Info collector

Bellatora Inc (ECGR) pump-and-dump spam

By on June 13, 2017 in Latest SPAM

It’s been a little while since we’ve since an illegal pump-and-dump spam from the Necurs botnet, but here is a new one pushing a company called Bellatora Inc (stock ticker ECGR) From:    Lillie MaynardDate:    13 June 2017 at 09:37Subject:    Here’s why this company’s shares are about to go up tenfold next week.Yes, it’s been some […]

Continue Reading »

Malware spam: “John Miller Limited” / “Invoice”

By on June 5, 2017 in Latest SPAM

This spam pretends to come from John Miller Ltd (but doesn’t) and comes with a malicious payload. The domain mentioned in the email does not match the company being spoofed, and varies from message to message. From:    Felix Holmes Date:    5 June 2017 at 10:20Subject:    InvoiceRegardsFelix Holmescid:image001.jpg@01D00F00.660A92D0Kirkburn Ind. EstateLockerbieDumfries and GallowayDG11 2FFTel

Continue Reading » (2017/06/02_08:38)

By on June 2, 2017 in Malware Domains

Host:$.pdf.ace, IP address:, ASN: 19271, Country: US, Description: trojan

Continue Reading »

Malware spam with “nm.pdf” attachment

By on May 11, 2017 in Latest SPAM

Currently underway is a malicious spam run with various subjects, for example: Scan_5902Document_10354File_43359 Senders are random, and there is no body text. In all cases there is a PDF attached named nm.pdf with an MD5 of D4690177C76B5E86FBD9D6B8E8EE23ED or 6B305C5B59C235122FD8049B1C4C794D (and possibly more). Detection rates at VirusTotal are moderate [1] [2]. The PDF file contains an

Continue Reading »

Malware spam: DHL Shipment 458878382814 Delivered

By on May 2, 2017 in Latest SPAM

Another day and another fake DHL message leading to an evil .js script. From: DHL Parcel UK [redacted] Sent: 02 May 2017 09:30To: [redacted]Subject: DHL Shipment 458878382814 DeliveredYou can track this order by clicking on the following link: do not respond to this message.

Continue Reading » (2017/05/01_16:22)

By on May 1, 2017 in Malware Domains

Host:, IP address:, ASN: 49349, Country: UA, Description: phishing

Continue Reading »

Malware spam: Scotiabank / “Secure email communication” /

By on April 27, 2017 in Latest SPAM

This fake financial spam leads to malware: From:    ScotiaBank []Date:    27 April 2017 at 14:13Subject:    Secure email communicationSigned by:    scotiabankmail.comScotia Secure Email LogoSecure mail waiting: (Secure)Scotiabank has sent you a secure, encrypted e-mail message. To view this e-mail, please visit “Scotiabank Secure Email Service” or check attach

Continue Reading »

Malware spam: Royal Mail Grоup / “Delivery attempt fail notice”

By on April 27, 2017 in Latest SPAM

This fake Royal Mail email leads to malware. From: Aretha Stickles [] Sent: 27 April 2017 12:31Subject: Delivery attempt fail noticeDеаr customеr [redacted]Your pаrcel has been in the post office for a very long time.You must to receive it it within five days.TRACKING: RB379949016UK Expeсted Delivery Dаte: April 21, 2017 Class: Packagе Servicеs Sеrvicе: Delivery

Continue Reading »

Malware spam: “Copy of your 123-reg invoice” /

By on April 19, 2017 in Latest SPAM

This fake financial spam does not come from 123-Reg (nor is it sent to 123-Reg customers). It has a malicious attachment. From     Wed, 19 Apr 2017 17:19:51 +0500Subject     Copy of your 123-reg invoice ( 123-093702027 )Hi [redacted],Thank you for your order.Please find attached to this email a receipt for this payment.Help […]

Continue Reading »

Malware spam: “RE: RE: ftc refund” /

By on April 17, 2017 in Latest SPAM

This fake FTC email leads to malware. Curiously, it was sent to a company that received a multimillion dollar FTC fine, but this is almost definitely a coincidence. From:    Federal Trade Commission []Date:    17 April 2017 at 15:25Subject:    RE: RE: ftc refundIt seems we can claim a refund from the FTC.Check this out and give […]

Continue Reading »

All of these posts originated on, and and are automatically reposted on