Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Wednesday, 16 September 2015

Malware spam: "Lloyds Bank - Pendeford Securities - Please Read Action Required/PI Documents/ Region code East 2/ 8715811/"

This fake Lloyds Bank spam comes with a malicious payload: From : RSTNAME} Crabtree [Chang.Crabtree@lloydsbankcommercial.com] Date ...

Malware spam: "HSBC SecureMail" / "You have received a secure message"

This fake HSBC email message has a malicious payload: From : HSBC SecureMail [HSBCRepresentative_WilliamsBlankenship@hsbc.co.uk] D...

Monday, 14 September 2015

Spam from "Vanessa Reynolds" / vanessa.reynolds@breedandco.com

This spam does not seem to have a malicious payload, but is likely sent out by the same people who send out Upatre/Dyre malware spam (or p...

Friday, 11 September 2015

Malware spam: "Sales Order Acknowledgement - Order No: EF150085 - Your Reference: 14 /Geneva" / reports@officeteam.co.uk

This fake financial spam comes with a malicious payload: From "reports@officeteam.co.uk" [reports@officeteam.co.uk] Date ...

Thursday, 10 September 2015

Malware spam: "New Fax - 3901535011" / "UK2Fax" [fax2@fax1.uk2fax.co.uk]

This fake fax spam comes with a malicious attachment: From "UK2Fax" [fax2@fax1.uk2fax.co.uk] Date Thu, 10 Sep 2015 14...

Malware spam: "Payroll Received by Intuit" / "Intuit Payroll Services" [IntuitPayrollServices@payrollservices.intuit.com]

This fake payroll spam does not come from Intuit , but instead contains a malicious attachment: From "Intuit Payroll Services...

Tuesday, 8 September 2015

ipserver.su, 5.133.179.0/24 and 212.38.166.0/24

A follow-up to this post , I took a look at the netblocks 5.133.179.0/24 and 212.38.166.0/24 suballocated to: person: Oleg Nik...

Monday, 7 September 2015

Something evil on 184.105.163.192/26 / White Falcon Communications / Dmitry Glazyrin

So.. I spotted some Nuclear EK (or some other Flash exploit) traffic on our network which attracted my interest. The IP in question was 18...

Malware spam: "Credit Note CN-60938 from Stilwell Financial Inc" / "message-service@post.xero.com"

This fake financial spam comes with a malicious payload. From : Accounts [message-service@post.xero.com] To : hp_printer@victimdom...

Malware spam: "Companies House" [WebFiling@companieshouse.gov.uk]

This spam does not come from Companies House, but is instead a simple forgery with a malicious attachment: From "Companies Hou...

Friday, 4 September 2015

Malware spam: "RE:resume" aka "What happened to your files?" / Cryptowall 3.0

This fake résumé spam leads to ransomware: From : fredrickkroncke@yahoo.com Date : 5 September 2015 at 03:50 Subject : RE:res...

DYNAMOO®

DYNAMOO® is a registered trade mark :)

Tuesday, 1 September 2015

Malware spam: "Complaint of your Internet activity"

This spam comes with a malicious attachment: From : Margret Kuhic Date : 1 September 2015 at 16:10 Subject : Complaint of yo...

Malware spam: "Private message notification 41447" / "Adrien Abbott"

This spam comes with a malicious attachment: From : Adrien Abbott Date : 1 September 2015 at 12:34 Subject : Private message ...

Sunday, 30 August 2015

WARNING: projectmanagementinternational.org / "Project Management International" aka Patty Jones and Anthony Christopher Jones

" Project Management International " ( projectmanagementinternational.org ) appears to be another website run by Patty Jones (a...

Thursday, 27 August 2015

Malware spam: "Payslip for period end date 27/08/2015" / "noreply@fermanagh.gov.uk"

This spam does not come from Fermanagh District Council . Of course it doesn't. It is instead a simple forgery with a malicious attach...

Wednesday, 26 August 2015

Malware spam: "RE:resume" leads to Cryptowall

This fake resume spam has a malicious payload. I got part way through decrypting it to discover that @Techhelplistcom had done all the ha...

Fake fax spam spoofs multiple senders, has malicious payload

This fake fax spam comes from random senders - company names and attachment names vary from spam to spam. From : "Heaney, Vandervo...

Malware spam: "Scanned image from MX-2600N" / "noreply@victimdomain.com"

NOTE : As of December 2015 there is an updated version of this spam run . This spam is not from a scanner, but it is instead a simple f...

Tuesday, 25 August 2015

Malware spam: "Invoice 26949 from I - SPI Ltd" / "sales@ispitrade.com"

My spam traps did not collect the body text from this message, so all I have is headers. However, this fake financial email is not from i-...

View web version

Powered by Blogger.