Info collector

BizSummits / ExecSummits make legal threats over a blog posting they admit is true

By on July 19, 2017 in Latest SPAM

I’ve been writing about BizSummits LLC and their former habits of being rather spammy for a few years now. In fact, the first spam I ever received from them was nearly a decade ago. To: “James Studer” [JStuder@[redacted]] Date: Tue, 6 Nov 2007 09:30:40 -0500 Subject: James, question. Hi James. On behalf of our board, […]

Continue Reading »

Necurs oddity II:

By on July 19, 2017 in Latest SPAM

Yesterday I saw a series spam emails from Necurs apparently attempting to collect replies to Although that campaign is continuing today, a new spam run with similar characteristics has started this morning. For example: From:    jKX Soto [ingmanz@redacted]Reply-To:    jKX Soto []Date:    19 July 2017 at 06:43Subject:    CQJPhDYNOXTC

Continue Reading »

Necurs oddity: / “hi test”

By on July 18, 2017 in Latest SPAM

This email is sent from the Necurs botnet and appears to be collecting automatic replies, using a Reply-To email address of From:    Randi Collier []Reply-To:    Randi Collier []Date:    18 July 2017 at 10:08Subject:    hihi test  The name of the sender and the “From” email vary, however the “Reply-To”

Continue Reading »

Malware spam: UK Fuels Collection / “”

By on July 18, 2017 in Latest SPAM

This fake invoice comes with a malicious attachment: From: Date:    18 July 2017 at 09:37 Subject:    UK Fuels Collection Velocity         ACCOUNT NO ******969         Dear CUSTOMER, Your latest invoice for your fuel card account is now available for you to view online, download or print through our Velocity online management system. […]

Continue Reading »

Bellatora Inc (ECGR) pump-and-dump spam

By on June 13, 2017 in Latest SPAM

It’s been a little while since we’ve since an illegal pump-and-dump spam from the Necurs botnet, but here is a new one pushing a company called Bellatora Inc (stock ticker ECGR) From:    Lillie MaynardDate:    13 June 2017 at 09:37Subject:    Here’s why this company’s shares are about to go up tenfold next week.Yes, it’s been some […]

Continue Reading »

Malware spam: “John Miller Limited” / “Invoice”

By on June 5, 2017 in Latest SPAM

This spam pretends to come from John Miller Ltd (but doesn’t) and comes with a malicious payload. The domain mentioned in the email does not match the company being spoofed, and varies from message to message. From:    Felix Holmes Date:    5 June 2017 at 10:20Subject:    InvoiceRegardsFelix Holmescid:image001.jpg@01D00F00.660A92D0Kirkburn Ind. EstateLockerbieDumfries and GallowayDG11 2FFTel

Continue Reading » (2017/06/02_08:38)

By on June 2, 2017 in Malware Domains

Host:$.pdf.ace, IP address:, ASN: 19271, Country: US, Description: trojan

Continue Reading »

Malware spam with “nm.pdf” attachment

By on May 11, 2017 in Latest SPAM

Currently underway is a malicious spam run with various subjects, for example: Scan_5902Document_10354File_43359 Senders are random, and there is no body text. In all cases there is a PDF attached named nm.pdf with an MD5 of D4690177C76B5E86FBD9D6B8E8EE23ED or 6B305C5B59C235122FD8049B1C4C794D (and possibly more). Detection rates at VirusTotal are moderate [1] [2]. The PDF file contains an

Continue Reading »

Malware spam: DHL Shipment 458878382814 Delivered

By on May 2, 2017 in Latest SPAM

Another day and another fake DHL message leading to an evil .js script. From: DHL Parcel UK [redacted] Sent: 02 May 2017 09:30To: [redacted]Subject: DHL Shipment 458878382814 DeliveredYou can track this order by clicking on the following link: do not respond to this message.

Continue Reading » (2017/05/01_16:22)

By on May 1, 2017 in Malware Domains

Host:, IP address:, ASN: 49349, Country: UA, Description: phishing

Continue Reading »

All of these posts originated on, and and are automatically reposted on