Amazon

Tuesday, 19 July 2016

Best spam/malware email fail of the year so far

Description:


Best spam/malware email fail of the year so far...


Message Body:

{nreceived}
date: {date}
from: {from_generated}
x-mailer: the bat! ({nthebat_3_ver}) {nthebat_3_type}
x-priority: 3 (normal)
message-id: <{digit}.{symbol}{digit}@{nhost}>
to: {mail_to}
subject: {subject}
mime-version: 1.0
content-type: multipart/alternative;
  boundary="----------{_nthebat_2_boundary}"

------------{_nthebat_2_boundary}
content-type: text/plain; charset=koi8-r
content-transfer-encoding: 8bit

{encode}{_body_text}{/encode}
------------{_nthebat_2_boundary}
content-type: text/html; charset=koi8-r
content-transfer-encoding: 8bit

{encode}




{_body_html}

{/encode}
------------{_nthebat_2_boundary}--




Cheers,
Steve

Monday, 18 July 2016

bank account report with attached zip Javascript malware.

Description:


bank account report with attached zip is Javascript malware #Locky #Malware

Headers:



Subject: bank account report

Message Body:

How are things?

Thank you very much for responding my email in a very short time. Attached is the bank account report. Please look at it again and see if you have any disapproval.

--
Yours faithfully,
Kenneth Anthony
MYSALE GROUP PLC
Phone: +1 (851) 555-20-91, Fax: +1 (851) 555-20-72

Attachment filename(s):


obc_889.zip


Sanesecurity Signature detection(s):

phish.ndb: Sanesecurity.Malware.26256.JsHeur.UNOFFICIAL FOUND

foxhole_filename.cdb: Sanesecurity.Foxhole.Zip_fs294.UNOFFICIAL FOUND

foxhole_js.cdb: Sanesecurity.Foxhole.Wsf_Zip_1.UNOFFICIAL FOUND



It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve