Most file compression formats are ripe for exploitation these days. We've seen our first
.arj
files today:
Thank you for using our services!
Your order #37311131537 will be shipped on 05-09-2014.
Date: September 02, 2014. 03:09pm
Price: £191.50
Payment method: Wire transfer
Transaction number: 0466142997148E
Please find the detailed information on your purchase in the attached file (sale_2014-09-02_14-20-08_37311131537.arj)
Best regards,
Sales Department
Evelina Example
+07775 xxx xxx
As
PayPal
give your name and e-mail address away to its merchants
(i.e: they effectively make it public) -
we recommend our clients to use a throw-away or time-limited address for paypal accounts.
The spam will be sent to your address using your full name so:
To: "Anthony Other" <another@example.com>
Currently the spam is promoting a fake goods site with the connivance of an
ISP
based in Hong Kong.
Here’s a phish, sent by: mail14-co9on0066.outbound.messaging.microsoft.com [157.56.211.66] seconds ago:
From: Barclays Bank PLC
Subject: Important Information From Barclays!
You have not used the telephone banking service for some
time now and this could lead to a temporary de-activation
of your access to this service.
In order to ensure your continued usage of the service and
other services such as the internet banking, please follow
the steps below :
Click here to begin
© 2014 Barclays Bank.
All Rights Reserved
We've trapped a couple of mails from gmail containing malware. Malware in the form of an attachment called
"Payment.rar", "document.rar" or "INVOICES.rar";
within that file is a windows ".scr" or ".exe" executable.
The text is like this (sic):
Dear Sir/Ma
Please check attachment for the confirmation of the part payment into your account. Thanks for your patient and we sincerely apologize for the delay. Please find swift message for the payment made via attachment and confirm back.
--
Thanks & Regard,
Rohitashwa K. Mishra,
Senior Journalist,
Dainik Bhaskar Group.
Or perhaps like this, received from
mail-vc0-f194.google.com [209.85.220.194]
on Tue, 29 Oct 2013 06:12:01
(sic):
Dear sir ,
Regarding to the previous order i made in your company , the goods shipped
to me are not exactly what i purchased, the attachments are the slip of
the payment i made and sample of the products i need if you have them give
me feedback and the new account so that i`ll make the next payment as you
told me .
thanks.
The email offers promotion company is currently heavily promoiting itself on TV in the
UK.
There are some reports of non-subscribers receiving spam from this organisation (search online for those).
Here's an extract from the
Wowcher
T&C's:
We may disclose your information (including personal information) to other companies within the Daily Mail and General Trust plc group of companies (the "DMGT Group", see
www.dmgt.co.uk
for further information) and may use and share within the DMGT Group information that we learn from your interactions with us and other group companies within the DMGT Group.
A list of the most popular topics hitting our spamtraps:
- Phishing.
- Fake pills.
- Bogus weight loss products.
- Search engine so-called optimisation.
- Fake designer goods.
- Many types of prepayment scam from the plausible to the preposterous.
- Car and vehicle leasing.
- Business training courses.
- PPI claims.
- Injury lawyers.
- Entertainment and events.
- Laser eye surgery.
- Electricity tariff switching.
- Spamming services (no surprise this one).
UPDATE 10th July: Yet more accounts have been hacked in the last 24-hours, so the problem continues.
We've seen a huge increase in spam coming from yahoo.com e-mail servers.
Many accounts have been compromised, more come in every day. There is much talk on the web about this and as of this morning the problem ain't fixed!
Currently the spams are punting links to fake
pages promoting work at home or diet scams.
Both
BTinternet
(but
only for the time being)
& now
Sky
e-mail services in the UK are outsourced to Yahoo! so those accounts are also vulnerable to hijacking.
Our advice once hacked:
You MUST change your password immediately! If the same password has been used elsewhere then you change it there too as those are also now at risk. If you need a password suggestion: Think of a line from your favorite song (or poem if you like) and use the initial letters from each word, including capital letters and punctuation. Your new password must be at least ten apparently random letters for it to be secure.
Being an Android owner I have a Gmail account. Checking my spambox the other day I found this message:
Dear Google Wallet user,
To ensure that you're able to access all of the Google Wallet services and features available in your area, we need you to confirm your home address where you reside. Please visit your Google Wallet account settings page and update your information to ensure continued access to all the features of your Google Wallet account.
For more information, please visit our Help Centre: http://support.google.com/wallet/bin/answer.py?answer=2560589
Sincerely, The Google Wallet Team
You have received this mandatory email service announcement to update you about important changes to your Google Wallet account. Please do not reply to this email. Mail sent to this address cannot be answered.
On the face of it a simple phish - Google's filter obviously thaught so, but it is in fact a genuine e-mail sent by Google thenselves. Their own SPF and DKIM tests resulted in a pass, as revealed in the headers. The link is to https://wallet.google.com, so that is also genuine. So if you receive spam, be sure to go through it, you never know what you might find!
UPDATE 17th June: Our server just rejected a spam sent via a Yahoo! server from
<bigbiglottocompany@gmail.com>.
You do wonder sometimes. Why on earth are
Yahoo!
sending SPAM on behalf of these users of other webmail services: hotmail.fr, hotmail.com, gmail.com, rediffmail.com, live.com.
These are sender domains strained from our recent logs and are associated with connections from yahoo.com servers.
After much delay by the admins at Hotmail,
tvScience are now members of their Junk Mail Reporting Partner Program (JMRPP).
The original application was placed on 2012-04-02, by the time we were accepted even the satisfaction survey had expired! An irony there I feel.
We are now members of the Yahoo! FBL, the AOL FBL
and the Hotmail JMRPP
- a full house!
We regularly send SPAM complaints to the AOL postmaster; prompted by e-mails such as this, sent by imr-ma06.mx.aol.comat 08:27GMT today:
Subject: IRREVOCABLE PAYMENT RELEASE ORDER VIA ATM CARD.
Attn: This is to officially inform you that your (ATM Card Pin number ) is : ****-****-****-3337) has been accredited in your favor. Your Personal Identification Number is 8221. The ATM Card Value is US$5,500,000.00. You are advice to contact me with the following information: Name, Address, Phone, Age, Sex, and Occupation. for more details, contact me via email (rev.murrayrichard48@ovi.com).
Thank you,
Rev.Murray Richard
ATM Logistics Unit (ICB)
The reputation, according to AOL, of the server in question is detiorating steadily (see picture), yet this prticular server relays no mail. All that is sent are ARF formatted reports about messages similar to the above.
Recently, one of our clients forwarded a SPAM to me. It came from the
Nationwide Building Society,
you'd think they'd know better.
Dear Mrs REDACTED,
Some time ago, you may remember, you were kind enough to let us have your email address.
Now we have it we'd like to be able to send you email, every now and then, with news of our latest products and services and member information.
After all, email is an easy way to stay in touch.
This is SPAM, plain and simple - both bulk and unsolicited.
We've suspected for a while that we were banging our heads against a wall, now here's a possible explanation:
This is the Postfix program at host msxmx03.webde.de.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to
If you do so, please include this problem report.
You can delete your own text from the attached returned message.
The Postfix program <blackhole@msxmx03.webde.local>: unknown user: "blackhole"
Taken from a bounce message after sending a mail to the web.de postmaster.