Saturday, 14 February 2015

Spammer: Brad Smith / Unicore Health / unicorehealth.net / unicorehealth.com

This slimed its way into my mailbox: From :    Brad Smith [sales@unicorehealth.net] To :    Morgan Stanley [mstanley@redacted] Date :...
Friday, 13 February 2015

Something evil on 95.163.121.0/24 (Digital Network JSC / com4tel.ru / cloudavt.com)

I've written about DINETHOSTING aka Digital Network JSC many times before, and frankly their entire IP range is a sea of crap, and I ...
2 comments:

Malware spam: "Alison Longworth [ALongworth@usluk.com]" / "PURCHASE ORDER (34663)"

This fake purchase order spam comes with a malicious attachment: From     Alison Longworth [ALongworth@usluk.com] Date     13/02/201...

Malware spam: "Amazon Marketplace [delivery@amazon.uk]" / "Remittance [Report ID:34355-6014742]"

This email with no body text comes with a malicious Excel attachment: From :    Amazon Marketplace [delivery@amazon.uk] Date :    13 F...
2 comments:

Malware spam: "Remittance XX12345678"

This spam comes from randomly-named companies, with slightly different body text and different subject in each case. Here is an example: ...
2 comments:
Thursday, 12 February 2015

Questionable network: 5.135.127.64/27 / userlogin.me

While researching this spam I came across a questionable OVH reseller using the 5.135.127.64/27 range, allocated to userlogin.me. organ...
1 comment:

"invoice :reminder" spam leads to CVE-2012-0158 exploit

This spam has a malicious attachment: From:    Hajime Daichi Date:    12 February 2015 at 15:59 Subject:    invoice :reminder Greet...

Malware spam: "BBB Accreditation Services [no-replay@newyork.bbb.org]" / "BBB SBQ Form"

This fake BBB email has a malicious attachment. From : BBB Accreditation Services [no-replay@newyork.bbb.org] Date : Thu, 12 Feb 2015 ...

Malware spam: "Minuteman Press West Loop" / "westloop@minutemanpress.com" / "INVOICE 1398 - FEB 4 2015"

This fake invoice comes with a malicious attachment. It does not come from Minuteman Press, their systems have not been compromised in any...
Wednesday, 11 February 2015

Malware spam: "Gail Walker [gail@mblseminars.com]" / "Outstanding Invoice 271741"

This fake invoice does NOT comes from MBL Seminars , they are not sending this spam nor have their systems been compromised. Instead, this...

Malware spam: "Your latest e-invoice from.."

This fake invoice spam has a malicious attachment: From :    Lydia Oneal Date :    11 February 2015 at 09:14 Subject :    Your latest...
Tuesday, 10 February 2015

Malware spam: "Megtrade groups [venkianch@gmail.com]" / "RE: Purchase Order Copy"

This spam comes with a malicious attachment: From :    Megtrade groups [venkianch@gmail.com] Reply-To :    venkanch@gmail.com Date :    1...
Friday, 6 February 2015

Something evil on 5.196.143.0/28 and 5.196.141.24/29 (verelox.com)

This quite interesting blog post from Cyphort got me digging into that part of the infection chain using nonsense .eu domains. It uncove...
Thursday, 5 February 2015

Malware spam: "Unable to deliver your item, #000022074" / "FedEx 2Day A.M"

This fake FedEx spam has a malicious script attached. From :    FedEx 2Day A.M. Date :    5 February 2015 at 15:01 Subject :    PETRO...
3 comments:
Wednesday, 4 February 2015

Infographic: Operation Yewtree vs Operation Fernbridge arrests

Two broadly equivalent investigations into child abuse rings, Operation Yewtree and Operation Fernbridge have had very different outcomes....
Tuesday, 3 February 2015

Malware spam: "Circor [_CIG-EDI@circor.com]" / "CIT Inv# 15000375 for PO# SP14161"

This fake finance spam pretends to be from the wholly legitimate firm Circor , but it is not. Instead, it is a forgery with a malicious Wo...
2 comments:
Friday, 30 January 2015

Malware spam: "BACS Transfer : Remittance for.."

So far I have only seen one sample of this.. From     "Garth Hutchison" Date     21/01/2015 11:50 Subject     BACS Transfer :...
Tuesday, 27 January 2015

Malware spam: "Eileen Meade" / "R. Kern Engineering & Mfg Corp."

Kern Engineering & Mfg Corp. is a wholly legitimate firm, they are not sending out this spam nor have their systems been compromised ...
Monday, 26 January 2015

Very lazy Walmart raffle ticket scam spam

Sometimes I see some very sophisticated scams with lovely websites and a credible and convincing pitch to snare the unwary. This isn't...

Malware spam: "CardsOnLine@natwesti.com" / "Cards OnLine E-Statement E-Mail Notification"

This fake NatWest email leads to malware: From:    CardsOnLine [CardsOnLine@natwesti.com] Date:    26 January 2015 at 13:06 Subject: ...
4 comments: