Info collector

Malware spam: “Your Sage subscription invoice is ready” / noreply@sagetop.com

By on August 25, 2017 in Latest SPAM

This fake Sage invoice leads to Locky ransomware. Quite why Sage are picked on so much by the bad guys is a bit of a mystery. Subject:       Your Sage subscription invoice is readyFrom:       “noreply@sagetop.com” [noreply@sagetop.com]Date:       Thu, August 24, 2017 8:49 pmDear CustomerYour Sage subscription invoice is now ready to view.Sage subscriptions To […]

Continue Reading »

Multiple badness on metoristrontgui.info / 119.28.100.249

By on August 24, 2017 in Latest SPAM

Two massive fake “Bill” spam runs seem to be under way, one claiming to be from BT and the other being more generic. Subject:       New BT BillFrom:       “BT Business” [btbusiness@bttconnect.com]Date:       Thu, August 24, 2017 6:08 pmPriority:       NormalFrom BTNew BT BillYour bill amount is: $106.84This doesn’t include any amounts brought forward from […]

Continue Reading »

Malware spam: “Customer Service” / “Copy of Invoice xxxx”

By on August 23, 2017 in Latest SPAM

This fairly generic spam leads to the Locky ransomware: Subject:       Copy of Invoice 3206From:       “Customer Service” Date:       Wed, August 23, 2017 9:12 pmPlease download file containing your order information.If you have any further questions regarding your invoice, please call Customer Service.Please do not reply directly to this automatically generated e-mail message.Thank

Continue Reading »

Malware spam: “Voice Message Attached from 0xxxxxxxxxxx – name unavailable”

By on August 23, 2017 in Latest SPAM

This fake voice mail message leads to malware. It comes in two slightly different versions, one with a RAR file download and the other with a ZIP. Subject:       Voice Message Attached from 001396445685 – name unavailable From:       “Voice Message” Date:       Wed, August 23, 2017 10:22 am Time: Wed, 23 Aug 2017 14:52:12 […]

Continue Reading »

Malware spam from “Voicemail Service” [pbx@local]

By on August 22, 2017 in Latest SPAM

This fake voicemail leads to malware: Subject:       [PBX]: New message 46 in mailbox 461 from “460GOFEDEX” From:       “Voicemail Service” [pbx@local] Date:       Tue, August 22, 2017 10:37 am To:       “Evelyn Medina” Priority:       Normal Dear user:         just wanted to let you know you were just left a 0:53 long message (number […]

Continue Reading »

Cerber spam: “please print”, “images etc”

By on August 21, 2017 in Latest SPAM

I only have a couple of samples of this spam, but I suspect it comes in many different flavours.. Subject:       imagesFrom:       “Sophia Passmore” [Sophia5555@victimdomain.tld]Date:       Fri, May 12, 2017 7:18 pm–*Sophia Passmore*Subject:       please printFrom:       “Roberta Pethick” [Roberta5555@victimdomain.tld]Date:       Fri, May 12, 2017 7:18 pm–*Roberta Pethick* In these two

Continue Reading »

DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program

By on August 1, 2017 in Recent Vulnerabilities

Original release date: August 01, 2017 The Department of Justice (DOJ) Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program. US-CERT encourages users, administrators, and organizations to review the DOJ publication, A Framework for a Vulnerability Disclosure Program for Online Systems. This product is provided […]

Continue Reading »

BizSummits / ExecSummits make legal threats over a blog posting they admit is true

By on July 19, 2017 in Latest SPAM

I’ve been writing about BizSummits LLC and their former habits of being rather spammy for a few years now. In fact, the first spam I ever received from them was nearly a decade ago. To: “James Studer” [JStuder@[redacted]] Date: Tue, 6 Nov 2007 09:30:40 -0500 Subject: James, question. Hi James. On behalf of our board, […]

Continue Reading »

Necurs oddity II: avto111222@bigmir.net

By on July 19, 2017 in Latest SPAM

Yesterday I saw a series spam emails from Necurs apparently attempting to collect replies to super.testtesttest2018@yahoo.com. Although that campaign is continuing today, a new spam run with similar characteristics has started this morning. For example: From:    jKX Soto [ingmanz@redacted]Reply-To:    jKX Soto [avto111222@bigmir.net]Date:    19 July 2017 at 06:43Subject:    CQJPhDYNOXTC

Continue Reading »

Necurs oddity: super.testtesttest2018@yahoo.com / “hi test”

By on July 18, 2017 in Latest SPAM

This email is sent from the Necurs botnet and appears to be collecting automatic replies, using a Reply-To email address of super.testtesttest2018@yahoo.com. From:    Randi Collier [zegrtocbjez@hometelco.net]Reply-To:    Randi Collier [super.testtesttest2018@yahoo.com]Date:    18 July 2017 at 10:08Subject:    hihi test  The name of the sender and the “From” email vary, however the “Reply-To”

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X