Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Monday, 12 January 2015

Malware spam: "Invoice from simply carpets of Keynsham Ltd"

This fake invoice spam comes with a malicious Word document attached. It is not from Simply Carpets of Keynsham Ltd , it is spoofed (i.e....

Friday, 9 January 2015

Malware spam: "Employee Documents - Internal Use" / "Fax [no-replay@fax-voice.com]"

This fake fax run is a variation of this one from yesterday. From: Fax [no-replay@fax-voice.com] Date: 9 January 2015 at 14:52...

Malware spam: DO-NOT-REPLY Datasharp UK Ltd - Monthly Invoice & Report

This spam email pretends to be from a wholly legitimate company called Datasharp UK Ltd but it isn't, it is a spoof. Datasharp is not...

Thursday, 8 January 2015

MyFax [no-replay@my-fax.com] spam campaign

I am endebted to several people for help with this (not all of whom I can mention). It is similar to this recent spam run analysed by T...

Persistent hijacked GoDaddy domains serve malware via Turkish IPs

Last year I wrote about a small bunch of IPs belonging to Radore Veri Merkezi Hizmetleri A.S in Turkey that seemed to be aggressively pu...

Malware spam "INVOICE ADVISE 08/01/2015" and "NOVEMBER INVOICE" from multiple fake senders

These two spam runs have different email messages but the same payload. In both cases, there are multiple fake senders Sample 1 - INVOI...

Malware spam: "Ieuan James" / "invoice EME018.docx"

So far this morning I've seen a handful of these malformed malware spams, claiming to be from a Ieuan James and with a subject of inv...

Wednesday, 7 January 2015

Exploit kits on Choopa LLC / Gameservers.com IP addresses

While chasing down this exploit kit yesterday, I noticed an awful lot of related IP addresses and domains that also seemed to be hosting ...

Invoice spam with malicious XLS file from multiple companies

This spam run looks very similar to this one going out at roughly the same time, except this has a malicious XLS file rather than a DOC/ ...

"Remittance Advice" malware spam from multiple spoofed companies

This fake financial spam claims to be from one of several legitimate companies. They are not sending the spam, not have their systems been...

Malware spam: "Eliza Fernandes" / "NUCSOFT-Payroll December 2014"

This fake spam pretends to be from an Indian company called Nucsoft but it isn't, instead it comes with a malicious Word document att...

Tuesday, 6 January 2015

hqq.tv serving up exploit kit (via Digital Ocean and Choopa)

I will confess that I haven't had a lot of time to look at this, but here's an infection chain starting from a scummy-looking vide...

"PAYMENT ADVICE 06-JAN-2015" malware spam

This spam has a malicious attachment: From : Celeste , Senior Accountant Date : 6 January 2015 at 10:13 Subject : PAYMENT ADVIC...

Malware spam: SGBD National Payments Centre / Saint Gobain UK / This is your Remittance Advice

This fake financial spam has a malicious payload: Date : 6 January 2015 at 08:56 Subject : This is your Remittance Advice #ATS29...

Friday, 2 January 2015

binarysmoney.com / clickmoneys.com / thinkedmoney.com "job" spam

I've been plagued with these for the past few days: Date : 2 January 2015 at 11:02 Subject : response Good day! We considered...

Wednesday, 31 December 2014

Evil network: 217.71.50.0/24 / ELTAKABEL-AS / TXTV d.o.o. Tuzla / aadeno@inet.ba

This post by Brian Krebs drew my attention to a block of Bosnian IP addresses with an unusually bad reputation. The first clue is given b...

NetGuard Toolbar (ngcmp.com) spam

Sometimes a spam comes through and it isn't immediately obvious what they are trying to do: From : Brad Lorien [bclorien@ngcmp.c...

View web version

Powered by Blogger.