Email messages coming from UPS with the subject “Postal Tracking #FDD4Q22514LDU4N” and the attached file UPS_DOC_986001.zip are part of a new malware distribution by email. MX Lab intercepted the first samples of a new variant that is only detected by 5 of the 40 AV engines of Virus Total.
The body of the email:
Hello!
We were not [...]
New ZBot trojan detected in UPS tracking emails
New Western Union MTCN trojan
MX Lab intercepted a new ZBot trojan today that is being distributed in the famous “Western Union MTCN” format. The message subject is “Western Union Transfer MTCN: 5815328212″. The attached file is a compresses zip archive WesternUnion_SPL90710021.zip containing the malware WesternUnion_SPL90710021.exe. Please note that the numbers in the subject line and/or attachment and executable can [...]
Health.com branding used in spam
A few days earlier we reported that the branding of Auslogics Software was being used in a spam campaign. We now noticed that Health.com has been subject of such abuse.
MX Lab intercepted spam messages with a Health.com branding. The image below shows us a mailing template with the Health logo, an image for viagra and [...]
Belgian court condemns 18 persons regarding Nigerean spam
The correctional court of Brugges, Belgium, condems 18 persons with prison sentences from 2 to 6 years for sending out fraudulent spam between Februay 2007 and November 2008.
In the Nigerian spam emails they claimed to have a fund in Ghana where a substantional amount of money was blocked after a woman died in a car accident. The small [...]
New version of the Zbot-I trojan
A message with the subject line “Fwd: Look and tell…” that has been intercepted by the zero hour anti virus at MX Lab caught our attention. When submitting the details to Virus Total, only 14 of the 40 AV engines did detect this one. The email has the ZIP file attached named Info04.zip and when [...]
Auslogics Software logo used in spam
When spammers send their messages they try to hide their tracks by spoofing the From address in each message. Sometimes using valid domains or even real email addresses. In some cases they also try to gain credibility by using a brand, a logo or any other style of a real company.
In this case, the victim [...]
Phishers use Federal Reserve Bank to warn about phishing
Phishers send out a warning regarding a country-wide phishing attack and use the Federal Reserve Bank as the origin. The email is sent from Corporate Banking Alert <cmsupport@federalreservebank.com> – this is spoofed because the real SMTP From address is quite different.
Some subject samples:
Federal Reserve Bank – Urgent Security Notification
Federal Reserve Bank – Customer Service Notification
Body [...]
Western Union MTCN trojan variant
MX Lab intercepted emails with attached malware Trojan-Spy.Win32.Zbot.tnt regarding a failed money transfer that is handled by Western Union. The email subject is “Western Union Transfer MTCN: 9439449215″ – note that the number is random and will change with each message – and is coming from support@westernunion.com – is obviously spoofed.
The body of the email:
Dear Client!
The [...]
Swine flu inspires spammers
While the media cover each new outbreak of the swine flu, also known as the Mexican flu here in Belgium, spammers get inspired to use the subject in their spam campaigns. Here we have some examples.
Commtouch reported about two spam outbreaks regarding the swine flu. The first outbreak had ’swine flu’ in the subject line [...]
