Category: Spam

Spam Campaigns using underscore char to mask links

Recently we posted an article where we talked about how spam campaigns using the character of the space to mask the malicious links, it’s now the turn of the underscore character. In recent days we have registered more than 800 spam messages that mask the links with the underscore character to bypass some antispam filters....
Continue reading...

Spam Campaigns using space char to mask links

A new wave of spam relating to the promotion of pharmaceutical products has flooded our emails. The new technique used by spammers to bypass antispam filters is to insert spaces in the string of the link that is spammed, which is in such a way that is not recognized as a url and it is […]
Continue reading...

Spam Campaigns go for RTF Documents

A new spam strategy is in the wild. We spoke on a recent article that spammers were using a new trick to bypass anti-spam filters by adding the text on an image and send the image attached as file. Now it seems they changed from image to RTF document: The attached file contains a redirect […]
Continue reading...

New spam strategy in the wild

Recently we noticed a big archive of spam messages related to selling various pharmacy products. But something was different from the old spam messages… no http links were present in the message. The surprise was attached in .gif or .jpg or .png format:
Continue reading...

Worm.Win32.Mabezat – problem winmail.dat

We have received a new spam email with the subject named problems from an unknown sender. In the email there was a file attached named winmail.dat Below there is the message of the email: When I had opened your last email I received some errors have been saved in the attached file. Please inform me […]
Continue reading...

Massive Storm_Worm E-Cards and Postcards Spam Emails

These days seem to be very havy the email-spreading of email worms (possible Storm_Bot), in 2 days we received about 20 emails and were all related to postcards and e-cards with attached a ZIP file with name as postcard.zip or e-card.zip. Today we received more than 10 spam emails with attached a ZIP file in […]
Continue reading...

Email Thank you for your application = Virus

We received a new email that contains a suspicious ZIP file named copy of your application.zip. The email looks like the same family of the previous Hallmark and fake Job CocaCola emails. The extracted file use the same trick as all the other spam emails, it add 8+ characters of space after the first extension […]
Continue reading...

PROHIBITED_MATRIMONY.rar Spam = Worm.Win32.Mabezat

We have recently received an email that contains a ZIP archive named: PROHIBITED_MATRIMONY.rar The subject of the email is: ABOUT PEOPLE WITH WHOM MATRIMONY IS PROHIBITED The file extracted from PROHIBITED_MATRIMONY.rar is named Readme.doc.exe and note that it has the double extension to trick the user to think that it is a norm...
Continue reading...

Hallmark E-Card and IKEA Fake Emails = Storm Bot

Today I received again an email from Hallmark E-Card with a suspicious ZIP file attached and with the following message: A file named, as always, postcard.zip and of less than 200 KB. If we extract the ZIP file, we see a new file with an extension as .SCR and with a filename length of more […]
Continue reading...

Christmas Postcard Spam and Trojan.Win32.Waledac

Steve sent me a sample of malware classified as Trojan.Win32.Waledac that he has received in some Christmas Postcard Spam emails with following subjects: Merry Christmas and best wishes just for you Merry Christmas 2009! A super Xmas card for you Merry XXXmas! You’ve got a Merry Christmas greeting e-card I made this e-card...
Continue reading...