Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Wednesday, 4 December 2013

"british-googleapps.com" (and other googleapps.com domains) job scam

This following spam email is attempting to recruit money mules : From: arwildcbrender@victimdomain.com to: arwildcbrender@victi...

Tuesday, 3 December 2013

Another day, another fake eFax spam

These fake eFax spams are getting a bit dull. As you might expect, this one comes with a malicious attachment. Date: Tue, 3 Dec 20...

Friday, 29 November 2013

Registered Express Corporation (RGTX) pump and dump spam

It's taken me a few days to get around to this due to moving house, but here's a new pump-and-dump spam run promoting a stock Regi...

Wednesday, 27 November 2013

"ADP - Reference #274135902580" spam / Transaction.exe

Is it Salesforce or ADP? Of course.. it is neither. Date: Wed, 27 Nov 2013 11:50:07 +0100 [05:50:07 EST] From: "support@...

Tuesday, 26 November 2013

Something evil on 46.19.139.236

46.19.139.236 (Private Layer Inc, Switzerland) seems to be serving up some sort of Java exploit kit via injection attacks which is utilis...

"You requested a new Facebook password!" spam / Recoverypassword.zip and Facebook-SecureMessage.exe

This fake Facebook message comes with a malicious attachment: Date: Tue, 26 Nov 2013 04:58:18 +0300 [11/25/13 20:58:18 EST] From:...

Monday, 18 November 2013

0844 number scam (08445715179)

This is a particularly insidious scam that relies on mobile phone users in the UK not knowing that an 0844 number is much, much more expen...

Friday, 15 November 2013

RingCentral "Bank of America" fax message spam / 442074293440-1116-084755-242.zip

This fake fax message email has a malicious attachment: Date: Fri, 15 Nov 2013 12:05:36 -0500 [12:05:36 EST] From: RingCentr...

Malware sites to block 15/11/2013 (Caphaw)

Thanks to a tip to investigate 199.68.199.178 I discovered that the Caphaw network I looked at yesterday is much bigger than I thought. T...

Thursday, 14 November 2013

Malware sites to block 14/11/2013 (Caphaw)

These domains and IPs appear to be involved in a Caphaw malware attack, such as this one . All the IPs involved belong to Hetzner in Germa...

Wednesday, 13 November 2013

The EXE-in-ZIP spam storm continues

Two more EXE-in-ZIP spams.. the first is a terse one with a subject " Voice Message from Unknown Caller " or " Voicemail Me...

PayPal "Identity Issue" spam / Identity_Form_04182013.zip

This fake PayPal (or is it Quickbooks?) spam has a malicious attachment: Date: Wed, 13 Nov 2013 02:27:39 -0800 [05:27:39 EST] Fro...

"Rodrigo Sawyer and Associates" fake job offer

This laughable primitive fake job offer is recruiting for money mules , package reshipping or some other scam. From: RSA-CAREER! [...

Tuesday, 12 November 2013

"2012 and 2013 Tax Documents; Accountant's Letter" spam / tax 2012-2013.exe

This fake tax spam comes with a malicious attachment: Date: Wed, 13 Nov 2013 00:44:46 +0800 [11:44:46 EST] From: "suppor...

"Important - New Outlook Settings" spam / Outlook.zip

This spam email has a malicious attachment: Date: Tue, 12 Nov 2013 16:22:38 +0100 [10:22:38 EST] From: Undisclosed Recipient...

"You have received new messages from HMRC" spam, HMRC_Message.zip and qualitysolicitors.com

This fake HMRC spam comes with a malicious attachment. Because the spammers have copied-and-pasted the footer from somewhere random it als...

Dynamic DNS sites you might want to block, 12/11/13

These domains are used for dynamic DNS and are operated by a company called Dyn who offer a legitimate service, but unfortunately it is a...

Monday, 11 November 2013

"Consumer Benefit Ltd" adware sites to block

A couple of network blocks came to my attention after investigating some adware ntlanmbn.exe ( VirusTotal report ) and GFilterSvc.exe ( ...

View web version

Powered by Blogger.