Info collector

Latest SPAM

Bellatora Inc (ECGR) pump-and-dump spam

By on June 13, 2017 in Latest SPAM

It’s been a little while since we’ve since an illegal pump-and-dump spam from the Necurs botnet, but here is a new one pushing a company called Bellatora Inc (stock ticker ECGR) From:    Lillie MaynardDate:    13 June 2017 at 09:37Subject:    Here’s why this company’s shares are about to go up tenfold next week.Yes, it’s been some […]

Continue Reading »

Malware spam: “John Miller Limited” / “Invoice”

By on June 5, 2017 in Latest SPAM

This spam pretends to come from John Miller Ltd (but doesn’t) and comes with a malicious payload. The domain mentioned in the email does not match the company being spoofed, and varies from message to message. From:    Felix Holmes Date:    5 June 2017 at 10:20Subject:    InvoiceRegardsFelix Holmescid:image001.jpg@01D00F00.660A92D0Kirkburn Ind. EstateLockerbieDumfries and GallowayDG11 2FFTel

Continue Reading »

Malware spam with “nm.pdf” attachment

By on May 11, 2017 in Latest SPAM

Currently underway is a malicious spam run with various subjects, for example: Scan_5902Document_10354File_43359 Senders are random, and there is no body text. In all cases there is a PDF attached named nm.pdf with an MD5 of D4690177C76B5E86FBD9D6B8E8EE23ED or 6B305C5B59C235122FD8049B1C4C794D (and possibly more). Detection rates at VirusTotal are moderate [1] [2]. The PDF file contains an

Continue Reading »

Malware spam: DHL Shipment 458878382814 Delivered

By on May 2, 2017 in Latest SPAM

Another day and another fake DHL message leading to an evil .js script. From: DHL Parcel UK [redacted] Sent: 02 May 2017 09:30To: [redacted]Subject: DHL Shipment 458878382814 DeliveredYou can track this order by clicking on the following link: do not respond to this message.

Continue Reading »

Malware spam: Scotiabank / “Secure email communication” /

By on April 27, 2017 in Latest SPAM

This fake financial spam leads to malware: From:    ScotiaBank []Date:    27 April 2017 at 14:13Subject:    Secure email communicationSigned by:    scotiabankmail.comScotia Secure Email LogoSecure mail waiting: (Secure)Scotiabank has sent you a secure, encrypted e-mail message. To view this e-mail, please visit “Scotiabank Secure Email Service” or check attach

Continue Reading »

Malware spam: Royal Mail Grоup / “Delivery attempt fail notice”

By on April 27, 2017 in Latest SPAM

This fake Royal Mail email leads to malware. From: Aretha Stickles [] Sent: 27 April 2017 12:31Subject: Delivery attempt fail noticeDеаr customеr [redacted]Your pаrcel has been in the post office for a very long time.You must to receive it it within five days.TRACKING: RB379949016UK Expeсted Delivery Dаte: April 21, 2017 Class: Packagе Servicеs Sеrvicе: Delivery

Continue Reading »

Malware spam: “Copy of your 123-reg invoice” /

By on April 19, 2017 in Latest SPAM

This fake financial spam does not come from 123-Reg (nor is it sent to 123-Reg customers). It has a malicious attachment. From     Wed, 19 Apr 2017 17:19:51 +0500Subject     Copy of your 123-reg invoice ( 123-093702027 )Hi [redacted],Thank you for your order.Please find attached to this email a receipt for this payment.Help […]

Continue Reading »

Malware spam: “RE: RE: ftc refund” /

By on April 17, 2017 in Latest SPAM

This fake FTC email leads to malware. Curiously, it was sent to a company that received a multimillion dollar FTC fine, but this is almost definitely a coincidence. From:    Federal Trade Commission []Date:    17 April 2017 at 15:25Subject:    RE: RE: ftc refundIt seems we can claim a refund from the FTC.Check this out and give […]

Continue Reading »

Malware spam: “Company Documents” / and plus others

By on April 13, 2017 in Latest SPAM

This spam email does not come from Companies House, but is instead a simple forgery with a malicious attachment: From:    Companies House []Date:    13 April 2017 at 11:10Subject:    Company DocumentsSigned by: Company Documents This

Continue Reading »

Pump and dump spam: Quest Management Inc (QSMG) stock

By on April 11, 2017 in Latest SPAM

Following on from last month’s INCT pump and dump spam the Necurs botnet is now promoting Quest Management Inc (QSMG) instead. From:    Jenna GoffDate:    11 April 2017 at 13:37Subject:    FDA approval is about to send this stock up fifty foldWhy is Quest Management (Symbol: QSMG) guaranteed to jump 5,000% this month?They have a cure for […]

Continue Reading »