Dynamoo's Blog
Malware, spam, scams and random stuff, by Conrad Longmore.
Thursday 24 August 2017
Multiple badness on metoristrontgui.info / 119.28.100.249
›
Two massive fake "Bill" spam runs seem to be under way, one claiming to be from BT and the other being more generic. Subject ...
Wednesday 23 August 2017
Malware spam: "Customer Service" / "Copy of Invoice xxxx"
›
This fairly generic spam leads to the Locky ransomware: Subject : Copy of Invoice 3206 From : "Customer Service" ...
Malware spam: "Voice Message Attached from 0xxxxxxxxxxx - name unavailable"
›
This fake voice mail message leads to malware. It comes in two slightly different versions, one with a RAR file download and the other wit...
1 comment:
Tuesday 22 August 2017
Malware spam from "Voicemail Service" [pbx@local]
›
This fake voicemail leads to malware: Subject : [PBX]: New message 46 in mailbox 461 from "460GOFEDEX" <8476446077&g...
1 comment:
Monday 21 August 2017
Cerber spam: "please print", "images etc"
›
I only have a couple of samples of this spam, but I suspect it comes in many different flavours.. Subject : images From : &...
Wednesday 19 July 2017
Necurs oddity II: avto111222@bigmir.net
›
Yesterday I saw a series spam emails from Necurs apparently attempting to collect replies to super.testtesttest2018@yahoo.com . Although t...
Tuesday 18 July 2017
Necurs oddity: super.testtesttest2018@yahoo.com / "hi test"
›
This email is sent from the Necurs botnet and appears to be collecting automatic replies, using a Reply-To email address of super.testtest...
1 comment:
Malware spam: UK Fuels Collection / "invoices@ebillinvoice.com"
›
This fake invoice comes with a malicious attachment: From : invoices@ebillinvoice.com Date : 18 July 2017 at 09:37 Subject : ...
Tuesday 13 June 2017
Bellatora Inc (ECGR) pump-and-dump spam
›
It's been a little while since we've since an illegal pump-and-dump spam from the Necurs botnet, but here is a new one pushing a ...
20 comments:
Monday 5 June 2017
Malware spam: "John Miller Limited" / "Invoice"
›
This spam pretends to come from John Miller Ltd (but doesn't) and comes with a malicious payload. The domain mentioned in the email d...
Thursday 11 May 2017
Malware spam with "nm.pdf" attachment
›
Currently underway is a malicious spam run with various subjects, for example: Scan_5902 Document_10354 File_43359 Senders are random,...
Tuesday 2 May 2017
Malware spam: DHL Shipment 458878382814 Delivered
›
Another day and another fake DHL message leading to an evil .js script. From : DHL Parcel UK [redacted] Sent : 02 May 2017 09:30 To : [...
Thursday 27 April 2017
Malware spam: Scotiabank / "Secure email communication" / Secure.Mail@scotiabankmail.com
›
This fake financial spam leads to malware: From : ScotiaBank [Secure.Mail@scotiabankmail.com] Date : 27 April 2017 at 14:13 Subje...
Malware spam: Royal Mail GrŠ¾up / "Delivery attempt fail notice"
›
This fake Royal Mail email leads to malware. From : Aretha Stickles [mailto:support@360modshop.com] Sent : 27 April 2017 12:31 Subject ...
Wednesday 19 April 2017
Malware spam: "Copy of your 123-reg invoice" / no-reply@123-reg.co.uk
›
This fake financial spam does not come from 123-Reg (nor is it sent to 123-Reg customers). It has a malicious attachment. From no-r...
Monday 17 April 2017
Malware spam: "RE: RE: ftc refund" / secretary@ftccomplaintassistant.com
›
This fake FTC email leads to malware. Curiously, it was sent to a company that received a multimillion dollar FTC fine, but this is almost...
Thursday 13 April 2017
Malware spam: "Company Documents" / WebFilling@companieshousemail.co.uk and companieshouseemail.co.uk plus others
›
This spam email does not come from Companies House, but is instead a simple forgery with a malicious attachment: From: Companies House...
Tuesday 11 April 2017
Pump and dump spam: Quest Management Inc (QSMG) stock
›
Following on from last month's INCT pump and dump spam the Necurs botnet is now promoting a Latvian company Quest Management Inc (QSM...
43 comments:
‹
›
Home
View web version