Sunday, July 08, 2007

'Ecard' spams are now showing 'abnormal activity'

The 'Ecard' spams have now switched over to 'abnormal activity' spams. Here's a summary of the subject lines:
  • Subject: ATTN!
  • Subject: Alert!
  • Subject: Malware Alert
  • Subject: Spyware Alert!
  • Subject: Spyware Detected!
  • Subject: Trojan Alert!
  • Subject: Trojan Detected!
  • Subject: Virus Activity Detected!
  • Subject: Warning!
  • Subject: Worm Activity Detected!
  • Subject: Worm Alert!
  • Subject: Worm Detected!
Here's an example body:
Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install http://XX.71.238.156/?7c634591933434671c16a2e59b1283bd17061a8 to remove worm files and stop email sending, otherwise your account will be blocked.

Customer Support

The exe on the linked site is now called 'patch.exe,' which is identified as 'Trojan horse TR/Small.DBY.DB' by Avira.

No comments: