Spam

Heads up from the Microsoft Malware Protection Center.

Friendly spam carries Zbot
This morning I spotted a few messages from my mobile carrier in my email inbox. This was not surprising as, only a few hours prior, I had logged into the carrier’s website to pay the monthly bill. The standard mode of operation for my provider is to receive a bill via email, and a confirmation message after paying the bill, also through email.

Today, however, one message stood out in several ways. First, the subject line was quite varied from what I was expecting to see:

Important Account Information from Verizon Wireless TRACK-ID: 15730301098

At this time, there is limited detection among vendors – we identify it as PWS:Win32/Zbot.gen!Y.

http://blogs.technet.com/b/mmpc/archive/2011/12/06/friendly-spam-carries-zbot.aspx

Careful out there.

{ 0 comments }

Rejected Federal Tax Transaction Scam

by certifiedbug on October 4, 2011

in Internet Security

A malicious scam which continues to do the rounds with three caught by my spam filter, the transaction ID changes.

How does IRS e-file work?A. You or your tax professional, prepare your tax return. In many cases, the tax professional is also the Electronic Return Originator (ERO) who is authorized to file your return electronically to the IRS. Ask your tax professional to file your return through IRS e-file.You sign your electronic tax return by either using a Self-Select PIN for e-file for a completely paperless return, or by signing Form 8453, US. Individual Income Tax Transmittal for an IRS e-file Return.See ” If the return is electronic, how do I sign it?” for more information.After you sign the return using a Self-Select PIN or Form 8453,the ERO transmits the return to the IRS or to a third-party transmitter who then forwards the entire electronic record to the IRS for processing. Once received at the IRS, the return is automatically checked by computers for errors and missing information. If it cannot be processed, it is sent back to the originating transmitter (usually the ERO) to clarify any necessary information. After correction, the transmitter retransmits the return to the IRS. Within 48 hours of electronically sending your return to IRS, the IRS sends an acknowledgment to the transmitter stating the return is accepted for processing. This is your proof of filing and assurance that the IRS has your return information. The Authorized IRS e-file Provider then sends Form 8453 to the IRS.If due a refund, you can expect to receive it in approximately three weeks from the acknowledgment date – even faster with Direct Deposit (half the time as when filed on paper). If you owe tax, see “What if I owe Money?” for payment options available this year.

Internal Revenue Service,
Metro Plex 1,
8401 Corporate Drive, Suite 300,
Landover, MD 20785

Forbes. 6/23/2011
http://www.forbes.com/sites/kellyphillipserb/2011/06/23/tax-scams-making-the-rounds-again/

{ 0 comments }

Ach ‘payment canceled’ spam

by certifiedbug on September 28, 2011

in Internet Security

Resurgence of malicious ACH spam, the digit number changes randomly from email to email.

Keep your anti-virus application up-to-date and if the spam does arrive in the email box don’t click on links within or open any attachment.

The bad guys goal is to install a Zbot variant of a password stealing Trojan that also contains back door functionality. In other words the criminal gains unauthorized access and control of the infected computer.

Reference:
http://garwarner.blogspot.com/2011/05/ach-spammer-switches-to-shortened-urls.html

http://labs.m86security.com/tag/malicious-spam/

{ 0 comments }

Microsoft: Rustock Civil Case Closed

by certifiedbug on September 22, 2011

in Microsoft

The Official Microsoft® Blog

Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI
22 Sep 2011

As you may have read in this morning’s edition of CNET, on Sept. 13th, Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled that the domain names and Internet protocol addresses used to host the botnet would be effectively removed from the defendants’ control. This case not only enabled the take down of a botnet known to be one of the single largest sources of spam on the Internet, but it is now helping to ensure that this botnet will never be used for cybercrime again. However, we’re not stopping here.

We are also turning over all of the evidence we collected during discovery and our investigation to the FBI, to help ensure those responsible for operating the Rustock botnet are held accountable for their actions. It is important to note that Microsoft ‘s $250,000 reward offer for information that leads to the arrest and conviction of Rustock’s operators remains in effect, but now any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov.

Article:
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/22/rustock-civil-case-closed-microsoft-refers-criminal-evidence-to-fbi.aspx

Certifiedbug, July 18, 2011. Microsoft Offers $250,000 Reward for Information on Rustock

{ 0 comments }

Facebook-You have been made an Administrator

July 18, 2011

Uh Huh, thanks but no thanks “Madlen” This isn’t the first scammer on Facebook using this technique, I report such “events” as spam.

Read the full article →

Australia National Lottery 419

June 21, 2011

This old scam is still making the rounds looking for victims, one arrived in my mailbox. If you receive a similar email please do not respond to the scammer, just delete. http://www.419baiter.com/_scam_emails/lotto_scams/australia-national-lottery-fake-lotto-scam.html http://certifiedbug.com/blog/2006/12/29/consumeraffairs-top-10-scams-of-2006/

Read the full article →

Spam by any other name

June 20, 2011

Two times now. No. http://www.mywot.com/en/scorecard/na-d.marketo.com

Read the full article →

Play.com customer emails leaked?

March 21, 2011

That’s what people are asking. http://twitter.com/search?q=play.com%20spam http://forums.moneysavingexpert.com/showthread.php?t=3122462&page=3 http://news.netcraft.com/archives/2011/03/21/play-com-customer-emails-leaked.html

Read the full article →

Joint effort brings down Rustock Botnet

March 17, 2011

Microsoft On The Issues 17 Mar 2011 This operation, known as Operation b107, is the second high-profile takedown in Microsoft’s joint effort between DCU, Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused [...]

Read the full article →

Federal Reserve Spam and Scam

March 15, 2011

Caught in my spam filter. Date: Tue, 15 Mar 2011 From: info@federalreserve.gov Under “click here” was federalwiresuppliersglobal.info Domain ID:D37217046-LRMS Domain Name:FEDERALWIRESUPPLIERSGLOBAL.INFO Created On:15-Mar-2011 11:05:23 UTC Last Updated On:15-Mar-2011 11:05:35 UTC Expiration Date:15-Mar-2012 11:05:23 UTC More at Gar Warner’s Blog. Last week the big malware-spreading spam claimed to be from NACHA and warned about problems with [...]

Read the full article →