Info collector

Latest SPAM

BizSummits / ExecSummits make legal threats over a blog posting they admit is true

By on July 19, 2017 in Latest SPAM

I’ve been writing about BizSummits LLC and their former habits of being rather spammy for a few years now. In fact, the first spam I ever received from them was nearly a decade ago. To: “James Studer” [JStuder@[redacted]] Date: Tue, 6 Nov 2007 09:30:40 -0500 Subject: James, question. Hi James. On behalf of our board, […]

Continue Reading »

Necurs oddity II: avto111222@bigmir.net

By on July 19, 2017 in Latest SPAM

Yesterday I saw a series spam emails from Necurs apparently attempting to collect replies to super.testtesttest2018@yahoo.com. Although that campaign is continuing today, a new spam run with similar characteristics has started this morning. For example: From:    jKX Soto [ingmanz@redacted]Reply-To:    jKX Soto [avto111222@bigmir.net]Date:    19 July 2017 at 06:43Subject:    CQJPhDYNOXTC

Continue Reading »

Necurs oddity: super.testtesttest2018@yahoo.com / “hi test”

By on July 18, 2017 in Latest SPAM

This email is sent from the Necurs botnet and appears to be collecting automatic replies, using a Reply-To email address of super.testtesttest2018@yahoo.com. From:    Randi Collier [zegrtocbjez@hometelco.net]Reply-To:    Randi Collier [super.testtesttest2018@yahoo.com]Date:    18 July 2017 at 10:08Subject:    hihi test  The name of the sender and the “From” email vary, however the “Reply-To”

Continue Reading »

Malware spam: UK Fuels Collection / “invoices@ebillinvoice.com”

By on July 18, 2017 in Latest SPAM

This fake invoice comes with a malicious attachment: From:    invoices@ebillinvoice.com Date:    18 July 2017 at 09:37 Subject:    UK Fuels Collection Velocity         ACCOUNT NO ******969         Dear CUSTOMER, Your latest invoice for your fuel card account is now available for you to view online, download or print through our Velocity online management system. […]

Continue Reading »

Bellatora Inc (ECGR) pump-and-dump spam

By on June 13, 2017 in Latest SPAM

It’s been a little while since we’ve since an illegal pump-and-dump spam from the Necurs botnet, but here is a new one pushing a company called Bellatora Inc (stock ticker ECGR) From:    Lillie MaynardDate:    13 June 2017 at 09:37Subject:    Here’s why this company’s shares are about to go up tenfold next week.Yes, it’s been some […]

Continue Reading »

Malware spam: “John Miller Limited” / “Invoice”

By on June 5, 2017 in Latest SPAM

This spam pretends to come from John Miller Ltd (but doesn’t) and comes with a malicious payload. The domain mentioned in the email does not match the company being spoofed, and varies from message to message. From:    Felix Holmes Date:    5 June 2017 at 10:20Subject:    InvoiceRegardsFelix Holmescid:image001.jpg@01D00F00.660A92D0Kirkburn Ind. EstateLockerbieDumfries and GallowayDG11 2FFTel

Continue Reading »

Malware spam with “nm.pdf” attachment

By on May 11, 2017 in Latest SPAM

Currently underway is a malicious spam run with various subjects, for example: Scan_5902Document_10354File_43359 Senders are random, and there is no body text. In all cases there is a PDF attached named nm.pdf with an MD5 of D4690177C76B5E86FBD9D6B8E8EE23ED or 6B305C5B59C235122FD8049B1C4C794D (and possibly more). Detection rates at VirusTotal are moderate [1] [2]. The PDF file contains an

Continue Reading »

Malware spam: DHL Shipment 458878382814 Delivered

By on May 2, 2017 in Latest SPAM

Another day and another fake DHL message leading to an evil .js script. From: DHL Parcel UK [redacted] Sent: 02 May 2017 09:30To: [redacted]Subject: DHL Shipment 458878382814 DeliveredYou can track this order by clicking on the following link:https://www.dhl.com/apps/dhltrack/?action=track&tracknumbers=458878382814&language=en&opco=FDEG&clientype=ivotherPlease do not respond to this message.

Continue Reading »

Malware spam: Scotiabank / “Secure email communication” / Secure.Mail@scotiabankmail.com

By on April 27, 2017 in Latest SPAM

This fake financial spam leads to malware: From:    ScotiaBank [Secure.Mail@scotiabankmail.com]Date:    27 April 2017 at 14:13Subject:    Secure email communicationSigned by:    scotiabankmail.comScotia Secure Email LogoSecure mail waiting: (Secure)Scotiabank has sent you a secure, encrypted e-mail message. To view this e-mail, please visit “Scotiabank Secure Email Service” or check attach

Continue Reading »

Malware spam: Royal Mail Grоup / “Delivery attempt fail notice”

By on April 27, 2017 in Latest SPAM

This fake Royal Mail email leads to malware. From: Aretha Stickles [mailto:support@360modshop.com] Sent: 27 April 2017 12:31Subject: Delivery attempt fail noticeDеаr customеr [redacted]Your pаrcel has been in the post office for a very long time.You must to receive it it within five days.TRACKING: RB379949016UK Expeсted Delivery Dаte: April 21, 2017 Class: Packagе Servicеs Sеrvicе: Delivery

Continue Reading »

Top