Friday, 31 October 2008

Dating scams and 79.135.168.*

We've seen this type of dating scam several times before. No good will come of engaging "Chantel" in conversations as she does...
Thursday, 30 October 2008

"Apollo Business Services" / scam job offer

Spammers are stupid. This job offer scam combines two different offers, both of which are fraudulent. Part one is for "Apollo Business ...

"Auction Sales Online" job scam

It isn't always clear what the scam is with these fake job offers, but it seems that fraudsters need to recruit a large number of patsie...
1 comment:

Estdomains is not dead yet

Thanks to Sandi for bringing the not-so-good-news that Estdomains is not quite dead yet . For a moment it looked like ICANN had grown some c...
Wednesday, 29 October 2008

Persimmon Homes / Marks & Spencers Vouchers Hoax

There is currently a hoax email circulating similar to the following: Thought this might be useful with Christmas coming up Marks & ...

Estdomains is dead

Good riddance to bad rubbish - Estdomains has be de-accredited by ICANN, although it took long enough. If you're a registrar who wants t...

Alex Shafts, CEO / World Wide Domain Names Part II

Yesterday's "Alex Shafts" spam run is the most bizarre I have seen in a long time, and clearly has been quite widespread give...
1 comment:
Tuesday, 28 October 2008

Alex Shafts, CEO / World Wide Domain Names / LunarPages spam

There's more to this spam than meets the eye.. and be certain that it IS spam and isn't any kind of communication from your domain n...
28 comments:
Friday, 24 October 2008

"Ferrasano Ferrosan" scam email

Another scam job offer, this time it looks like money laundering. The email is perhaps unintentionally funny, and has a few new social engi...
2 comments:

Asprox: 47mode.name, berjke.ru, 81dns.ru

There has been a shift overnight in the domains used in the Asprox SQL injection attack, the ones to look for are: 47mode.name berjke.ru 81d...
3 comments:
Thursday, 23 October 2008

MS08-067

Microsoft Security Bulletin MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644) Let's make i...

"WorldPay CARD transaction Confirmation" / "Academic Resources Center Inc." trojan

This is a fake email message pretending to be from WorldPay relating to a payment to "Academic Resources Center Inc". There's ...
7 comments:
Wednesday, 22 October 2008

"Better Business Bureaus Account Support" trojan

We have seen quite a lot of variants of this particular trojan recently, mostly aimed at banks. This one passes itself off as a some sort of...
Tuesday, 21 October 2008

6700.cn browser hijack (bad), SUPERAntiSpyware (good)

I've just spent several days investigating a machine with a particularly nasty rootkit infection. Despite throwing several tools at it a...

"Data request" trojan

Another EXE-in-ZIP-disguised-as-a-DOC trojan, similar to this one . Subject: Data request From: "Billy Roark" Please f...
Monday, 20 October 2008

"Report Jan-Oct." trojan

This fake email contains an EXE in a ZIP designed to look like a Word document (complete with authentic looking icon), in this case "St...
Thursday, 16 October 2008

"LV Electronics Inc." job offer scam

There are plenty of legitimate companies called "LV Electronics", but this job offer is not from one of them. In this case, the or...

Fake job offer: ias-jobs.org

One of a series of fake job offers that are doing the rounds, this time promoting a company called IAG ("Internet Auction Service"...

Asprox: lang42.ru

Another Asprox SQL injection domain to block / check for is lang42.ru . The following domains have been active in the past 24 hours: 53refer...
Wednesday, 15 October 2008

Asprox: new domains

After being stable for some time, the Asprox SQL injection hacks are now redirecting through a new bunch of .ru domains. 30area.ru 4log-in.r...