Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Wednesday, 17 September 2014

"You've received a new fax". No you haven't, you've received a new bit of malware.

This tired old spam format comes with warmed-over malware attachment. From : Fax [fax@victimdomain.com] Date : 17 September 2...

Tuesday, 16 September 2014

WARNING: "Grant Funding USA" (grantfundingusa.org)

If you are tempted by the offer of a course from an organisation called Grant Funding USA with a website grantfundingusa.org then read t...

"Unpaid invoice notification" spam leads to Angler Exploit Kit

This convincing-looking but fake spam leads to an exploit kit. From: Christie Foley [christie.foley@badinsky.sk] Reply-to: Chr...

"Kifilwe Shakong" "Copied invoices" spam

Kifilwe Shakong is a real person who works for Cashbuild in South Africa. She is not the person sending these messages, they are forgerie...

"You've received a new fax" spam

Somebody has sent me a facsimile transmission. How quaint. From: Fax Date: 16 September 2014 11:05 Subject: You've rec...

"inovice 0293991 September" spam

This spam mis-spells "invoice" in the subject line, and has an .arj file attached that contains a malicious binary. Example su...

Monday, 15 September 2014

Sage "Outdated Invoice" spam

Another day, another fake Sage email leading to malware: From : Sage Invoice [invoice@sage.com] Date : 15 September 2014 12:08...

"Overdue invoice #6767390" spam has a malicious .arj attachment

This fake invoice email has a malicious attachment: From: Mauro Reddin Date: 15 September 2014 10:32 Subject: Overdue invo...

Inspiration Mining Corporation (T.ISM / ISM.TO) pump-and-dump spam

This pump-and-dump spam for Inspiration Mining Corporation (T.ISM) follows on from this recent spam run , but this time it is pushing it u...

Thursday, 11 September 2014

"To All Employee's - Important Address UPDATE" spam leads to Cryptowall

This fake HR spam leads to a malicious ZIP file: From: Administrator [administrator@victimdomain.com] Date: 11 September 2014 22...

"rooms reservation" spam leads to a malicious Word document

This fake hotel booking email has a malicious Word document attached: From: Zorita [info@convividautore.it] Date: 11 September 2...

eFax spam leads to Cryptowall

Yet another fake eFax spam. I mean really I cannot remember the last time someone sent me a fax. What's next? "Someone has sent ...

Malicious WordPress injection sending to 178.62.254.78 and 176.58.100.98

There is currently some sort of injection attack against WordPress sites that is injected code into the site's .js files. Not so unusual...

DPD Services "Home Delivery Notification" spam

This fake DPD message contains a link leading to an exploit kit. From: DPD Services [dpd_support@nikos-fahrschule.com] Reply-to: ...

"LLC INC" / llcinc.net fake job offer

This fake company's name looks like it has been designed to be hard to find on Google. The so-called LLC INC using the domain llcinc....

Wednesday, 10 September 2014

Geir Myklebust (DHL NO) [Geir.Myklebust@dhl.com] invoice spam has a malicious attachment

Geir Myklebust is a real employee for DHL in Norway, but neither he nor DHL are responsible for this spam run in any way (their systems ha...

Tuesday, 9 September 2014

Sage "Outdated Invoice" spam

This fake Sage email leads to a malicious file. From : Sage Account & Payroll [invoice@sage.com] Date : 9 September 2014 13:3...

Monday, 8 September 2014

"PAYMENT SLIP" spam comes with an encrypted .7z archive

This spam comes with a malicious attachment: From: daniel mo [danielweiche002@gmail.com] Subject: PAYMENT SLIP Signed by: g...

RBS "Important Docs" spam doing the rounds again

The Royal Bank of Scotland has been spoofed several times recently, this latest fake spam contains a payload that looks like it might be C...

BH Live Tickets "Peter Pan" spam (bhlive.co.uk / bhlivetickets.co.uk)

I have seen a very large quantity of these spam emails, purporting to be from From : bhlivetickets@bhlive.co.uk Date : 8 Septemb...

View web version

Powered by Blogger.