USPS Delivery Problem NR5808038‏

Recently I got an email in my Unwanted Email box from Hotmail.

I do not check this often, so only noticed this now.
There was an email in it which caught my attention:
USPS Delivery Problem NR5808038‏

In the mail, there was a file called USPSLabel.zip. The content of the mail was the following:



Only the picture and the attachment were in the email, nothing more, nothing less.
The attachment was already removed by Hotmail as "unknown virus".


Conclusion:
USPS or any other Postal Service will not send you an email stating that you need to open an attachment. Certainly do not open the email when you have never used their services before.

If you did order with them and you are in doubt, do not reply on the email but simply navigate to their website (in this case: http://www.usps.com ) and look for contact details.

Additionaly, (correct me if I'm wrong) you can easily compare your tracking number with the one in the subject.

[SPAM] He found himself leading the process

Nothing new here, but interesting to note that this type of trick is still going around.

I am talking about an email you receive with (apparently) random text and attached a picture of viagra, cialis and other products you can buy at a very low price on some (Russian) website.

The email may look like this:

Email with attached picture.

With random text, I really mean sentences copy/pasted from books. Some examples:

On't stand it another winter!" "I'm not so sure it will be necessary,
after all," said their father, who seemed
to have dis

Source: Dab Kinzer by William O. Stoddard

The spiritual love their children
from their spiritual intelligence and moral life; thus they love them
from the fear of God and actual piety, or the piety of life, and at
the same time from affection and application
to uses serviceable to society, consequently from the virtues and
good morals which they possesse

Source: Delights of wisdom concerning conjugial love: after which follow pleasures ... by Emanuel Swedenborg

You can find either of these pictures in attachment:

Note: The URLs are already taken offline.

Picture 1


Picture 2


If we analyse the second link with VirusTotal's (fairly new) URL engine and URLVoid, we get these results:

VirusTotal - 0/6 (0.0 %) - VirusTotal Result
URLVoid - 3/17 (17 %) - URLVoid Result


Conclusion:
Again, do not open any attachments from senders you do not know or trust. If you see random text in an email and it doesn't seem to make sense, but you'd like to figure it out anyway, read more books or use your favorite search engine to look it up ;) .

please find enclosed.

Yesterday I received an email apparently coming from LinkedIn:



When we check the headers, the return path is: banquetedfwx14@rentanyapartment.com
I'm pretty sure LinkedIn does not use this email address for their communication ;) .

Enclosed is a file called resume_new.zip (40 KB)
MD5: 7227d2c555262145700be91ae991d91e
VirusTotal result is 25/43:
printable receipt.exe

Conclusion:
LinkedIn will not send you any emails where a "resume" is attached which is in fact an .exe file. Do not reply or open the attachment, simply delete the email.

[SPAM] Fresh event on Monday

A few days ago I received the following email:

-----Original Message-----
From: Clifford Hyatt [mailto:frobishere1@rothleycourt.com]
Sent: maandag 20 september 2010 15:37
To: *
Subject: Fresh event on Monday 9/27

Hey



Hope you are well.



Nissa asked that I email you information about the Fresh event we are hosting at Ger-Nis on Monday September 27th,
so if you wanted to you could be the mixologist and help us out with the drinks (beer and wine included).

Obviously, we will compensate you for your time, so if you are free,
we would love if you could help out!

Please find attached.

Please let me know as soon as you can.



Enjoy your weekend,

It contained an attachment called "02943Fresh event on Monday 927"

MD5: 69a8aca7452b5c1386f1933084dd5811
VirusTotal result: 20/43

At the time I was checking the link, it was already taken offline.
It tried to redirect me to http://nobletree.org/x.html .
Most probably you were redirected to a fake antivirus page.

Conclusion:

Please be careful when you receives messages from someone you
don't know, and certainly do not open any attachments.

Introducing: Roguevertising

I made this post a while ago at MalwareDatabase, and decided to post it here as well. Be careful though, some of the links can still be active.

Down below you can find the introduction of the post and a link to it:

Introducing: Roguevertising
A new term in the rogue industry – written by Bart P

Today I will be talking about a new trend that spreads itself quite quickly throughout the internet.
In this document I will try to explain what it is all about and provide additional information like screenshots and measures that can be taken to tackle these threats.

Link: http://malwaredatabase.net/blog/index.php/2010/06/14/introducing-roguevertising-2/