Sunday, July 08, 2007

'Ecard' spams are now showing 'abnormal activity'

The 'Ecard' spams have now switched over to 'abnormal activity' spams. Here's a summary of the subject lines:
  • Subject: ATTN!
  • Subject: Alert!
  • Subject: Malware Alert
  • Subject: Spyware Alert!
  • Subject: Spyware Detected!
  • Subject: Trojan Alert!
  • Subject: Trojan Detected!
  • Subject: Virus Activity Detected!
  • Subject: Warning!
  • Subject: Worm Activity Detected!
  • Subject: Worm Alert!
  • Subject: Worm Detected!
Here's an example body:
-------------------------------------
Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install http://XX.71.238.156/?7c634591933434671c16a2e59b1283bd17061a8 to remove worm files and stop email sending, otherwise your account will be blocked.

Customer Support
-------------------------------------

The exe on the linked site is now called 'patch.exe,' which is identified as 'Trojan horse TR/Small.DBY.DB' by Avira.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)