« Facebook Malware Lure du Jour | Main | More Faux-Amazon Malware Delivery »
| Home | The Book | Training | Events | Tools | Stats |
Web log archive.
A Dispatch
April 02, 2010
March of the Money MulesA money mule recruiter is flooding the intertubes with job offers left and right. The sending bot appears to have a template to follow, complete with a variety of plug-in sentences and phrases. Mule Libs?
Look at this group of four (and refrain from giggling at things like "United Statesan" residents):
Number 1:
Subject: Regional Representatives NeededCompliments
I'm addressing you on behalf of the HR department of a large company. Our company is engaged in different areas of activity, such as:
- consulting services
- bank accounts opening and maintenance
- private undertaking services
- etc.We have vacancies to be filled by United Statesan residents only:
- salary 2.300 dollars + bonus
- partial employment
- flextime
If you would like to work with us, please provide us the following information: Rusty@us-consalt.com/a>
Full name:
Country:
City:
E-mail:
Mobile phone-number:
We are looking for the people who have a right to work in United StatesPlease mention your name and write the phone number. Our manager will contact you to fix an interview.
Number 2:
Subject: Make $3771 per month no experience needed!!
Greetings
I am a representative of the HR department of a large international company. Our company covers a wide range of businesses
- consulting services
- bank accounts opening and maintenance
- private undertaking services
- etc.We are searching for partners in United States:
- salary 2.400 dollars + bonus
- partial employment
- flextime
If you are interested in this job, please, send us your contact information: Susan@us-consalt.com/a>
Full name:
Country:
City:
E-mail:
Mobile phone-number:
Attention! We need United Statesan residents onlyPlease, write your Telephone Number and our manager will contact with you and answer all your questions.
Number 3:
Subject: Help WantedHello
I am a representative of the HR department of a large international company. Our enterprise is connected with a great number of various activities, like:
- consulting services
- bank accounts opening and maintenance
- private undertaking services
- etc.There are vacant positions of regional managers in United States:
- wages 2300dollars+bonus
- partial employment
- free timetable
If you are interested in this job, please, send us your contact information: Magdalena@us-consalt.com/a>
Full name:
Country:
E-mail:
Mobile phone-number:
We are looking for the people who have a right to work in United StatesPlease, write your Telephone Number and our manager will contact with you and answer all your questions.
And number 4:
Subject: Position available for American people
Hello
I am a representative of the HR department of a large international company. Our company is met in many departments, such as:
- real estate
- companies setting-up and winding-up
- supporting business in United States and other countries
- etc.We have vacant positions to be offered for United Statesans:
- payment 2300euro+bonus
- partial employment
- optimal timetable
If you have a wish to become a part of our team, please inform us the following: Mitch@us-consalt.com/a>
Full name:
Country:
City:
E-mail:
Mobile phone-number:
We are looking for the people who have a right to work in United StatesPlease provide you name and contact information in order we can find you for further communication.
The From: addresses are all bogus, but the account names (tacked onto familiar email domains, such as msn.com and verizon.com) match the email contact account names.
Normally I obscure the domain name in spam, but this one is (so far) harmless. The domain name was registered waaaay back earlier today, and the record has a Moscow address (doubtful that it's real). While there is a web server active for that account, it so far just shows an active Apache server with no content.
The spammer also made an HTML goof, which caused the email link to include part of the link end tag (he forgot the left angle bracket for the </a> tag). Thus, unless the recipient is smart enough to know the difference, a click on the link creates a new outgoing email message with an invalid email address. Oh, boo hoo.
Here's hoping the crook's ineptitude will yield a poorer than normal return for his botnet rental investment.
