Fake Google drive SPAM ...
FYI...
Fake Google drive SPAM - PDF malware
- http://myonlinesecurity.co.uk/grady-murphy-shared-google-drive3623019-73-malware/
13 Aug 2014 - "Grady Murphy shared Google Drive:3623019-73 to submit@ < your email address>.pretending to come from Grady Murphy < random name that matches the name inside the email> , Apps Team is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... There are several different versions of this email leading to different infection sites and links, The names of the alleged Google Drive owner who wants to share with you changes with each email. There is no attachment with this one and they want you to follow the link and download the file to infect you.
Some of the sites are
http ://energydep .net:8080/Gdrive/GDrive025384.exe
http ://bilingdepp .net:8080/Gdrive/GDrive917302.exe
Email looks like:
Accept Grady Murphy Google Drive ID:3623019-73 request clicking on the link below:
Confirm request
Unfortunately, this email is an automated notification, which is unable to receive replies. We’re happy to help you with any questions or concerns you may have. Please contact us directly 24/7 via google .com/support/
13 August 2014: GDrive925483.exe (40kb) Current Virus total detections: 6/54*
This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/...51a70cfbbd6b3474f7c65f68/analysis/1407913490/
178.238.236.109: https://www.virustotal.com/en/ip-address/178.238.236.109/information/
___
Fake PurelyGadgets SPAM - Word doc malware
- http://myonlinesecurity.co.uk/order-id-769019-purelygadgets-com-word-doc-malware-malware/
13 Aug 2013 - "Order id 769019 | PurelyGadgets .com pretending to come from a sender named inform at a random email address is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... This email arrives written in German language and has a zip attachment that when unzipped drops what appears to be a genuine Word Doc. BUT the Doc contains a macro that will infect you, if you use an out of date or older version of word. On previewing it, or opening it in Word 2013 ( which has macros disabled by default ) it tries to tell you to enable macros so that you can read the document. Do -not- ever -enable- macros for any Microsoft office file received by email unless you are 100% sure that you know the sender and are expecting the file... If you still use an older version of Microsoft Word, then you are at risk of being infected by this... Office 2010 and Office 2013 have macros -disabled- by default...
13 August 2014: Bestellen.zip (100 kb) : Extracts to Bestellen.Doc
Current Virus total detections: 10/54* . All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should -not- be run or opened..."
* https://www.virustotal.com/en/file/...cdd4ad85f52dd1e16eebb006/analysis/1407936811/
___
UK Land Registry Spam
- http://threattrack.tumblr.com/post/94637538213/uk-land-registry-spam
Aug 13, 2014 - "Subjects Seen:
Notification of direct debit of fees
Typical e-mail details:
Notification Number: 4682787
Mandate Number: LND4682787
###THIS IS AN AUTO NOTIFICATION EMAIL. DO NOT REPLY TO THE SENDER OF THIS EMAIL. IF YOU HAVE A QUERY PLEASE REFER TO THE INFORMATION BELOW ###
This is notification that Land Registry will debit 1527.00 GBP from your nominated account on or as soon as possible before 18/08/2014.
Details of fees that we shall be collecting by direct debit for the applications charged are now available to view.
You can access these by opening attached report.
If you have an enquiry relating to your VDD account please contact Customer Support at customersupport@ landregistry .gsi .gov.uk or call on 0844 892 1111. For all enquiries, please quote your key number.
Thank you,
Land Registry
Malicious File Name and MD5:
LND_Report_13082014.exe (4E3480ADAF846BE2073246C9879290D2)
LND_Report_4682787.zip (EAD6A8A2A9613175112E6C75D247B0BC)
Screenshot: https://gs1.wac.edgecastcdn.net/801...9e35632c0/tumblr_inline_na95u2Ihd01r6pupn.png
Tagged: UK Land Registry, Upatre
:fear:
:sad:
FYI...
Fake Google drive SPAM - PDF malware
- http://myonlinesecurity.co.uk/grady-murphy-shared-google-drive3623019-73-malware/
13 Aug 2014 - "Grady Murphy shared Google Drive:3623019-73 to submit@ < your email address>.pretending to come from Grady Murphy < random name that matches the name inside the email> , Apps Team is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... There are several different versions of this email leading to different infection sites and links, The names of the alleged Google Drive owner who wants to share with you changes with each email. There is no attachment with this one and they want you to follow the link and download the file to infect you.
Some of the sites are
http ://energydep .net:8080/Gdrive/GDrive025384.exe
http ://bilingdepp .net:8080/Gdrive/GDrive917302.exe
Email looks like:
Accept Grady Murphy Google Drive ID:3623019-73 request clicking on the link below:
Confirm request
Unfortunately, this email is an automated notification, which is unable to receive replies. We’re happy to help you with any questions or concerns you may have. Please contact us directly 24/7 via google .com/support/
13 August 2014: GDrive925483.exe (40kb) Current Virus total detections: 6/54*
This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/...51a70cfbbd6b3474f7c65f68/analysis/1407913490/
178.238.236.109: https://www.virustotal.com/en/ip-address/178.238.236.109/information/
___
Fake PurelyGadgets SPAM - Word doc malware
- http://myonlinesecurity.co.uk/order-id-769019-purelygadgets-com-word-doc-malware-malware/
13 Aug 2013 - "Order id 769019 | PurelyGadgets .com pretending to come from a sender named inform at a random email address is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... This email arrives written in German language and has a zip attachment that when unzipped drops what appears to be a genuine Word Doc. BUT the Doc contains a macro that will infect you, if you use an out of date or older version of word. On previewing it, or opening it in Word 2013 ( which has macros disabled by default ) it tries to tell you to enable macros so that you can read the document. Do -not- ever -enable- macros for any Microsoft office file received by email unless you are 100% sure that you know the sender and are expecting the file... If you still use an older version of Microsoft Word, then you are at risk of being infected by this... Office 2010 and Office 2013 have macros -disabled- by default...
13 August 2014: Bestellen.zip (100 kb) : Extracts to Bestellen.Doc
Current Virus total detections: 10/54* . All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should -not- be run or opened..."
* https://www.virustotal.com/en/file/...cdd4ad85f52dd1e16eebb006/analysis/1407936811/
___
UK Land Registry Spam
- http://threattrack.tumblr.com/post/94637538213/uk-land-registry-spam
Aug 13, 2014 - "Subjects Seen:
Notification of direct debit of fees
Typical e-mail details:
Notification Number: 4682787
Mandate Number: LND4682787
###THIS IS AN AUTO NOTIFICATION EMAIL. DO NOT REPLY TO THE SENDER OF THIS EMAIL. IF YOU HAVE A QUERY PLEASE REFER TO THE INFORMATION BELOW ###
This is notification that Land Registry will debit 1527.00 GBP from your nominated account on or as soon as possible before 18/08/2014.
Details of fees that we shall be collecting by direct debit for the applications charged are now available to view.
You can access these by opening attached report.
If you have an enquiry relating to your VDD account please contact Customer Support at customersupport@ landregistry .gsi .gov.uk or call on 0844 892 1111. For all enquiries, please quote your key number.
Thank you,
Land Registry
Malicious File Name and MD5:
LND_Report_13082014.exe (4E3480ADAF846BE2073246C9879290D2)
LND_Report_4682787.zip (EAD6A8A2A9613175112E6C75D247B0BC)
Screenshot: https://gs1.wac.edgecastcdn.net/801...9e35632c0/tumblr_inline_na95u2Ihd01r6pupn.png
Tagged: UK Land Registry, Upatre
:fear:
:sad:
Last edited:
ownloader-DU, VBA/TrojanDownloader.Agent.AL, Trojan-Downloader:W32/Agent.DVCR, Trojan-Downloader.VBA.Agent or Trojan.Mdropper. At the time of writing, 8 of the 53 AV engines did detect the