From: Sky.com [statement@sky.com]volafile.io is a pretty uncommon place to share files, so it might be worth looking at your traffic to see if there have been any unexpected requests to that site.
Date: 20 May 2015 at 12:30
Subject: Statement of account
Afternoon,
Please find the statement of account, download and view from the link below:
https://dl4.volafile.io/download/8eFEP-cNVEX-Jg/statement_00429117.zip
We look forward to receiving payment for the September invoice as this is now due for payment.
Regards,
Elliot
This email, including attachments, is private and confidential. If you have received this email in error please notify the sender and delete it from your system. Emails are not secure and may contain viruses. No liability can be accepted for viruses that might be transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members: Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
======================
From: Voice Mail [Voice.Mail@victimdomain]
Date: 20 May 2015 at 12:11
Subject: You have a new voice
You are receiving this message because we were unable to deliver it, voice message did not go through because the voicemail was unavailable at that moment.
* The reference number for this message is _qvs5419167125_001
The transmission length was 41
Receiving machine ID : BA9R-DUQUC-TY7T
To download and listen your voice mail please follow the link below: https://dl3.volafile.io/download/rnTYPuYNVEX6Jw/statement_00429114.zip
The link to this secure message will expire in 24 hours. If you would like to save a copy of the email or attachment, please save from the opened encrypted email. If an attachment is included, you will be given the option to download a copy of the attachment to your computer.
Showing posts with label Sky. Show all posts
Showing posts with label Sky. Show all posts
Wednesday, 20 May 2015
Malware spam: "Sky.com / Statement of Account" and "Voice Mail / You have a new voice" via volafile.io
These two spam runs attempt to download malware from volafile.io. To give the folks at Volafile credit, all the malware I have seen linked to has been taken down. I suspect that the payload is the Dyre banking trojan.
Thursday, 2 October 2014
Sky doesn't understand "opting out" of marketing emails
Are you making the most of your Sky TV?
We’re checking our records and can see that you’re not currently opted in to get offers by email, so there are bound to be things you’re not hearing about, like:
- exclusive money-saving offers on fantastic Sky products and services
- the chance to trial our most popular products and services totally free
We’ll also donate £2 to Sky Rainforest Rescue, our partnership with WWF, for every customer that opts in – up to £10,000. Sky Rainforest Rescue is helping to save 1 billion trees in the Amazon. So you’ll be making a real difference to the rainforest, which is home to an astonishing one in 10 of all the wild species on Earth.
It only takes a minute, so opt in today and get more out of being a Sky customer.
Sky seem aghast that I'm not interested in a stream of marketing emails for products which I am probably not interested in. Which is why I opted out of having them. I don't want to be nagged about opting out - that's not honouring the opt out is it? In other words.. this is spam.
Just in case Sky ever ends up reading it, I will put it in terms that you might understand..
Wednesday, 3 September 2014
Sky.com "Statement of account" spam.. again.
These fake Sky emails are pretty common and have a malicious attachment:
notarioschiapas.com
faviles.com
Date: Wed, 3 Sep 2014 09:17:22 +0200 [03:17:22 EDT]The attachment is Statement.zip which contains a malicious executable Statement.scr which has a reasonable VirusTotal detection rate of 18/55. The Anubis report indicates that the binary phones home to the following domains which may be worth blocking:
From: "Sky.com" [statement@sky.com]
Subject: Statement of account
Afternoon,
Please find attached the statement of account.
We look forward to receiving payment for August, invoice as this is now due for payment.
Regards,
Clark
This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
notarioschiapas.com
faviles.com
Labels:
EXE-in-ZIP,
Malware,
Sky,
Spam,
Viruses
Tuesday, 15 April 2014
Sky.com "Statement of account" spam
Another fake sky.com email with a malicious payload..
[donotclick]pelicansea.com/css/1504UKd.zip
[donotclick]twinest.com/images/1504UKd.zip
A number of other IPs are contacted as well, indicating this this is P2P/Gameover Zeus.
Date: Tue, 15 Apr 2014 19:40:23 +0800 [07:40:23 EDT]Attached is a file Statement.zip which contains a malicious executable Statement.scr which has a VirusTotal detection rate of 9/51. Automated analysis tools [1] [2] [3] show an attempted download from the following locations:
From: "Sky.com" [statement@sky.com]
Subject: Statement of account
Afternoon,
Please find attached the statement of account.
We look forward to receiving payment for the February invoice as this is now due for
payment.
Regards,
Kathy
This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
[donotclick]pelicansea.com/css/1504UKd.zip
[donotclick]twinest.com/images/1504UKd.zip
A number of other IPs are contacted as well, indicating this this is P2P/Gameover Zeus.
Thursday, 13 March 2014
Sky.com "Statement of account" spam
This fake Sky.com email comes with a malicious attachment:
188.247.130.190 (Prime Telecom SRL, Romania)
gobemall.com
gobehost.info
184.154.11.228 (Singlehop, US)
terenceteo.com
184.154.11.233 (Singlehop, US)
quarkspark.org
The two Singlehop IPs appear to belong to Host The Name (hostthename.com) which perhaps indicates a problem at that reseller.
Recommended blocklist:
184.154.11.228
184.154.11.233
188.247.130.190
gobemall.com
gobehost.info
terenceteo.com
quarkspark.org
Date: Thu, 13 Mar 2014 12:23:09 +0100 [07:23:09 EDT]Attached is an archive Statement.zip which in turn contains a malicious executable Statement.scr which has a VirusTotal detection rate of 6/50. Automated analysis tools [1] [2] [3] show attempted connections to the following domains and IPs:
From: "Sky.com" [statement@sky.com]
Subject: Statement of account
Afternoon,
Please find attached the statement of account.
We look forward to receiving payment for the December invoice as this is now due for
payment.
Regards,
Carmela
This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
188.247.130.190 (Prime Telecom SRL, Romania)
gobemall.com
gobehost.info
184.154.11.228 (Singlehop, US)
terenceteo.com
184.154.11.233 (Singlehop, US)
quarkspark.org
The two Singlehop IPs appear to belong to Host The Name (hostthename.com) which perhaps indicates a problem at that reseller.
Recommended blocklist:
184.154.11.228
184.154.11.233
188.247.130.190
gobemall.com
gobehost.info
terenceteo.com
quarkspark.org
Friday, 22 July 2011
Sky survey boll*cks
I'm feeling quite sweary this week, so here's a stupid email from a market research company who are pretending not to be doing it for Sky (I know it's for Sky because it uses an email address only used to sign up to Sky). It's b*llocks basically.
So.. you want me to spend 15 minutes doing market research for Sky - a company that I don't use for broadband - just to help them shape their business? I did very much enjoy telling them that I don't have a TV or broadband access. Maybe this will screw up their survey.
Is this spam? It's hard to tell. I have a pre-existing relationship with Sky, but I'm pretty sure I didn't opt-in for this. It would be much more honest if Sky just admitted that they were behind it. Although perhaps their relationship with Rupert Murdoch's empire might be driving them to keep it quiet..
From: Tpoll Broadband Survey helpdesk@tpoll.net
Date: 22 July 2011 16:19
Subject: A survey about your broadband provider
Dear Mr Dynamoo
A well-known broadband provider has commissioned us here at Tpoll, an independent market research agency, to talk to people about their opinions and experiences with their TV and broadband providers.
The broadband provider in question is very keen to properly understand their customers’ needs, how well the products and services they offer are meeting their needs, and how they compare to other providers. They have asked Tpoll to investigate and we have invited you to take part in an online survey to share your thoughts and opinions.
This survey is organised and run under the rules of the Market Research Society. All responses will be strictly confidential and results will only be looked at on an aggregated level so please be as honest as you can with your answers.
Your answers will be very much appreciated and will be extremely valuable in shaping the products and services the provider offers.
Please click on the link below to start the survey - it should take 10 to 15 minutes to complete.
Click here to begin
Many Thanks,
Elizabeth Green
Tpoll Market Intelligence
So.. you want me to spend 15 minutes doing market research for Sky - a company that I don't use for broadband - just to help them shape their business? I did very much enjoy telling them that I don't have a TV or broadband access. Maybe this will screw up their survey.
Is this spam? It's hard to tell. I have a pre-existing relationship with Sky, but I'm pretty sure I didn't opt-in for this. It would be much more honest if Sky just admitted that they were behind it. Although perhaps their relationship with Rupert Murdoch's empire might be driving them to keep it quiet..
Subscribe to:
Posts (Atom)