« Phish or Foul? | Main | 419ers vs. Informed Users »

February 23, 2012

For the past few days, the malware crooks have been trying to deliver their packages via SendSpace, a service normally used to transfer unusually large files between folks. Here is one example of the email message:

From: Fedex Express Delivery
Subject: Re: Alert: Parcel Notification ... Contact Us

Hello,

Please Visit Send Space to secure your parcel
http://www.sendspace.com/file/xxxx

Google.com and Send Space Factory are giving donations to enlisted
emails in diffrent continent of the world recently for development of
Millenium Development Goals and Green Energy.
Please Visit the link of sendspace.com and secure your scanned copy
of the tracking to track your cheque from Google.com Team.

I hope this helps and please do contact me for further instructions
and how to secure the tracking number if yours is no longer available
for download via http://www.sendspace.com/file/ebopf1

Regards,
Agent Victor Wong Lee
( Google Claims Agent )

To its credit, SendSpace has been taking down the offending files (various Trojan loaders) quickly — although not the one I "x"ed out above.

The stories offered in the email messages are getting pretty far afield, if not utterly incomprehensible. But that won't stop most recipients from trying to investigate the files — to their peril on unprotected Windows machines in this case.

While I'm on the subject of tricking email recipients with malware, here is another turdlet that I saw this day:

Subject: Attention! Changes in the bank reports!

Dear client! According to the new rules of the Ministry of Finance, we have to change the procedure of record keeping on your bank account. We ask you to familiarize yourself with the said regulations. To confirm your agreement, print out the last sheet, sign it and send it back to us.
new rules.doc 45kb
With Best Regards
Wanetta Reilly
MD5 check sum: c468c41c410af294107d1c463807d107

I wonder how many recipients in the U.S. don't know that we don't have ministries. Clearly the sending crook didn't know that, and it could hurt his or her success rate. Well, one can dream.

As dumb and stupid these email messages sound to those of us who regularly track such activity, always remember that there are enough everyday users out there falling for them. If the crooks weren't successful at enlarging their bot networks and identity theft bankrolls, they'd look for other, easier ways to make a dishonest buck.