Category: Spam

Rogue security software XP Total Security spreads by email

We have received an email that states we have an unread message and someone has sent us a private message. But it does not state if the unread message is from a social network, it only says it comes from SecureMessage.System, as you can see from this image: The body of the email is this: […]
Continue reading...

Scam: Account suspicious activity – Facebook.Team

We started to receive emails that state our Facebook account has been blocked due to suspicious activity and to activate it we should click on a URL. Clearly this is a scam, the email seems to be sent by an email account from China, see the image below: This is an image of the body […]
Continue reading...

PayPal Phishing – HTML Attachment

Got a another phishing email today. The email came to an email I have registered to a PayPal account so it instantly caught my eye. I logged into my PayPal account using the correct URL, all is well. So this is obviously another phishing attempt, but not the typical kind. Typical message content, but they […]
Continue reading...

Facebook Spam Used For Canadian Pharmacy…again

More Canadian Pharmacy spam, this time in the form of a fake Facebook invite. Looks like a legitmate invite, but of course, its not. All links on the email point to: hxxp://204.177.184.101/~lgg/complicity.html There you can see the code will redirect the user without any interaction if JavaScript is enabled, if it isn’t it...
Continue reading...

Bredolab and FakeAV spread again with spam emails

We noticed in the past week a new wave of spam emails that contain a file attached in ZIP or RAR format that is used to spread the dangerous trojan Bredolab and the setup files of rogue security software (FakeAV). In some emails we have found a file attached with extension PDF that is used […]
Continue reading...

Spam emails Cartoline.exe spread Spy.Banker Trojan

In recent days we have registered a new wave of spam messages with subject as “Cartoline” that looked like to come from virgilio.it, and that contained a link that appeared to redirects the user to legitimate sites such as cards.virgilio.it. After analyzing the HTML in the message, we noticed that the link could redi...
Continue reading...

C’e’ una Cartolina per te! = Backdoor.IRC.Zapchast

We have noticed new waves of spam messages, this time in Italian language only, that promote the message “Happy Easter” and contain malicious links that redirect the users to download a file named BuonaPasqua.gif.exe, detected as Backdoor.IRC.Zapchast and it looks like to be an ircbot. Email headers: Sender: Cartolin...
Continue reading...

Mabezat worm and winmail.dat are back again

We have noticed in the past week a new wave of spam emails containing a file attached named, in all the cases, as winmail.dat. The attached file is, in real, a rar archive and it has extracted a file named Readme.doc .exe: Some of the subjects of the emails are: MBA new vision Web designer […]
Continue reading...

You have received an eCard = Zeus Trojan

We have detected a new wave of email messages that contain a ZIP archive attached named ecard.zip and that in real it is a malware and it contains the dangerous Zeus Trojan, that is commonly used to steal bank accounts. The file extracted from the ZIP archive is named ecard.exe: Report date: 7.2.2010 at 13.08.05 […]
Continue reading...

Bredolab trojan spreading through DHL scam emails

Recently we have noticed various spam emails that claim to be from DHL Customer Service with attached a .zip file named DHL_Label_1ae0a.zip of approximately 24 KB of size. The file extracted from the .zip archive is an executable file: Report date: 2.2.2010 at 20.58.00 (GMT 1) File name: DHL_Label_1ae0a.exe File size: 30208 byte...
Continue reading...