Robert L. Weiner: Nonprofit Fundraising Technology Consulting » Viruses

Lame spam of the day: I’m in trouble!

Robert — Thu, 22 Dec 2011 18:12:16 +0000

Don't people know not to click links in weird emails from strangers? Probably not. This site says the link leads to malware.

Sender: Svetlana@rlweiner.com (My domain -- no Svetlanas work at my company)
Subject: Fwd: I'm in trouble!
Text:
I was at a party, got drunk, couldn't drive the car, somebody gave me a lift on my car, and crossed on the red light!
I've just got the pictures, maybe you know him???
Here is the photo (link leads to http://djnmusicstudio.com/wp-content/themes/classic/jhmxl.htm?I35=XL0C4D66LLT7M0662G25KRY&1US0=US2I9OKK&67QM=4XY6G2O9Y1R7544P2&Q7C7=3S3J309789CJ95A89SS0A&9SJR2Q=SQFE7ZJ6AAO&YPJ=6GUM395IAJCUJ9YDF7XHTH8&OWMW0=8MTL1IFTP9R8O2WTG&PKC20X=J982Q0J26M9DIUB&)

I need to find him urgently!

Thank you
Svetlana

MD5 check sum: 4999b6f8af3e65c8a5c3e6f3e1d4999b

Lame spam of the day: NYC traffic ticket

Robert — Mon, 12 Dec 2011 17:43:04 +0000

This is the first one like this I've seen -- a speeding ticket. If I'd driven in New York in October I might be curious enough to click (well, I wouldn't, but someone might). Apparently this one has been floating around for a while and delivers malware.

Sender: support@rlweiner.com (me!)
Subject: Fwd: Re: TRAFFIC TICKET
Text:
NYC — Department of Motor Vehicles
TRAFFIC TICKET
NYC POLICE DEPARTMENT
THE PERSON CHARGED AS FOLLOWS

Time: 4:14 AM
Date of Offense: 27/10/2011

SPEED OVER 90 ZONE
TO PLEAD, PRINT CLICK HERE AND FILL OUT THE FORM (link leads to http://motorcitysports.net/kqtmh.htm?U4BPET=9VPEX8EECYK&WV3S6L=161WHHX67AALE5VBIL74XG3&)

MD5 check sum: 251eb0e983cafb0e9888304146a567dd

Lame spam of the day: The variant of the contract you’ve offered has been delcined.

Robert — Fri, 09 Dec 2011 17:36:20 +0000

I just love the subject line in this one. Wow, very creative syntax (though the misspelling of "declined" lessens the impact). I also got a second version, but the subject was much more prosaic. This blog says the links download malware.

Version 1:
Sender: Argelia Vogel (SterlingGroesbeck@myexcel.com)
Subject: The variant of the contract you've offered has been delcined.
Text:
After our legal department studied this contract carefully, they've noticed the following mismatches with our previous arrangements. We've composed a preliminary variant of the new contract, please study it and make sure that all the issues are matching your interests
Contract.doc 84kb (link leads to http://dsdinternational.net/images/dsrwk.htm?FMCGCYP=MH82W31MC&089=1RY6NFZN&YYA66YM=I2CU1XELWV0YSTMK632IUWPT4&HJEL=UQPI4T3&CAB4RT4=51LIGZMZ29T80052AXHWBSA9&04KZQW4=QK5T9UA8C8AXGGHZ8J&)

Best Wishes
Argelia Vogel

Fingerprint: 172d59c7-2d5b834b

Version 2:
Sender: Catharine Padgett (NiamhStabler@visi.net)
Subject: We're breaking the contract
Text:
According to the violation of the paragraph §11.6.7 of our contract, we're obliged to inform you that we're breaking the contract with you. You can find the original letter with signatures and stamps attached as well as the legal basis for this step after you follow this link.

Contract.doc 119kb (link leads to http://pokerlogic.ca/forum/kysgw.htm?0JDH0=LXZKAZNARHOSCT&WHC=8JTSQ4KRSFYL&SGY=WKE20ZCFAN9K8HBUU1J9P2R&F82L6SE=L05FZB1O9DLWJ9DS3TJ16K3U&BVAGK=A8XB9J4T25TR6BP&Q8M7LF=IE342QA6JD4&J8Y=I8E58E20NMTR&)

Best Wishes
Catharine Padgett

Fingerprint: c0372849-28e1116b

Lame spam of the day: BBB service Re: Case # (various numbers)

Robert — Wed, 07 Dec 2011 18:11:30 +0000

I got 7 versions of this today, at 2 different email addresses. They included an attachment called bbb_logo.jpg but no graphics in the message body. A friend posted about them on a listserve and said that clicking the link downloads a virus.

This scam has been around for a while. Here's an article about a similar batch in 2007.

Version 1:

Sender: ::Better Business Bureau:: (support@bbb.org)
Subject: BBB service Re: Case # 87348414

Text: Attn: Owner/Manager
The Better Business Bureau has been sent the above mentioned complaint from one of your associates on the subject of their business relations with you.
The details of the consumer's concern are included in attached file.
Please examine this issue and notify us of your opinion.
Please click here to respond this complaint. (The "click here" link leads to http://38.106.32.183/09d78c/index.html)

We look forward to your prompt reply.

Sincerely,
Roland Dani
Better Business Bureau
________________________________________
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Version 2:

Same sender

Subject: Re: BBB Case # 31889235

Text:
Attn: Owner/Manager
The Better Business Bureau has been filed the above mentioned complaint from one of your associates in respect of their dealings with you.
The details of the consumer's concern are included in enclosed file.
Please give attention to this case and advise us of your standpoint.
We kindly ask you to click here to answer this complaint. (The "click here" link leads to the same link as above - http://38.106.32.183/09d78c/index.html).

We look forward to your prompt response.

Sincerely yours,
Louis Gerald
Better Business Bureau
________________________________________
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Version 3:

same sender

Subject: Re: Case # 23378891
Text:
Attn: Owner/Manager
The Better Business Bureau has received the above-referenced complaint from one of your customers on the subject of their dealings with you.
The details of the consumer's concern are presented in enclosed document.
Please examine this problem and let us know about your point of view.
We kindly ask you to click here to reply this complaint. (The "click here" link leads to http://rashidyounus.com/a40d6b/index.html).

We look forward to your urgent reply.

Sincerely yours,
Stacie Nieves
Better Business Bureau
________________________________________
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Version 4:

same sender again, but a different subject

Subject: BBB Complaint activity report
Text:
Hello,
The Better Business Bureau has got the above-referenced complaint from one of your clients in respect of their dealings with you.
The detailed information about the consumer's concern is explained in attached document.
Please review this problem and notify us of your standpoint.
We kindly ask you to click here to answer this complaint. (The "click here" link leads to http://queplacer.com/393304/index.html)

We look forward to your prompt attention to this matter.

Faithfully yours,
Louis Gerald
Better Business Bureau
________________________________________

Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Version 5:
Sender: ::Better Business Bureau:: (info@bbb.org)
Subject: BBB Complaint activity report
Text:
Dear Sirs,
The Better Business Bureau has received the above mentioned complaint from one of your customers on the subject of their business relations with you.
The details of the consumer's concern are presented in enclosed file.
Please review this question and notify us of your opinion.
Please click here to answer this complaint. (The "click here" link leads to http://38.106.32.183/09d78c/index.html)

We look forward to your prompt reply.

Sincerely yours,
Paula Tap
Better Business Bureau
________________________________________

Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Version 6:
Sender: ::Better Business Bureau::(manager@bbb.org)
Subject: Re: Case # 29354013
Text:
Attn: Owner/Manager
The Better Business Bureau has been sent the above mentioned complaint from one of your associates on the subject of their business relations with you.
The details of the consumer's concern are contained in enclosed document.
Please give attention to this problem and notify us of your point of view.
We kindly ask you to click here to reply this complaint. (The "click here" link leads to http://rcegroup.net/34100d/index.html)

We look forward to your urgent reply.

Yours faithfully,
Anita Emil
Better Business Bureau
________________________________________

Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Version 7:

Sender: ::Better Business Bureau:: (alerts@bbb.org)
Subject: Your customer’s complaint
Text:
Dear Sirs,
The Better Business Bureau has received the above mentioned complaint from one of your associates regarding their dealings with you.
The detailed information about the consumer's concern is included in attached document.
Please review this matter and inform us about your standpoint.
Please click here to reply this complaint. (The "click here" link leads to http://38.106.32.183/09d78c/index.html)

We look forward to your prompt reply.

Sincerely,
Paula Tap
Better Business Bureau
________________________________________

Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Downadup Worm on the Rampage

Robert — Sat, 24 Jan 2009 03:59:02 +0000

Internet security firm F-Secure has estimated that more than 3.5 million computers have been infected with the Downadup worm, a malicious program. The worm, also known as Conficker, uses a major flaw that Microsoft patched in October to remotely compromise computers running unpatched versions of Windows.

Infected computers become members of a worldwide botnet. F-Secure predicts that the botnet could be huge, "giving the malware gang a free hand to do whatever they want with all of the infected machines."

According to the San Francisco Chronicle:

Security vendors haven't figured out what payload the Downadup/Conficker worm plans to deliver, but it's not good. "This could be the biggest infection we've ever seen," said David Perry, global director of education at Trend Micro in Cupertino. "We know they're intentionally infecting a mass audience."

Perry offered the following advice to secure your machines:

CNN Top 10 Virus

Robert — Thu, 07 Aug 2008 00:36:34 +0000

A new virus is circulating in the form of a CNN Daily Top 10 newsletter (my brother was an unfortunate victim). A description was posted at http://blog.mxlab.be/2008/08/04/cnn-daily-top-10-leads-users-to-site-hosting-malware/. Postings on that site say that the AntiVir free antivirus and ComboFix will remove it.