Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« June 2012 | Main | August 2012 »

July 19, 2012

New Twist for FedEx Malware Delivery Email Permalink

No, the message doesn't really come from FedEx, but it uses a lot of art and design from a typical FedEx web page. Employing broken English (like the Russlish "everybody to get from street" line in The Russians Are Coming! The Russians Are Coming!) the message invents a new story whose details I had not seen before...a story intended to get you to open the Trojan-laden attachment:

Subject: We can not diliver your package

We apologize, but it seem so, that we not can deliver your package. One of our trucks is burned tonight. In attachment you can find a form for insurance. Please fill it out and send it us urgent, because we must told amount of damage to the Insurance company.

[Attachment: Insurance_form_#39061.zip]

If your PC isn't protected by antivirus software, you might as well throw your computer onto the burning truck bonfire.

Posted on July 19, 2012 at 05:48 PM

July 15, 2012

New Meaning to "Speed Trap" Permalink

The traffic ticket alert email has been used before as a malware delivery vehicle (here's one). This time it's back with a little different format. The message has the following content:

Subject: Speed limit violation camera shot.

Hello, your vehicle has been identified on Eustace Alley as violating the speed limit on 6/4/2012.
Please find the camera shot of your vehicle attached to this notification.

You can comply with this Violation notification as follows: Pay the sanction and surcharge, claim you are not the driver, or contest responsibility.
Mon, 16 Jul 2012 01:53:58 +0700

[attachment:cumshot_934880.zip]

Apologies to sensitive readers about the attached file name, but that's what it is in the sample I saw.

Unlike previous campaigns of this type, there is no invocation of any government agency. Eustace Alley could be anywhere, I suppose (certainly has a London feel to it).

The antivirus software running on my machine spotted the attachment as a Trojan. I hope other recipients are equally protected. If not, and their adrenalin gets the better of them, a double click will get them good. They'd probably trade a real speeding ticket for the hassle they're going to incur.

Posted on July 15, 2012 at 03:02 PM

July 05, 2012

Malware Deliveries With More Bite Permalink

For the past few months, malware distributors have been sending messages that resurrected an old chestnut: Trying to trick recipients into opening an attachment supposedly of some compromising photo featuring the recipient. The attachment, of course, isn't any kind of photo, but rather a packaged malware installer. The accusation against the recipient is not too serious — on the order of "I can't believe you were caught in this photo, dude!"—and the tone is almost friendly conspiratorial.

Well, the tone has seemed to shift in the last couple of weeks to be much more hostile. The messages aren't friendly so much as threatening. Here are a few samples:

Subject: You can't say I haven't warned you now enjoy the consequences.

Sorry to disturb you [email address account ID]

Why did you have to put these photos online? All the hell is gonna break loose now don't you understant? Take them down immediately! Don't tell me you don't know what photos I'm talking about! Check attachment!

Subject: Let's put this behind us once and for all I know you broke into my email.

Hello there [email address account ID]
This is quite crazy but someone sent me a nude picture of your girlfriend. Is seems to be her in attachent right? We'll have to track down the bastard who did it I can help you!

Subject: You pig!

You should be stoping ignoring me or i will send this photos to your spouse!!!

It may be difficult to resist getting at the bottom of a false accusation, but we must teach the world's email users that these messages are coming from automated systems that don't know squat about the recipients, other than their email addresses. All attachments and links in such emails should be treated as both molten and radioactive. Direct contact can lead to injury or death (of one's privacy).

Posted on July 05, 2012 at 12:35 PM