ThreatTrack Security - Malicious Spam Alerts
CNN Malaysian Airlines Breaking News Spam

image

Subjects Seen:

  1. CNN Breaking News - Malaysian Boing 777

Typical e-mail details:

Ukraine recognizes that hit a Malaysian Boing 777
Malaysia Airlines flight 17 shot down in Ukraine.
FULL STORY

Malicious URLs:

  1. firstfiresystems.com/images/CNN_breaking_news_read_now.exe

Malicious File Name and MD5:

  1. CNN_breaking_news_read_now.exe (57D5055223344CF8814DCFC33E18D7E6)

ThreatAnalyzer Report Here

Lloyds Bak Remittance Spam

Subjects Seen:

  1. Remittance Advisory Email

Typical e-mail details:

Thursday 24 July 2014

This is a Remitter Advice following the submission of a payment instruction by Lloyds Bank Plc.

Please review the details of the payment here.

Malicious URLs:

  1. chesstoyoublog.com/wp-content/uploads/2013/10/report934875438jdfg8i45jg_07242014.exe

Malicious File Name and MD5:

  1. report934875438jdfg8i45jg_07242014.exe (7E3E28320D209A586917668E3B8EAC40)
AT&T Wireless Bill Spam

Subjects Seen:

  1. Your AT&T wireless bill is ready to view

Typical e-mail details:

Dear Customer,

Your monthly wireless bill for your account is now available online.

Total Balance Due: $1480.68

Log in to myAT&T to view your bill and make a payment. Or register now to manage your account online. By dialing *PAY (*729) from your wireless phone, you can check your balance or make a payment - it’s free.

Smartphone users: download the free app to manage your account anywhere, anytime.


Thank you,
AT&T Online Services

Malicious URLs:

  1. castlestrategies.net/css/new_7g1.exe

Malicious File Name and MD5:

  1. new_7g1.exe (A8F323869A5D9471BD2C7B33550D7F81)
Invoice Spam

Subjects Seen:

  1. Haun Welding Invoice

Typical e-mail details:

Rex Dennis ,

Attached you will find a number of invoices from Haun Welding Supply INC.

Thank you for your business

This is the only copy of this invoice you will receive.
It will not be mailed
They include these invoice numbers:
3843983 0257140 

If you have any questions please contact our credit department at 850 052-7140 

Malicious File Name and MD5:

  1. Invoice.pdf.scr (9EAB7C9AEB9DEB3223C86584AC1D62C8)
  2. Invoice.pdf.zip (1CAD2AA84363233C6A9EB4E2ABE70465)
Bank of America Activity Alert Spam

Subjects Seen:

  1. Activity Alert: A Check Exceeded Your Requested Alert Limit

Typical e-mail details:

Activity Alert

A check exceeded your requested alert limit

We’re letting you know a check written from your account went over the limit you set for this alert.

For more details please check attached file

Malicious File Name and MD5:

  1. report072114_349578904357.exe (23E32D6A9A881754F1260899CB07AC55)
  2. report072114_349578904357.zip (4FE1365C55AA0C402384F068CDA7DF8E)
Law Firm Spam

Subjects Seen:

  1. Notice of appearance

Typical e-mail details:

Notice to Appear,

To view copy of the court notice click here. Please, read it thoroughly. Note: If you do not attend the hearing the judge may hear the case in your absence.

Malicious URLs:

  1. encoretaxcpa.com/wp-content/plugins/pm.php?notice=rAKMA0yBTjJaHycjLxYiPxWIuHzgUE6cEU/ZGGio7m4=
NatWest Secure Message Spam

image

Subjects Seen:

  1. You have a new Secure Message

Typical e-mail details:

You have received a encrypted message from NatWest Customer Support

In order to view the attachment please open it using your email client ( Microsoft Outlook, Mozilla Thunderbird, Lotus )

Please download your ecnrypted message at:

goo.gl/1dlcL3

Malicious URLs:

  1. webbedenterprisesinc.com/message/Document-6936124.zip
  2. lavadoeimagen.com/Document-09962146.zip

Malicious File Name and MD5:

  1. Document-<random>.scr (2A835747B7442B1D58AB30ABC90D3B0F)
  2. Document-<random>.zip (323706E66968F4B973870658E84FEB69)
E-Z Pass Spam

Subjects Seen:

  1. Indebted for driving on toll road

Typical e-mail details:

Dear customer,

You have not paid for driving on a toll road. This invoice is sent repeatedly,
please service your debt in the shortest possible time.

The invoice can be downloaded here.

Malicious URLs:

  1. krsk.info/components/api/aHZ/WVeiJ0vWJCZzh9O0pXzmah/NtSjknz1hSYIcsqQ=/toll
USPS Label Spam

Subjects Seen:

  1. Ship Notification

Typical e-mail details:

Notification

Our courier couldnt make the delivery of parcel to you at June 17 2014.
Print label and show it in the nearest post office.
Download attach . Print a Shipping Label NOW

Malicious File Name and MD5:

  1. Notification.zip (C44F58432832C2CA9C568939F7730C83)
  2. Notification_72384792387498237989237498237498.exe (2C286A551D3ED1CAFFB0F679F9473E65)
Credit Agricole French Spam

Subjects Seen:

  1. Contrat Commercant N: 8439284

Typical e-mail details:

Bonjour,

Enchante d’avoir fait votre connaissance. Je vous confirme que j’ai bien recupere les documents..

Pouvez-vous me dire si vous souhaitez conserver le contrat commercant n°8439284 ? En effet, sans action de notre part, il sera automatiquement resilie le 02 juin 2014.

Pour  eviter  automatiquement resilie  accorder  2  minutes  au  service  Credit Agricole  en remplissant le formulaire ci-joint.

Cordialement.

Juliet Fry
Vos appels sont enregistres pour un meilleur service client / Your calls are recorded for a better customer service
Assistant Commercial | Agence des Grands Clients | Credit Agricole
103 avenue des Champs-Elys&#233;es 75008 PARIS

Malicious File Name and MD5:

  1. Contrat_01072014.scr (9BDFE6453EBF832ECC125A0B48793DBE)
  2. Contrat_1268664.zip (DDCDB0A6643C1433FB9F38A6B3F6BD7E)