
Sincerely,
BBB of Metropolitan Washington DC and Eastern Pennsylvania
12 May 2014 : Complaint.zip ( 7kb) Extracts to ComplaintToManager.scr
Current Virus total detections: 2/52*
... another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/6...2998/analysis/
___
“Your Photos Are being Used” Phish
- http://blog.malwarebytes.org/fraud-s...phishing-lure/
May 12, 2014 - "We’re seeing some reports that an old favourite of scammers everywhere is currently in circulation on social media sites such as Tumblr. If you receive a message from a friend which says:
OMG YOUR PHOTOS ARE BEING USED ON THIS SITE
then be very careful should you happen to click the link, because you may well be sent to a fake login page. In this case, the scammers use some Javascript to bounce the victim from a Tumblr spam blog to a fake Facebook login which they’ll need to use to see the supposed photos. Anybody filling in their details and hitting enter will of course have their username and password sent to the attacker.
> http://cdn.blog.malwarebytes.org/wp-.../05/tumblr.png
...
> http://cdn.blog.malwarebytes.org/wp-...5/phish-fb.png
This sort of scam is often seen on Twitter, and regularly puts in a guest appearance or twelve on other sites. Any urgent-sounding messages sent your way which suggest imminent personal embarrassment of some description should be treated with healthy skepticism until you’ve confirmed that a) the message is genuine and b) it really was worth saving up for a one way ticket to the Sahara desert all those years ago. It’s very likely you’re going to be fine – however, you won’t be able to say the same for accounts being handed over to a scammer using a little shock and awe (but mostly shock) as a bait to spirit away some logins."
___
- http://blog.trendmicro.com/trendlabs...ltiple-emails/
May 12, 2014 - "... Users should be wary of clicking shortened URLs, especially if they come from unverified sources. It’s recommended that they simply use bookmarks or type in the site’s URL directly into the address bar to avoid phishing pages. They should also double-check a site’s URL before they give out any user information; it has become all too easy for bad guys to create login pages that are near-identical to legitimate ones..."