tag:blogger.com,1999:blog-804714437673009003.post6131996989584361577..comments2024-02-23T09:06:13.967+00:00Comments on Dynamoo's Blog: Highly personalised malspam making extensive use of hijacked domainsUnknownnoreply@blogger.comBlogger16125tag:blogger.com,1999:blog-804714437673009003.post-58015334920907001342018-07-26T11:56:42.917+01:002018-07-26T11:56:42.917+01:00Thank you for your investigations I have just read...Thank you for your investigations I have just read above.<br /><br />I received an almost identical email today in July 2018 - they had my name but no other personal details appeared. The body text is identical (typing it into google in ""s sent me to this page) but it is from incomstanti@coilguncapital.com . I can't find anything on basic googlesearch for coilguncapital but I Helenhttps://www.blogger.com/profile/09972402126971205477noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-30863431642524052252017-02-25T13:15:28.390+00:002017-02-25T13:15:28.390+00:00Hey folks im getting the same too, i have been wor...Hey folks im getting the same too, i have been working with Microsoft on this issue and have provided them with a whole bunch of screenshots showing the ping,tracert, nmap scans << lots of very juicy info there. And i am also in the process of contacting the Cyber unit at Interpol on this issue. <br /><br />Also i have been speaking and working with several members of the infosec community Anonymoushttps://www.blogger.com/profile/04245943655858910986noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-29556381055661175192017-02-19T13:46:31.055+00:002017-02-19T13:46:31.055+00:00Got the same on 14th Feb which Yahoo automatically...Got the same on 14th Feb which Yahoo automatically had popped into my Spam folder.<br />Have just found your excellent investigation of it (THANKS) which confirms an initial suspicion of my data being automatically placed into a standard email body. When are authorities going to purge the scum who persist in trying to mug us?Anonymoushttps://www.blogger.com/profile/17825158070285991420noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-23935562237621255572017-02-17T22:11:42.159+00:002017-02-17T22:11:42.159+00:00a few more things:
this follows the first naming c...a few more things:<br />this follows the first naming convention:<br /><br />mx155.qetradingsrl.com<br />mx156.qetradingsrl.com<br />mx157.qetradingsrl.com<br />and so forth.<br /><br />also looks like they use the prefix<br />smtp as well<br />found this example:<br />smtp60.technologey.com<br />smtp61.technologey.com<br />smtp62.technologey.com<br />smtp63.technologey.com<br />smtp64.mtju74https://www.blogger.com/profile/13171505122597339666noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-71829529093886706502017-02-17T20:37:26.223+00:002017-02-17T20:37:26.223+00:00Sorry:
From: confirmation@glautobodyparts.com
From...Sorry:<br />From: confirmation@glautobodyparts.com<br />From: noreply@localpoolrepair.com<br />From: services@partenaireautoplus.com<br />From: no-reply@localpoolrepair.com<br />From: servicecustomer@killianautoservice.com<br />From: noreply@glautobodyparts.com<br />From: servicecustomer@killianautoservice.commtju74https://www.blogger.com/profile/13171505122597339666noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-34339699202558514722017-02-17T20:36:46.979+00:002017-02-17T20:36:46.979+00:00Others that i have seen:
Received: from mx122.ar...Others that i have seen:<br /><br /><br />Received: from mx122.argozelo.info ([188.214.88.122])<br />Received: from mx191.smallbatchedfoods.com (mx191.smallbatchedfoods.com<br />Received: from mx117.argozelo.info (mx117.argozelo.info [188.214.88.117])<br />Received: from mx198.smallbatchedfoods.com (mx198.smallbatchedfoods.com<br />Received: from mx185.koobidehlife.com (mx185.koobidehlife.com [mtju74https://www.blogger.com/profile/13171505122597339666noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-59464485250003748462017-02-17T15:15:39.348+00:002017-02-17T15:15:39.348+00:00Got one today, details were address and landline p...Got one today, details were address and landline phone number of property i left about 6 years ago BUT it was sent to my private e-mail address, I use two, one is a hotmail i put on anything public, internet forms, shops, cellphone or pay-TV stuff, anything public... the private one is exactly that ... or was ... only work, doctor, personal friends and family have that. Wonder where they got THATAnonymoushttps://www.blogger.com/profile/15757163518775688015noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-5834421359916895792017-02-17T10:06:26.997+00:002017-02-17T10:06:26.997+00:00The exact thing happened to me two days ago. I unf...The exact thing happened to me two days ago. I unfortunately clicked on the link, & it brought up a zip file. I immediately deleted the zip file without opening it? I have run all manner of spyware & antimalware programmes, & it didn't find anything. Will my laptop be ok, with me just clicking on the link, but not opening the zip file?<br />Any comments would be gratefully Kevinhttps://www.blogger.com/profile/06026229506127008696noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-13937459656513787042017-02-17T04:00:27.030+00:002017-02-17T04:00:27.030+00:00I received the same spamware but was suspicious as...I received the same spamware but was suspicious as I didn't recognise the sender and I wasn't expecting a delivery. I had a look at the headers and contents in plain text.<br /><br />As per other posts the address details (incomplete) and phone number was years out of date. I spotted the payload was linked to an Excel file.<br /><br />I didn't need much more convincing that it was Sir Peterhttps://www.blogger.com/profile/00192750260693558469noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-53426990745536575712017-02-16T22:22:16.780+00:002017-02-16T22:22:16.780+00:00Yes - I received this today. Out of date address/p...Yes - I received this today. Out of date address/phone number, but worrying all the same.<br /><br />thanks for the info.Anonymoushttps://www.blogger.com/profile/01484444084433164615noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-72583250919860502202017-02-16T21:56:03.926+00:002017-02-16T21:56:03.926+00:00Got one of these today - thought it was a more sop...Got one of these today - thought it was a more sophisticated spam than usual and didn't open the link. Thanks for digging into this and posting the explanation - it was very interestingAnonymoushttps://www.blogger.com/profile/00634867271646142429noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-82929478040420446762017-02-16T16:41:02.600+00:002017-02-16T16:41:02.600+00:00I had this and was dumb enough to open the account...I had this and was dumb enough to open the account link, I know stupid. It opened to a barbecue invite page. Didn't open any files and I can't find any malware on my system. What am I missing?LMFAOhttps://www.blogger.com/profile/18243638360063261829noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-68990605101177259362017-02-16T16:40:58.415+00:002017-02-16T16:40:58.415+00:00I received one of these today. As I am not expect...I received one of these today. As I am not expecting anything at the moment I was suspicious and googled it. It came ostensibly from notification@localpoolrepair.com and the link to click on directed to an .xls file and the address for that was gaston-lagaffe.com. That is the name of a french cartoon character. I have deleted it and marked it as spam. It looked quite convincing with a correct Endomongohttps://www.blogger.com/profile/03709322379533585076noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-9238959721591142482017-02-16T16:24:28.539+00:002017-02-16T16:24:28.539+00:00The exe that is ultimately dropped is 5ca9540ca46b...The exe that is ultimately dropped is 5ca9540ca46b036d8409656a5200e1adee0f8d1bba68c045974407e20df6f710 the trick to getting that file not passing a User-Agent string. Otherwise 5.152.199.228 appears to blacklist your IP.otaneshttps://www.blogger.com/profile/15243845308238845339noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-80733761974364435772017-02-16T15:10:09.311+00:002017-02-16T15:10:09.311+00:00Seems to be a new thing as I've just received ...Seems to be a new thing as I've just received one of these as well.<br /><br />Same issues identified as @kbro above; including for an address I haven't lived in for over 10 years.<br /><br />Looks like they might be harvesting domain records for these names and addresses.Dghttps://www.blogger.com/profile/08618065483442889521noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-40034918100600934482017-02-16T12:27:08.620+00:002017-02-16T12:27:08.620+00:00Good catch - received one of the critters myself t...Good catch - received one of the critters myself today. Main things that alerted me to it are (1) I have no pool! (2) message addressed to "Dear Mr " (3) lack of house number in address (4) confirmation for an order I know I never placed. But the amount of personal detail is worrying.kbrohttps://www.blogger.com/profile/00794330422541732420noreply@blogger.com