The Scam & Spam Report
Archive for the ‘Malicious Spam’ Category
Here’s an excellent example of a message that should not pass “Go” and proceed directly to the trash.
The attached ZIP file likely contains something nasty that will not be good for you or your computer.
If you’re a native English speaker, you will probably notice that this is worded a bit strangely. This is usually a good indication that you are dealing with a scam.
 |
| Spider Text:
Dear, |
Here’s the most recent batch of these “UPS Invoice” and “UPS Delivery Problem” spam e-mails with attached malware.
Just delete ‘em without opening!
|
From: UPS PostBox-Manager, Helen Ketner [ekcwk@ups.com] Sen. Frank Lautenberg Says He’s Cancer-Free Video: Sen. Robert C. |
|
From: UPS PostBox-Manager, Deanne Sluss [alakari@ups.com] Byrd’s passions: Poetry, power and home-state pork Justices extend |
|
From: UPS Manager, Adair Uhlenhopp [fasanet@ups.com] Byrd’s passions: Poetry, power and home-state pork Justices extend |
This one is not new, but it is still a nasty one. Since yesterday, I have received 8 of these types of messages, all caught by my virus scanner and rendered harmless.
I decided to do a little digging this time around and find out just a little bit more about these messages.
The nasty payload that accompanies these messages is contained in an attached image file with various names that are probably randomly generated. For example, the messages I received had infected JPEG images with the following filenames: 2664423.jpg, 5617431.jpg, 2478363.jpg, 4599357.jpg, 6464145.jpg, 6178909.jpg, 9222752.jpg and 2535916.jpg. If opened, the images look like this:
In addition to displaying the above image, the modified JPEG file will attempt to infect your PC with malware known as “FakeAlert.” At least that is the way my anti-virus application identified it. FakeAlert infects your PC and pops up messages on the user’s screen claiming that the PC is infected with a virus. Kind of ironic, huh? The messages lead victims to believe that they need to register an anti-virus program in order to rid their PC of the infection. As one might suspect, registering the alleged anti-virus program is not free, and the scumbag that sent the message most likely gets a cut of the profits.
The messages I received were sent by a number of mail servers which were probably compromised (“hacked”) by the senders of these messages. The servers that sent the spam messages to me were all located in the U.S., which is a little unusual when compared with most of the other spam I get, but the spammers have evidently found fertile ground on some systems here in the U.S. to spew out their crap from. They can always count on the fact that some system administrator has not properly secured their system or some new bug will come along that will allow them to exploit systems that they are not authorized to use.
This batch is also a bit different since the messages do not have the same bogus claims about a package that was intended for the recipient but was unable to be delivered. This time, it appears the messages are just a sentence or two that was probably scraped from a news site. Really does not make sense to get a message that is supposedly from UPS and contains random news headlines, but this may be a tactic that makes this spam appear more legitimate and have a better chance of bypassing spam filters.
Here are the ones that I received:
|
From: UPS Support, Misty Lelacheur [aerichter@ups.com] Analyst: Higher 2Q home orders for Lennar, KB Home The Most Awesome |
|
From: UPS Manager, Doug Eggleton [philalan@ups.com] Video: The Great Explorer, Part 2 Worker runs over people at Japanese |
|
From: United Parcel Service of America, Deane Schornick [maxxaz@ups.com] Existing home sales weak but supply falls Video: "Female Viagra" |
|
From: UPS PostBox-Manager, Martin Kauffman [fashionseal@ups.com] AP source: White House budget chief stepping down Salazar creates new |
|
From: United Parcel Service of America, Magdalena Scanlon [octf@ups.com] Election Problems Blog Dr. Phil Highlights CBS Investigation Obama |
|
From: UPS PostBox-Manager, Valarie Reinholtz [billcoons@ups.com] Remade in NY: French ex-1st lady has new life NM father, 2 sons die |
|
From: UPS Support, Quincy Cockshot [bawidmaier@ups.com] Emanuel Casts Barton Apology as GOP Philosophy "Shmutz" Report: NYC |
|
From: United Parcel Service of America, Carlene Carridine [mothena@ups.com] Stocks extend gains as China eases currency policy Gulf of Mexico oil |
Here’s one of those gems you just want to DELETE right away. Do NOT extract or open the attached file. It contains malware that you do not want on your computer.
In case you have not guess, this message is NOT from iTunes.
|
From: "iTunes Online Products" software@itunes.com Hello! You have received an iTunes Gift Certificate in the amount of $50.00 Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away. iTunes Store. |
I’ve saved the best for last today!
The last thing you want to do is look at the attachment that this low-life scumbag is sending out.
Don’t trust your anti-virus scanner to catch this one, because two of them on my PC did not, but VirusTotal did catch it. I know better than to open executable files (.exe) from people I do not know. If your scanner caught it, it’s better than the two I am using.
In case you have not guessed, the attachment includes a payload of nasty malware that will do who-knows-what to your computer.
Come to think of it, I’m not sure too many people with take the time to attempt to look at this idiot’s resume given the atrocious spelling and grammar.
If you see this one, just DELETE it without even opening it.
|
From: Rodger Baez [commiseratedxkf@rompala.com] Hello! I have figured out that you have an available job. Looking forward to your reply. |
This one must be going out to millions of people. It’s at least the third version of it I have seen, and yes, it also has the malware (virus) in it.
If you get this one, the best thing to do is just delete it even before reading it.
This message is not for UPS and is from some lowlife who wants to infect your PC with harmful software.
|
From: UPS Support Alexis Tatum [manager@ups.com] Hello! Unfortunately we failed to deliver the postal package sent on the United Parcel Service of America. |
Well, I’ll tell you one thing. If you open the attachment that came with this message, you might very well end up with a “Problem.”
The attachment contains a virus which was caught and removed by my anti-virus software and was not sent by UPS as it claims.
Nice try amateurs, but you didn’t make the cut!
For those who may have received this and opened the attachment, you may not notice much happening to your PC and think you are safe, but don’t be too sure. It’s very possible that the virus contained is designed to hide on your PC and monitor your activity with the intent of capturing passwords and other personal information.
If you think the virus may have infected your PC, you are strongly urged to scan it thoroughly for any sign of infection immediately.
|
From: Support Delmer Faulkner [manager@ups.com] Dear customer! We failed to deliver postal package you have sent on the 21st of United Parcel Service of America. |
Here’s a fresh and nasty one!
The link in this spam e-mail takes you to a site that will probably try to infect your computer with something nasty. It has been flagged by Google as a harmful site and a quick look at the source code on the site certainly makes me suspect that there’s something nasty going on.
Just get rid of this one, it’s bad news!
|
From: db1966@asobiomegalm1oj.j-navigator.net Importance: High < TABs and PILLS in trust medsh0p |
I haven’t seen one of these for quite some time, and it’s a nasty one.
As you can see, this loathsome spammer included a virus as an attachment to this e-mail message. More specifically, the “FakeAlert” trojan which generates phony messages that pop up one their screen making the victim believe that their system is infected with a virus (kind of ironic, eh?) and then tries to convince them to purchase some useless virus-removal software. It also creates shortcuts to porn sites. How lovely!
As you can see, my anti-virus program detected the virus from this message and removed it before it even reached my in-box. This spammer is obviously an amateur.
Nice try scumbags, but this time, you lose.
|
From: UPS Manager Naomi Christopher [parcel.delivery@ups.com] Viruses found in the attached files. The original message follows: Unfortunately we failed to deliver the postal package sent on the 7th United Parcel Service of America. Checked by AVG – www.avg.com |
Not familiar with “Liberty Reserve” but the one thing I do know is that I do not have an account with them.
There was attachment with this one, which I suggest you do not open. Just delete this message. It’s bound to be nothing but trouble.
|
From: "robot" do_not_reply_i_robot@libertyreserve.com Under the agreement, Liberty Reserve upgraded equipment. Please do not reply to this automatically generated email message. |