Sponsored by..

Showing posts with label Sky. Show all posts
Showing posts with label Sky. Show all posts

Wednesday 20 May 2015

Malware spam: "Sky.com / Statement of Account" and "Voice Mail / You have a new voice" via volafile.io

These two spam runs attempt to download malware from volafile.io. To give the folks at Volafile credit, all the malware I have seen linked to has been taken down. I suspect that the payload is the Dyre banking trojan.

From:    Sky.com [statement@sky.com]
Date:    20 May 2015 at 12:30
Subject:    Statement of account

Afternoon,

Please find the statement of account, download and view from the link below:

https://dl4.volafile.io/download/8eFEP-cNVEX-Jg/statement_00429117.zip

We look forward to receiving payment for the September invoice as this is now due for payment.

Regards,
Elliot

This email, including attachments, is private and confidential. If you have received this email in error please notify the sender and delete it from your system. Emails are not secure and may contain viruses. No liability can be accepted for viruses that might be transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members: Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.


======================

From:    Voice Mail [Voice.Mail@victimdomain]
Date:    20 May 2015 at 12:11
Subject:    You have a new voice

You are receiving this message because we were unable to deliver it, voice message did not go through because the voicemail was unavailable at that moment.

* The reference number for this message is _qvs5419167125_001

The transmission length was 41
Receiving machine ID : BA9R-DUQUC-TY7T

To download and listen your voice mail please follow the link below: https://dl3.volafile.io/download/rnTYPuYNVEX6Jw/statement_00429114.zip

The link to this secure message will expire in 24 hours. If you would like to save a copy of the email or attachment, please save from the opened encrypted email. If an attachment is included, you will be given the option to download a copy of the attachment to your computer.
volafile.io is a pretty uncommon place to share files, so it might be worth looking at your traffic to see if there have been any unexpected requests to that site.


Thursday 2 October 2014

Sky doesn't understand "opting out" of marketing emails

When I opt out of marketing emails, I expect to stay opted out. This kind of crap sent from Sky really gets my goat.
Are you making the most of your Sky TV?
We’re checking our records and can see that you’re not currently opted in to get offers by email, so there are bound to be things you’re not hearing about, like:
-  exclusive money-saving offers on fantastic Sky products and services
-  the chance to trial our most popular products and services totally free
We’ll also donate £2 to Sky Rainforest Rescue, our partnership with WWF, for every customer that opts in – up to £10,000. Sky Rainforest Rescue is helping to save 1 billion trees in the Amazon. So you’ll be making a real difference to the rainforest, which is home to an astonishing one in 10 of all the wild species on Earth.
It only takes a minute, so opt in tod​ay and get more out of being a Sky customer.

Sky seem aghast that I'm not interested in a stream of marketing emails for products which I am probably not interested in. Which is why I opted out of having them. I don't want to be nagged about opting out - that's not honouring the opt out is it? In other words.. this is spam.

Just in case Sky ever ends up reading it, I will put it in terms that you might understand..






Wednesday 3 September 2014

Sky.com "Statement of account" spam.. again.

These fake Sky emails are pretty common and have a malicious attachment:

Date:      Wed, 3 Sep 2014 09:17:22 +0200 [03:17:22 EDT]
From:      "Sky.com" [statement@sky.com]
Subject:      Statement of account

Afternoon,

Please find attached the statement of account.

We look forward to receiving payment for August, invoice as this is now due for payment.

Regards,
Clark

This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP. 
The attachment is Statement.zip which contains a malicious executable Statement.scr which has a reasonable VirusTotal detection rate of 18/55. The Anubis report indicates that the binary phones home to the following domains which may be worth blocking:

notarioschiapas.com
faviles.com


Tuesday 15 April 2014

Sky.com "Statement of account" spam

Another fake sky.com email with a malicious payload..

Date:      Tue, 15 Apr 2014 19:40:23 +0800 [07:40:23 EDT]
From:      "Sky.com" [statement@sky.com]
Subject:      Statement of account

Afternoon,

Please find attached the statement of account.

We look forward to receiving payment for the February invoice as this is now due for
payment.

Regards,
Kathy

This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP. 
Attached is a file Statement.zip which contains a malicious executable Statement.scr which has a VirusTotal detection rate of 9/51. Automated analysis tools [1] [2] [3] show an attempted download from the following locations:
[donotclick]pelicansea.com/css/1504UKd.zip
[donotclick]twinest.com/images/1504UKd.zip


A number of other IPs are contacted as well, indicating this this is P2P/Gameover Zeus.


Thursday 13 March 2014

Sky.com "Statement of account" spam

This fake Sky.com email comes with a malicious attachment:

Date:      Thu, 13 Mar 2014 12:23:09 +0100 [07:23:09 EDT]
From:      "Sky.com" [statement@sky.com]
Subject:      Statement of account

Afternoon,

Please find attached the statement of account.

We look forward to receiving payment for the December invoice as this is now due for
payment.

Regards,
Carmela

This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
Attached is an archive Statement.zip which in turn contains a malicious executable Statement.scr which has a VirusTotal detection rate of 6/50. Automated analysis tools [1] [2] [3] show attempted connections to the following domains and IPs:

188.247.130.190 (Prime Telecom SRL, Romania)
gobemall.com
gobehost.info

184.154.11.228 (Singlehop, US)
terenceteo.com

184.154.11.233 (Singlehop, US)
quarkspark.org

The two Singlehop IPs appear to belong to Host The Name (hostthename.com) which perhaps indicates a problem at that reseller.

Recommended blocklist:
184.154.11.228
184.154.11.233
188.247.130.190
gobemall.com
gobehost.info
terenceteo.com
quarkspark.org

Friday 22 July 2011

Sky survey boll*cks

I'm feeling quite sweary this week, so here's a stupid email from a market research company who are pretending not to be doing it for Sky (I know it's for Sky because it uses an email address only used to sign up to Sky). It's b*llocks basically.

From: Tpoll Broadband Survey helpdesk@tpoll.net
Date: 22 July 2011 16:19
Subject: A survey about your broadband provider

Dear Mr Dynamoo

A well-known broadband provider has commissioned us here at Tpoll, an independent market research agency, to talk to people about their opinions and experiences with their TV and broadband providers.

The broadband provider in question is very keen to properly understand their customers’ needs, how well the products and services they offer are meeting their needs, and how they compare to other providers. They have asked Tpoll to investigate and we have invited you to take part in an online survey to share your thoughts and opinions.

This survey is organised and run under the rules of the Market Research Society. All responses will be strictly confidential and results will only be looked at on an aggregated level so please be as honest as you can with your answers.

Your answers will be very much appreciated and will be extremely valuable in shaping the products and services the provider offers.

Please click on the link below to start the survey - it should take 10 to 15 minutes to complete.

Click here to begin

Many Thanks,

Elizabeth Green



Tpoll Market Intelligence

So.. you want me to spend 15 minutes doing market research for Sky - a company that I don't use for broadband - just to help them shape their business? I did very much enjoy telling them that I don't have a TV or broadband access. Maybe this will screw up their survey.

Is this spam? It's hard to tell. I have a pre-existing relationship with Sky, but I'm pretty sure I didn't opt-in for this. It would be much more honest if Sky just admitted that they were behind it. Although perhaps their relationship with Rupert Murdoch's empire might be driving them to keep it quiet..