« FBI/ATM 419er Keeps Deadbeats at Bay | Main | Phony Bank of America Wire Transfer Notices »

March 13, 2012

Doofus malware spreaders are at it again. Today's incoming had lots of messages like the following:

Subject: I'm in trouble!

I was at a party yesterday, got drunk, couldn't drive the car, somebody gave me a lift on my car, and crossed on the red light!
I've just got the pictures, maybe you know him???

I have attached the photo to the mail (Open with Internet Explorer).

I need to find him urgently!

Thank you
Zenith

The real trouble is that the crook didn't program his malware-sending bots to change out the From: header lines from previous campaigns. We had suffered many days of the "we can't deliver your package" spam containing malware attachments. He changed out the Subject: and message body, but the From: fields are from the old campaign:

From: package update <ups-account-services@ups.com>
From: UPS <ups-services@ups.com>

If the story in the message sounds familiar, well, it should. Open an attachment/click a link — they all lead to the same bad end.