Spyware Sucks

SPAM: “ACH and WIRE transaction”

Of course, you don’t want to open that attachment.

We would hope that the poor standard of English in the email would alert most readers… “departament”, “you transaction abilities”, “have” instead of “has”, “your security version” etc.

Spam: Re: Scan from a Xerox W. Pro #1988437

Again we all know not to open the attachment, yes?

Spam: ACH Payment Canceled

We all know not to open the attachment, yes?

ALERT: Fake Facebook “Friend Request” emails

As always, you can see by hovering your mouse cursor over the “Confirm Friend Request” or “See All Requests” buttons that the URL you would be taken to is NOT a legitimate Facebook URL.

Please, don’t be tempted to visit the page – there is every chance the page will contain various security exploits designed to automatically infect your computer with who knows what nasty stuff.

A new (to me) malware spam

I haven’t seen this particular malware spam before – obviously it is not the real thing :)

Note the @nyc.gov email address.

The message path is interesting – the email *apparently* originated from nyc.gov (167.153.240.51) to be picked up by 115.240.131.132 (obbh.com - India Delhi Rcom-wireless-1x-mumbai).

Interestingly, 167.153.240.51 does, apparently, host nyc.gov as well as nycppf.org - the host resolves as prtl-drprd-web.nyc.gov.

So, are we looking at forged headers or a problem affecting nyc.gov? Note how the dates are screwy – according to the headers the mail was sent from 167.153.240.51 on 3 August but wasn’t passed on by 115.240.131.132 until the 17th of August?

The attachment is definitely bad – when unzipped the contents (a single file) has a PDF icon but is actually an EXE:
http://www.virustotal.com/file-scan/report.html?id=03bb5be0e6d29420526eb47fbed0558a0c72a9f1b6b41d1dadd280eca4a69f1f-1313626987

“Internet Explorer users have low IQs” study was a hoax – well done and said Graham

Source: http://nakedsecurity.sophos.com/2011/08/03/media-hoax-internet-explorer-users-dumb-research/

“It turned out that many websites (CNN, BBC, NPR, CNET, Forbes, the Daily Mail, Mashable, the Daily Telegraph are just a handful) had been duped in recent days by supposed research from AptiQuant showing that users of Internet Explorer scored lower than average in IQ tests.”

Totally off topic, but made me smile

Seen at the end of an email received overnight

Another fake Twitter spam

It’s obvious when you hover over the hyperlink that you won’t end up at Twitter if you click on the hyperlink. 

An interesting description of Trojan.FakeAV.LVT

Source: http://xylibox.blogspot.com/2011/07/trojanfakeavlvt.html

An important take-away from this article is that the fake AV studied can search out and replace via impersonation legitimate antivirus software that is installed on the user’s computer.  Scary as that sounds, there are obvious signs to the experienced eye that something is wrong, as you will see from the screenshots. The typical computer user, unfortunately, is fooled more easily.