Tuesday, 5 August 2014

"Invoice 20146308660 June 2014 - July 2014" spam

This summary is not available. Please click here to view the post.
Monday, 4 August 2014

Bank of America "Important Documents" spam leads to Cryptowall

This fake BofA spam has a malicious payload: Date:      Mon, 4 Aug 2014 19:57:07 +0800 [07:57:07 EDT] From:      Andrea Talbot [Andrea...
1 comment:

"Invoice 2014080420" spam

This spam has a malicious attachment: Date:      Mon, 04 Aug 2014 20:29:43 +0900 [07:29:43 EDT] From:      Accounts Dept [tolvan.rover@...

"Important - BT Digital File" spam

This fake BT spam has a malicious attachment: Date:      Mon, 4 Aug 2014 08:48:51 -0430 [09:18:51 EDT] From:      Marci Tobin Subject...

"Sup" snowshoe spam from 208.71.174.32/27

Here's a strange spam I've been tracking for a couple of days: Date :      Sun, 03 Aug 2014 20:56:48 -0700 [08/03/14 23:56:48 E...
Saturday, 2 August 2014

Warning: ipma2014.org (Institute of Project Management America)

Just a quick note to say that if you see an email referring to the site ipma2014.org then this is a new domain for the so-called Institut...
Friday, 1 August 2014

"Corporate eFax message from "unknown" - 3 page(s)" spam

This somewhat mangled spam has a malicious attachment: Date:      Fri, 1 Aug 2014 09:45:45 -0700 [12:45:45 EDT] From:      eFax Corpor...
1 comment:

"Payroll Received by Intuit" spam / Cryptowall

I haven't seen any fake Intuit spam for a while. This one comes with a malicious attachment: Date:      Fri, 1 Aug 2014 07:59:12 -0...

New York City Police "Homicide Suspect" spam using goo.gl shortener to spread malware

The bad guys are enjoying the goo.gl URL shortening service at the moment (remember, you can report goo.gl spam to goo.gl/spam-report ). T...

NatWest "You have a new Secure Message" spam uses goo.gl links to spread malware

This fake NatWest bank message uses the Goo.gl URL shortener to spread malware: From :     NatWest [secure.message@natwest.com] Date...
1 comment:
Thursday, 31 July 2014

"Scanned Image from a Xerox WorkCentre" spam

This is a thoroughly old school spam with a malicious attachment. Date:      Thu, 31 Jul 2014 18:16:08 +0000 [14:16:08 EDT] From:      ...

Evernote "File has been sent" spam

I've never understood Evernote. Something to do with elephants I think. But this spam isn't from them anyway.. Date:      Thu, 3...

"New fax" spam using goo.gl shortening service

Here are a couple of variations of a fax spam using the goo.gl shortening service: From :     Fax [fax@victimdomain] Date :     31 Ju...
2 comments:
Wednesday, 30 July 2014

"Payslip" spam

Presumably terseness works with this kind of message: From:     Richard Mason [richardm254@gmail.com] Date:     30 July 2014 21:23 Sub...
1 comment:

"AMAZON.CO.UK - Your Amazon order" spam

Another fake Amazon spam with a malicious payload: Date:      Wed, 30 Jul 2014 18:08:43 +0800 [06:08:43 EDT] From:      "AMAZON.CO....

"Order status -950533 30.07.2014.xls" spam

This body-text-less spam comes with a malicious attachment. Date :      Wed, 30 Jul 2014 17:06:27 +0530 [07:36:27 EDT] From :      Twil...

QuickBooks "Important - Payment Overdue" spam has a malicious PDF attachment

This fake QuickBooks Invoice spam comes with a malicious payload: From:     QuickBooks Invoice [auto-invoice@quickbooks.com] Date:     ...
Tuesday, 29 July 2014

Something evil on 31.210.96.155, 31.210.96.156, 31.210.96.157 and 31.210.96.158 (31.210.96.152/29)

[Note, an update to this can be found here ] I don't know quite what the exploit kit of the month is here, but the IP addresses 31.2...
Monday, 28 July 2014

amazon.co.uk "Your Amazon order" spam

This fake Amazon spam comes with a malicious attachment: Date:      Mon, 28 Jul 2014 13:15:57 +0200 [07:15:57 EDT] From:      "AMA...

Something evil on 88.198.252.168/29 (Ransomware)

88.198.252.168/29 (Hetzner, Germany) is infected with a whole bunch of ransomware landing pages, like this: In the past this IP range h...
2 comments: