Info collector

Latest SPAM

Some random thoughts on Damian Green and those porn allegations

By on December 4, 2017 in Latest SPAM

If you live in the UK then you might have noticed the somewhat bizarre furore over Damian Green MP and his alleged viewing of pornography on house his Parliament computer. Now, I don’t know for certain if he did or didn’t, but to put it in context his private email address also allegedly turned up […]

Continue Reading »

Bogus porn blackmail attempt from adulthehappytimes.com

By on October 31, 2017 in Latest SPAM

This blackmail attempt is completely bogus, sent from a server belonging to the adulthehappytimes.com domain. From:    Hannah Taylor [bill@adulthehappytimes.com] Reply-To:    bill@adulthehappytimes.com To:    contact@victimdomail.tld Date:    31 October 2017 at 15:06 Subject:    ✓ Tiскеt ID: DMS-883-97867 [contact@victimdomail.tld] 31/10/2017 03:35:54 Maybe this will change your life Signed

Continue Reading »

Updated 3NT Solutions LLP / inferno.name / V3Servers.net IP ranges

By on October 25, 2017 in Latest SPAM

When I was investigating IOCs for the recent outbreak of BadRabbit ransomware I discovered that it downloaded from a domain 1dnscontrol.com hosted on 5.61.37.209. This IP belongs to a company called 3NT Solutions LLP that I have blogged about before. It had been three-and-a-half years since I looked at their IP address ranges so I […]

Continue Reading »

Malware spam: “Order acknowledgement for BEPO/N1/380006006(2)”

By on October 24, 2017 in Latest SPAM

A change to the usual Necurs rubbish, this fake order has a malformed .z archive file which contains a malicious executable with an icon to make it look like an Office document. Reply-To:    purchase@animalagriculture.orgTo:    Recipients [DY]Date:    24 October 2017 at 06:48Subject:    FW: Order acknowledgement for BEPO/N1/380006006(2)Dear All,Kindly find the attached Purchase order# IT/

Continue Reading »

Evil network: Fast Serv Inc / Qhoster.com

By on October 17, 2017 in Latest SPAM

Checking these IOCs for this latest Flash 0-day came up with an interesting IP address of 89.45.67.107 which belongs to Fast Serv Inc aka Qhoster, probably of Bulgaria but masquerading themselves as a Belize outfit. I came across Fast Serv / Qhoster a lot last year during the Angler EK epidemic, where they had entire […]

Continue Reading »

Scam: “Help Your Child To Be A Professional Footballer.” / info@champ-footballacademyagency.co.uk

By on October 8, 2017 in Latest SPAM

This spam email is a scam: Subject:       Help Your Child To Be A Professional Footballer.From:       “FC Academy” [csa@sargas-tm.eu]Date:       Sun, October 8, 2017 10:30 amTo:       “Recipients” [fcsa@sargas-tm.eu]Priority:       NormalHello,Does your child desire to become a professional footballer?Our football academy are currently scouting for young football player to participate in 3-6

Continue Reading »

Malware spam: “Emailing: Scan0xxx” from “Sales” delivers Locky or Trickbot

By on September 28, 2017 in Latest SPAM

This fake document scan delivers different malware depending on the victim’s location: Subject:       Emailing: Scan0963 From:       “Sales” [sales@victimdomain.tld] Date:       Thu, September 28, 2017 10:31 am Your message is ready to be sent with the following file or link attachments: Scan0963 Note: To protect against computer viruses, e-mail programs may prevent sending or […]

Continue Reading »

Malware spam: “AutoPosted PI Notifier”

By on September 26, 2017 in Latest SPAM

This spam has a .7z file leading to Locky ransomware. From:      “AutoPosted PI Notifier” [NoReplyMailbox@redacted.tld] Subject:      Invoice PIS9344608 Date:      Tue, September 26, 2017 5:29 pm Please find Invoice PIS9344608 attached. The number referenced in the spam varies, but attached is a .7z archive file with a matching filename. In turn, this contains […]

Continue Reading »

Malware spam: “Invoice RE-2017-09-21-00xxx” from “Amazon Marketplace”

By on September 21, 2017 in Latest SPAM

This fake Amazon spam comes with a malicious attachment: Subject:       Invoice RE-2017-09-21-00794 From:       “Amazon Marketplace” [yAhbPDAoufvZE@marketplace.amazon.co.uk] Date:       Thu, September 21, 2017 9:21 am Priority:       Normal ————- Begin message ————- Dear customer, We want to use this opportunity to first say “Thank you very much for your purchase!”

Continue Reading »

Malware spam: “Status of invoice” with .7z attachment

By on September 18, 2017 in Latest SPAM

This spam leads to Locky ransomware: Subject:       Status of invoiceFrom:       “Rosella Setter” ordering@[redacted]Date:       Mon, September 18, 2017 9:30 amHello,Could you please let me know the status of the attached invoice? Iappreciate your help!Best regards,Rosella SetterTel: 206-575-8068 x 100 Fax: 206-575-8094*NEW*   Ordering@[redacted].com* Kindly note we will be closed Monday in

Continue Reading »

Top