Tired of SPAM? We can help you stop it.
CLICK HERE NOW!
We can set up a filter for your business e-mail domain to stop garbage like this from ever reaching your inbox.

Wednesday, April 15, 2015

Facebook Data Equals Personalized Spam and Attacks

Spammers and scammers are not dumb and they are not idiots. They are not doing what they do to bother or annoy us or because they have "nothing better to do with their time". They are in business and they will target their "customers" like anyone else; with research.

Be aware!

Full story here - New Wave of Phishing Scams Uses Facebook Info for Personalized Spam

"You receive an email that appears to be sent by a friend or family member. The message addresses you by name, but the content is strange. Usually, it’s just a link to a website. If you click on it, you could end up downloading malware to your computer.

What’s going on here? The scammers are exploiting the fact that you’re more likely to click on a link if it was sent by a friend.

Scammers find your information through Facebook or other social media accounts. Some set up fake accounts and send out friend requests. When you accept the request, they can view your friends and personal and contact information. Other scammers rely on social media users not locking down their privacy settings, so basic information, such as your name, email address and friends’ names, is publicly available."

Friday, November 28, 2014

INTERNAL FAX - CryptoWall 2.0 E-mail Example

I finally tracked down an example of one of the many variants of the CryptoWall 2.0 RansomWare / MalWare / Virus e-mails. This is not the only version out there so be aware!

As a general rule of thumb, never open a zip file attachment from someone you don't know. Even then scan it for viruses before opening it.

Here's what to look out for;

The e-mail subject was INTERNAL FAX

The attachment name I received was FAX827-482-9123.zip . The infectious software is contained inside the zip file. It also contained an attachment named ATT00001.txt (which is not a virus).

RansomWare message body text;

You have received fax from EPSON09964727 at sidsolve.com

Scan date: Wed, 26 Nov 2014 10:18:44 -0500

Number of page(s): 61

Resolution: 400x400 DPI

Name: FAX827-482-9123.pdf

_________________________________
Attached file is scanned image in PDF format.

The message came from XTLAMJHEK (74.252.107.66) around the Orlando, Florida area. The sender's address was 8GEGBYXZ.4384595@bleuit.com . The return path is cidejilk@bleuit.com . The sender spoofed a fake address named fax@sidsolve.com. This would likely be customized to the victim's domain. The company that owns the domain is based on Guernsey in the Channel Islands.



Tuesday, October 14, 2014

Shipping Info for you@yourdomain.com

The SPAM filter picked up this one today and I've had a couple of recent client calls about this type of e-mail and another one that claims there is a "New Fax Waiting". The e-mail contains an embedded link that will attempt to compromise any system that visits it.

The message originated in Provo, Utah on an ISP called Unified Layer. The IP Address that sent it was 162.144.32.106. The claimed sender's address is saadi@ihc.com.sa . The company at ihc.com.sa is an insurance broker that has likely been compromised.

Don't believe this. It is an attempt to infect you!

Delete it and move on with your day!


SPAM MAIL CONTENTS:

Purchase Notice
Please see the shipping information Date ordered: October 13/ 2014
For your information that the item is being shipped to you.
We also included delivery file to specified address.
Order No: 104213335
Order total: 1779.07 USD
Processed date: Oct 13 2014.

Help !!!!!!!!!!!!!! Cathleen and Mark

I haven't received one of these in a long time due to our filter capturing the vast majority of all the SPAM that hits our servers. This one made it through because it came from as client's personal account on AOL that we have whitelisted. Someone, somewhere, got hold of their password as is sending out spam. If you get one of these, they aren't really where the e-mail claims.

Although it claims to be from Simferopol, Ukraine, the message originates at IP Address 64.12.231.63 in Ashburn, Virginia. It was sent on an MCI network. It routed through AOL in New York City.

Delete the e-mail, Don't read it, don't respond.

Do contact your friend and tell them that they've been compromised. A heavy scan and password changes are in order.

SPAM EMAIL TEXT:

Hello ,
Sorry to bother you this time but this seems to me more than a dreadful ill-luck for me and my family.I am in Simferopol (UKRAINE) right now for a short vacation and unfortunately i ran out of cash, i have tried to access my credit card from the cash machines here but it keeps saying network errors.
I also tried to withdraw funds from my own bank account here but the lady at the paid desk informed me that i can't withdraw from my account here in a foreign country,wondering if i could get a quick loan of ($2,900 USD)  from you to clear some little things here and also take a cab to the airport i promise to refund it as soon as i get back home later this week.
I anticipate your response .
Cathleen and Mark

Friday, October 10, 2014

The Stocktip Of The Year

Uh... no... I think not. Maybe another candidate for scam of the year?

This scam, pump and dump, attempt to infect your systems, comes courtesy of pete25a2@bistrita.astral.ro a Romanian ISP. The message came in from the IP address 83.103.156.27 in Harghita, Romania.

The message is definitely not from TheStreet, Inc. at 63 South Main Street, Newtown CT 06470.

Don't click the links, don't read it, don't believe it. Delete and move on with your day!

Spam e-mail text;

TheStreet Daily
Your newsletter from
TheStreet, Inc.. Trouble viewing?
You've been patient for a while now and finally
it's time.
Confederation MineraIs (CNRMF)
is on the verge of exploding.Thats because they
have hundreds ofmillions of precious metals on their
property and they are weeks away from beginning to dig
it out and selling it up the distribution chain.It is
trading at such a bargain right now that
CNRMF is a no-brainer.
Snap up as many shares of it as you can today before it
goes up too high.Everyone is certain that we
will see it hit past 40cents before month's end.
63 South Main Street, Newtown CT 06470
The
TheStreet, Inc. Press
| Customer Service
| Privacy Policy

You received this message because you are a
TheStreet, Inc. customer or have registered at
TheStreet.com.
This email was sent to you by The  TheStreet, Inc..

Click here
to update your email preferences.

Wednesday, October 8, 2014

Your PC Has Critical Errors - Fix Now!

UPDATE! UPDATE! - 10-15-2014
This is the first time this has happened since I started this little blog. I got word from the guys at HOST1PLUS in Santiago, Chile and they have shut down the spammer on their systems!  You should keep an eye out for this bad message because it is still out there and showing up from other sources, but won't be coming from this host anymore. It is awesome that someone out there is on top of their systems! Props to HOST1PLUS!

Original post -

Here's a little scam I was just notified about. This came in to a client's e-mail account and they called us right away about it. If they had followed the e-mail's advice they'd likely be infected with a nasty piece of MalWare and a handful of Trojans.

The entire e-mail is a massive image link! Don't click it, don't follow the links, don't try to visit their site. It is a SCAM!

The link in the e-mail leads to http://images.reviewfacilitate.co/RWn6saYa6xELa9ss9 a non-responsive website. The e-mail that claims sending it is info@reviewfacilitate.co . In reality the message references the domain handleinsure.net and originates from IP Address 181.214.149.76 located in Santiago, Chile. The ISP is either Host1plus Hosting Services or Digital Energy Technologies.

Image of the spam scam;

Spam Scam e-mail text;

Windows PC Repair
Diagnose @ Fix Your PC Problems in 3 simple steps:
1. Download Windows Repair Tool
2. Doubleclick on teh Setup file and Follow teh On-Screen Instructions to Install the Procuct.
3 Runa Scan and Fix the Detected Errors by Clicking teh "Fix All" Button.

Ratings: *****

Total Downloads: 103,500,697

Download File Size: 4.1 MB

Download Time: sec on dsl, 2min on dialup

Compatibility; Windows 8, Windows 7, Windows Vista, Windows XP, Windows ME, Windows 2000 32Bit & 64Bit OS Systems

Support: Yes

Upgrade option: Yes

Download Now 

Thursday, October 2, 2014

Pay For Driving On Toll Road - EZ Pass Trojan

We just ran into this nasty little surprise at a client site yesterday. It's a virus posing as an overdue bill from E-Z Pass. The "Get Invoice" link will attempt to install a Trojan on the system. We happened to catch it right away so no harm was done.

It was delivered to our end-user's personal e-mail account on Comcast so our filtering system never had a chance to take care of the issue. We attempted to forward the message through our filtering system and it was denied immediately.

Watch out for this one, it is a very convincing e-mail. It is well built and appears graphically legitimate . However, the English language used in the message is poorly constructed and is the first clue that something is out of place. Also notable are the links pointing to a bogus trojan downloading site when hovering the mouse over them.

Be careful out there!

Screenshot of virus/trojan;


Trojan spam mail text:

Dear Customer,

You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time.




Here's a link to an article on the BBB about the same scam; Scammers Pose as E-ZPass to Collect ‘Unpaid Tolls’