Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« May 2011 | Main | July 2011 »

June 27, 2011

Credit Card Overdue Notices Permalink

Here's another malware delivery email...this one in the form of an anonymous (some "Notification robot") advisory that your credit card is overdue. Do they mean "credit card payment" or what? These guys really don't know how to make a threatening collection.

The namelessness of the supposed credit card company is quite a joke. Even when a credit card company wants to hound you for a late payment, it's quite sure to spread its brand name all over the place. Moreover, unless you've specifically set up such a notification with your credit card company, it won't notify you to avoid a late charge: They'd much rather you skip the payment so they can beat you over the head with next month's statement of fees and additional accrued interest.

The full text of the email follows:

From: Notification robot
Subject: Credit Card Overdue

Credit Card Overdue

Dear Client,

Your Credit Card is one-week overdue. Below is your Card Information

Customer Number : 3280722295

Card Limit ($): 3500

Pay Date: 27 JUN 2011

Attached is Your Credit Card Statement, if You pay the debt within 2 days, there will be no extra-charges. In 2 days $25 late fee and a finance charge will be imposed on your account.

If You have any questions, do not hesitate to contact us.

Trust me: The attachment is not a credit card statement. Nor is this any kind of phishing or extortion plot. The file, named Customer details.zip, contains a Trojan loader (Customer details.exe). If you unzip the file (and run the .exe), you have essentially unzipped your PC's pants. Its private parts won't be private anymore.

Posted on June 27, 2011 at 04:45 PM

June 20, 2011

Get Your McTrojan Permalink

Fast food giant McDonald's is the latest brand to be abused by malware distributors. How does a crook (not the Hamburglar) trick everyday folks into infecting their systems? By sending out malware delivery email spam like the following:

From: McDonalds Restaurants
Subject: Today you will get the ticket and there will be no need to pay for your dishes


McDonalds invites you to The Free Dinner Day which will take place on 27 June, 2011, in every cafe of ours.

Free Day’s menu!
- Premium Crispy Chicken Classic Sandwich
- World Famous Fries
- Premium Southwest Salad with Crispy Chicken
- McFlurry with OREO® Cookies
- McCafe Hot Chocolate

Print the invitation card attached to the letter and show it at the cash desk of any of our restaurants.

Every manager will gladly take your card and issue you a tasty dish of Free Day.
And remember! Free Day is whole five free dishes!

Thank you for your credence.
We really appreciate it.

Yes, it's not particularly good English, but hungry recipients hooked on McDonald's french fries will probably skip over that when they see the list of "free" items.

The attachment in the message I saw was named Invitation_Card_07902.zip. I suspect other instances will have different numbers (randomized) in the file name. At the moment, it has light anti-virus detection, according to VirusTotal (only 19%).

At the risk of resurrecting an old ad campaign, give yourself a break today, and delete the message without opening the attachment.

Posted on June 20, 2011 at 10:32 PM

June 01, 2011

Mixed Mailbag Morning Permalink

Two items stood out from this morning's Junk folder.

Item Number One:

Subject: Windows 8 released

Microsoft ® Corporation is proud to announce the latest and the best operating system available yet. For more details, click here.

The link is to a downloadable .exe file that had been implanted on a hijacked web site owned by an educational interest organization. The file, called 8final.gif.exe, is, of course, anything but Windows 8. More like Windows Hell.

Item Number Two:

I guess lots of working folks have posted their résumés to Monster.com — so much so that a money mule recruiter uses that as a gateway to gain the recipient's interest:

We have found your CV at Monster.com database, and consider you to be a great candidate for the position which we suggest.

We are invite creative and capable employees to become successful members of our team. If you try to find new experience, new accomplishments attainments in your career,and are willing to receive better salary we are pleased to offer you work in our firm

We would like to inform you of a newly opened vacancy of Check Assist Manager at our Company for US citizens. We are a company registered in Germany. Our firm is known as a payment processor with services designed for international small companies.. In list below you will find position description and general requirements for the position. If you find these compatible with your temper and personality, and consider that you meet our requirements, we would be pleased to offer you a new career, competitive salary and opportunity to work at home.

Your task is as follows:

The main task object of the Cheque Assist Manager is that to collect payments to your checking account from buyers in proper time, sending them to our company via bank Transfers, and solving meet the challenge associated with these tasks.
it seems important to say, that every transfer will be accompanied with detailed descriptions. It helps to make the task easier to a considerable degree. Thanks to the daily communication with the company you will become an competent Cheque Assist Manager. It seems important to add that the company pays all fees.

General requirements are as follows:
Be a person aged from 21 to 65
Good communications abilities;
Computer skills
Have 3 – 10 free hours per week
Our company hold in high respect integrity, amenability and swiftness in operations;
Willingness to work from home, take responsibility and achieve higher goals;
Have an experience in consumer service industry (preferable)

Take all the advantages of Cheque Assist Manager position, such as:
Increased free personal time;
Universal esteem and self-respect;
Financial sovereignty achieved in short terms;
Availability to work efficiently as a telecommuter, with a very flexible schedule

And above all your average income $750-$1500 per week. If you want to apply this position, please visit our web-site


We will provide you with further detailed information ( web-site address, licenses,contract, etc.) , as well as answers to your questions.

Someone desperate for income might overlook the poor grammar from a company that demands "Good communications abilities". What is more evil about this recruitment effort is that if you follow the link, it goes to a site that — except for the job registration form — was lifted entirely (including some very professional-looking Flash stuff at the top of the page) from a legitimate financial services company, Austerlitz GMBH. If you click through the Flash area, you see a very convincing array of information about a company you'll believe will be your potential employer.

Unfortunately for any respondents, the crooks have nothing to do with Austerlitz. The domain name they're using for their bogus site was registered waaaaay back earlier today, using a fake identity. I also strongly doubt they are located in or around Germany.

And so goes another day.

Posted on June 01, 2011 at 11:36 AM