Friday, 5 December 2014

"K J Watking & Co" fake Remittance Advice spam

This fake remittance advice spam has been hammering my inbox this morning. It uses randomly generated sender names but has a consistent fa...
8 comments:
Thursday, 4 December 2014

Something evil on 46.161.30.0/24 (KolosokIvan-net / Ivan Kolosok)

The IP address range of 46.161.30.0/24 (KolosokIvan-net) appears to be dedicated purely to providing phone-home servers for TorrentLocker ...
Wednesday, 3 December 2014

More malware on Crissic Solutions LLC

Another bunch of IPs on Crissic Solutions LLC, leading to what appears to be the Angler EK (see this URLquery report ): 167.160.164.102 ...
1 comment:
Monday, 1 December 2014

Q:is sync.audtd.com a virus? A:probably not.

One of those things that makes you go "hmmm".. I kept seeing a lot of suspect looking traffic from Russian sites to sync.audtd.c...
Thursday, 27 November 2014

Tainted network: Crissic Solutions (167.160.160.0/19)

Several IPs hosted on the Crissic Solutions range of 167.160.160.0/19 (suballocated from QuadraNet) have been hosting exploit kits in the...

Spam: "Telefonrechnung NTTCable November 2014"

This German-language spam leads to malware: Von : NTTCable Europe S.A. [mailto:info@reisebuerowerther.de] Gesendet : Mittwoch, 26. Nove...
Wednesday, 26 November 2014

Spam: "Ihre Telekom Mobilfunk RechnungOnline Monat November 2014 (Nr. 95921500725106)"

This spam leads to malware: From :     Deutsche Telekom AG [g.dogan@idolcarpet.com] Date :     26 November 2014 at 06:57 Subject :     ...
Tuesday, 25 November 2014

What the heck is with 104.152.215.0/25?

A contact gave me the heads up to an exploit kit running on 104.152.215.90 [virustotal] which appears to be using MS16-064 among other t...
1 comment:
Monday, 24 November 2014

MyFax message from "unknown" spam leads to poorly-detected malware

Fax spam again. How quaint. This spam appears to come from the person receiving it (which is an old trick ). From : victim@victimdomain...
19 comments:
Saturday, 22 November 2014

Oplamo Herbal Root scam

As far as I can tell, there is no such thing as "Oplamo Herbal Root". So, this spam is almost definitely a scam. From :     M...

"Ihr Zahlungsauftrag - 41401236123" spam

This German-language spam leads to malware. Von : Sparkasse IT AG [mailto:assistant@fourmusic.com] Gesendet : Freitag, 21. November 201...
Friday, 21 November 2014

StockTips.com spam.. or Joe Job?

When I saw this StockTips.com spam, I assumed that it was a pump-and-dump scam. From :     StockTips.com Date :     21 November 2014 07...
1 comment:

"Duplicate Payment Received" spam from "Enid Tyson" has a malicious DOC

This fake financial spam has a malicious Word document attached. From :     Enid Tyson Date :     21 November 2014 15:36 Subject :   ...

Something evil on 46.8.14.154

46.8.14.154 (Netart Group S.r.o. / Movenix International Inc) forms part of an exploit chain that starts with compromised OpenX servers a...
Tuesday, 18 November 2014

"INCOMING FAX REPORT" spam, let's party like it's 1999

Hang on, I think I need to load some more papyrus into the facsimile machine, the 1990s are back! From :     Incoming Fax [no-reply@efa...
Monday, 17 November 2014

"Test message" spam plague continues..

This plague of spam "test messages" have been going on for two days now, probably sourced from " Botnet 125 " which se...

Interfax "Failed Fax Transmission" spam comes with malicious .DOCM file

This fake fax spam comes with a malicious attachment From :     Interfax [uk@interfax.net] Date :     13 November 2014 20:29 Subject ...
3 comments:
Friday, 14 November 2014

Dear spammers.. alotbqobutarkwqechsdovmzfwa to you too.

Dear spammers, Sending links out like this to drive people to your fake meds site does not work. From: Tudu [tudu@tin.it] Sent: 15 No...
6 comments: