Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Shame, Shame, Shame | Main | Goofy Malware Lure »

January 10, 2012

Tuesday Morning Malware Lures

More malware lures today to induce unsuspecting email recipients to click a link to Hell or open a Trojan-loaded attachment.

First the link variety. This time, the crook is using a bunch of legal mumbo jumbo. It's mostly meaningless, but invocating "the court" may put the fear of God into recipients and get the clicking finger adrenalin going:

Subject: Re: Fwd: Our chances to win an action are better than ever.

We discussed it with the administration representatives, and if we plead guilty our slight infringements to improve their statistics, the major action will be closed due to the lack of the state interest to the action. We have executed your explanatory text for the court. Please read it carefully and if anything in it of you feel uncomfortable with anything in it, advise us.

Speech.doc 556kb

Best Regards
Alita Feliciano

Secure Checksum: b1de6f8a5c8a50c3e1de127d4b650c3e6f

Although the message is formatted to make it appear as if the link is to an attachment, it is really just a clickable hyperlink to a hijacked web site where nefarious things happen to the unprotected PC.

The second one displays the guts of the malware distributors. They pose as no less than the United States Computer Emergency Readiness Team (US-CERT). Check this out:

From: soc@us-cert.gov
Subject: Phishing incident report call number: PH0000005724464

US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing.

Please check attached report for the details and email source

US-CERT has opened a ticket and assigned incident number PH0000001057411. As your investigation progresses updates may be sent at your discretion to soc@us-cert.gov and should reference PH0000009366166.

Thank you,

US-CERT Operations Center

[Attached File: US-CERT Operations Center Report 9463207.zip]

Ignoring the use of three different PH numbers (I guess as in PHony incident numbers), the fact that the message headers reveal its origination in Indonesia taints the authenticity just a tad.

Just remember: The more an unsolicited email message tries to elevate your blood pressure, the more likely it's B.S.

Posted on January 10, 2012 at 10:39 AM