Results tagged “spam”

Malware Now Being Pushed in ".arj" Files

Most file compression formats are ripe for exploitation these days. We've seen our first .arj files today:

Thank you for using our services!
Your order #37311131537 will be shipped on 05-09-2014.

Date: September 02, 2014. 03:09pm
Price: £191.50
Payment method: Wire transfer
Transaction number: 0466142997148E

Please find the detailed information on your purchase in the attached file (sale_2014-09-02_14-20-08_37311131537.arj)

Best regards,
Sales Department
Evelina Example
+07775 xxx xxx

Spam to Your PayPal E-mail Address

As PayPal give your name and e-mail address away to its merchants (i.e: they effectively make it public) - we recommend our clients to use a throw-away or time-limited address for paypal accounts. The spam will be sent to your address using your full name so:

To: "Anthony Other" <another@example.com>

Currently the spam is promoting a fake goods site with the connivance of an ISP based in Hong Kong.

Phishing From Microsoft Messaging

Here’s a phish, sent by: mail14-co9on0066.outbound.messaging.microsoft.com [157.56.211.66] seconds ago:

From: Barclays Bank PLC
Subject: Important Information From Barclays!

You have not used the telephone banking service for some time now and this could lead to a temporary de-activation of your access to this service. In order to ensure your continued usage of the service and other services such as the internet banking, please follow the steps below :
Click here to begin
© 2014 Barclays Bank.
All Rights Reserved

Gmail Spewing Malware

We've trapped a couple of mails from gmail containing malware. Malware in the form of an attachment called "Payment.rar", "document.rar" or "INVOICES.rar"; within that file is a windows ".scr" or ".exe" executable.

The text is like this (sic):

Dear Sir/Ma
Please check attachment for the confirmation of the part payment into your account. Thanks for your patient and we sincerely apologize for the delay. Please find swift message for the payment made via attachment and confirm back.
--
Thanks & Regard,
Rohitashwa K. Mishra,
Senior Journalist,
Dainik Bhaskar Group.

Or perhaps like this, received from mail-vc0-f194.google.com [209.85.220.194] on Tue, 29 Oct 2013 06:12:01 (sic):

Dear sir ,
Regarding to the previous order i made in your company , the goods shipped
to me are not exactly what i purchased, the attachments are the slip of
the payment i made and sample of the products i need if you have them give
me feedback and the new account so that i`ll make the next payment as you
told me .
thanks.

Subscribe to Wowcher?

The email offers promotion company is currently heavily promoiting itself on TV in the UK. There are some reports of non-subscribers receiving spam from this organisation (search online for those).

Here's an extract from the Wowcher T&C's:

We may disclose your information (including personal information) to other companies within the Daily Mail and General Trust plc group of companies (the "DMGT Group", see www.dmgt.co.uk for further information) and may use and share within the DMGT Group information that we learn from your interactions with us and other group companies within the DMGT Group.

Popular Spam Topics

A list of the most popular topics hitting our spamtraps:

  • Phishing.
  • Fake pills.
  • Bogus weight loss products.
  • Search engine so-called optimisation.
  • Fake designer goods.
  • Many types of prepayment scam from the plausible to the preposterous.
  • Car and vehicle leasing.
  • Business training courses.
  • PPI claims.
  • Injury lawyers.
  • Entertainment and events.
  • Laser eye surgery.
  • Electricity tariff switching.
  • Spamming services (no surprise this one).

Yahoo! Account Hacking Continues Apace!

UPDATE 10th July: Yet more accounts have been hacked in the last 24-hours, so the problem continues. snapshot10.png

We've seen a huge increase in spam coming from yahoo.com e-mail servers.

Many accounts have been compromised, more come in every day. There is much talk on the web about this and as of this morning the problem ain't fixed!

Currently the spams are punting links to fake pages promoting work at home or diet scams. snapshot9.png

Both BTinternet (but only for the time being) & now Sky e-mail services in the UK are outsourced to Yahoo! so those accounts are also vulnerable to hijacking.

snapshot8.png Our advice once hacked:
You MUST change your password immediately! If the same password has been used elsewhere then you change it there too as those are also now at risk. If you need a password suggestion: Think of a line from your favorite song (or poem if you like) and use the initial letters from each word, including capital letters and punctuation. Your new password must be at least ten apparently random letters for it to be secure.

Never Trust Your Spam Filter

  • Posted on
  • by
  • in

Being an Android owner I have a Gmail account. Checking my spambox the other day I found this message:

Dear Google Wallet user,
To ensure that you're able to access all of the Google Wallet services and features available in your area, we need you to confirm your home address where you reside. Please visit your Google Wallet account settings page and update your information to ensure continued access to all the features of your Google Wallet account.
For more information, please visit our Help Centre: http://support.google.com/wallet/bin/answer.py?answer=2560589
Sincerely, The Google Wallet Team You have received this mandatory email service announcement to update you about important changes to your Google Wallet account. Please do not reply to this email. Mail sent to this address cannot be answered.

On the face of it a simple phish - Google's filter obviously thaught so, but it is in fact a genuine e-mail sent by Google thenselves. Their own SPF and DKIM tests resulted in a pass, as revealed in the headers. The link is to https://wallet.google.com, so that is also genuine. So if you receive spam, be sure to go through it, you never know what you might find!

What are Yahoo! up to?

  • Posted on
  • by
  • in

UPDATE 17th June: Our server just rejected a spam sent via a Yahoo! server from <bigbiglottocompany@gmail.com>.

You do wonder sometimes. Why on earth are Yahoo! sending SPAM on behalf of these users of other webmail services: hotmail.fr, hotmail.com, gmail.com, rediffmail.com, live.com.

These are sender domains strained from our recent logs and are associated with connections from yahoo.com servers.

Why Complain?

We regularly send SPAM complaints to the AOL postmaster; prompted by e-mails such as this, sent by imr-ma06.mx.aol.comat 08:27GMT today:

Subject: IRREVOCABLE PAYMENT RELEASE ORDER VIA ATM CARD.

Attn: This is to officially inform you that your (ATM Card Pin number ) is : ****-****-****-3337) has been accredited in your favor. Your Personal Identification Number is 8221. The ATM Card Value is US$5,500,000.00. You are advice to contact me with the following information: Name, Address, Phone, Age, Sex, and Occupation. for more details, contact me via email (rev.murrayrichard48@ovi.com).

Thank you,

Rev.Murray Richard

ATM Logistics Unit (ICB)

The reputation, according to AOL, of the server in question is detiorating steadily (see picture), yet this prticular server relays no mail. All that is sent are ARF formatted reports about messages similar to the above.

You Gave Us Your E-mail Address - What Else Did You Expect?

Recently, one of our clients forwarded a SPAM to me. It came from the Nationwide Building Society, you'd think they'd know better.

Dear Mrs REDACTED,
Some time ago, you may remember, you were kind enough to let us have your email address.
Now we have it we'd like to be able to send you email, every now and then, with news of our latest products and services and member information.
After all, email is an easy way to stay in touch.

This is SPAM, plain and simple - both bulk and unsolicited.

E-mail The web.de Postmaster? Don't Bother!

  • Posted on
  • by
  • in

We've suspected for a while that we were banging our heads against a wall, now here's a possible explanation:

This is the Postfix program at host msxmx03.webde.de.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to
If you do so, please include this problem report.
You can delete your own text from the attached returned message.
The Postfix program <blackhole@msxmx03.webde.local>: unknown user: "blackhole"

Taken from a bounce message after sending a mail to the web.de postmaster.