Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« December 2010 | Main | February 2011 »

January 31, 2011

Oh, The Tricks They'll Try Permalink

If there is an evil attachment or evil end point of a link, the tricksters will do their best to get recipients to not only open the email message, but ACT on the content of the message. The crucial nexus of their whole plot is to get you to ACT. If you don't ACT, the tricksters get nuthin'.

And so, for many years, the malware distributors of the world have been sending out spam email messages like this one:

From: Post Express Service
Subject: Post Express Service. Package is available for pickup

Dear Customer.

Your package has been returned to the Post Express office.
The reason of the return is "Error in the delivery address"

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you for attention.Thank you.
Post Express Service.

The attachment in the message I saw was named Post_Express_Label_77654.zip. Your randomized number may vary. It's a Trojan loader with (at this hour) an exceptionally low VirusTotal score (recognized by only 6 of 42 antivirus products).

When an unsuspecting recipient sees this message, it's damned hard for him or her to resist the curiosity about this mysterious package they never sent in the first place. That's probably the biggest challenge in educating the emailing public about the risks of opening attachments from unknown sources or clicking on alluring links.

The picture I like to convey is asking that person to imagine facing a wall that is completely blank except for an appendage-sized hole (pick your appendage). You don't know what's on the other side of the wall (it's unlit in there), but you hear some metallic grinding machine. How ready would you be to slide anything of yours into that opening? ACTING on instructions from an unknown and unexpected email message is the same as sticking your treasured appendage into that gnashing hole. If you resist, you may never learn what was on the other side of the wall, but you'll walk away intact.

Posted on January 31, 2011 at 06:43 PM

January 23, 2011

Buy Your Degree From a Classy Joint Permalink

When I see a Subject: line like the following, it makes me wonder how the diploma will read:

Subject: Tiered of been passed over for that promotion because you do not have the proper Dergee?

Like diploma mill spam going back years, this one gives you a phone number (email responses, we're told, won't be acknowledged). The phone number is to an automated voicemail service.

I especially like this line:

Add Bahcelors, Dotcorate or Dcotorate Degeres to your resume in just 4-6 weeks and open avenues to promotion and better jobs!

Hell, you can add a degree with the same value to your resume in about 15 seconds. Not only will you save yourself from being scammed out of diploma dough, but your bogus degree will get you filtered out of the job application much earlier, saving you heartache and embarrassment.

Posted on January 23, 2011 at 01:45 PM

January 13, 2011

Quarantine Digest Baloney Permalink

I received what looks like a badly mismanaged trial run of a phishing attack, presumably aimed at capturing email login credentials. Here is what the message looks like:

Subject: Quarantine Digest

Quarantine Digest for [recipient's email address here]
Click here to access your spam quarantine. The spam quarantine contains emails that are being held from your email account. Quarantined emails can be released to your inbox or deleted using the spam quarantine link.

The link in the message I received was misconfigured to point to a local router NAT address (https://192.168.0.101/quarantine/manageuser?[removed]) rather than the true web page where the phishing page will be hosted. The forged From: address was also very templatey: untangle@hostname.example.com. Oh, please!

My copy arrived from a botnet client in the Phillippines.

It smells of a phishing kit being used by an inexperienced newbie. Expect to see more of these when other kit buyers learn how to fill in all the right fields and click the Send button at the proper time — thus avoiding premature spamulation.

Posted on January 13, 2011 at 06:49 PM