You know the ones – “Package Tracking Details”, “Fedex Shipment Details” or “Express Tracking Notification”.

If you regularly deal with these companies it may not come as a surprise, but if you’re not expecting a shipment, you may be thinking of clicking on the links to check this “shipment”.

As usual, it’s a good idea to not click the links! Try logging into your account on their actual website, or call them to check.

With the coming Holidays, it’s only natural to expect some shipments – and the spammers are taking advantage of this, and even dropping names like “Amazon” or major store names to try and lure you to click on their links and load their malware on your computer.

- Take care when reading these emails, and be careful what you click on.

The emails appear to show that a company has put a sale on a credit card of yours.

There’s an attached .pdf file, which many people have been opening.

Though hitting older vulnerabilities, the javascript is obfuscated and has been getting through some filters.

The email sample they showed was:

Thank you for ordering from Cell Phone Inc.

This message is to inform you that your order has been received and is currently being processed.

Cell Phone Inc.

The good old “rule of thumb” of not clicking on anything, and being very careful with attachments would be well advised here.

Link to the original article.

US-CERT encourages users to take the following measures to protect themselves:

• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Maintaining up-to-date anti-virus is vital. Some appliances, like the Barracuda Spam & Virus Firewalls that are used by CudaMail.com to filter mail are updated on a constant basis.

US-CERT will provide additional details as they become available.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.avertlabs.com/research/blog/index.php/2009/04/27/swine-flue-spam/

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

US-CERT is aware of public reports of malicious code circulating via spam email messages related to bogus terror attacks in the recipient’s local area. These messages use subject lines implying that a fatal bomb attack has occurred near the recipient and contain a link to “breaking news.”

Users who click on the link will be taken to a site posing as a Reuters news article that contains a bogus news story about the fatal bomb attack. The systems serving the bogus news story check a visiting user’s IP address to obtain a geographical location to insert a nearby placename into the bogus article. The articles also contain links to video content, claiming that the latest Flash Player is required to view the video.

If users attempt to update or install the Flash Player from the link provided in the article, their systems may become infected with malicious code.

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:
* Install antivirus software, and keep the virus signatures up to
date.
* Do not follow unsolicited links and do not open unsolicited email
messages.
* Use caution when visiting untrusted websites.
* Use caution when downloading and installing applications.
* Obtain software applications and updates directly from the
vendor’s website.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Relevant Url(s):

====
This entry is available at
http://www.us-cert.gov/current/index.html#waledac_trojan_horse_spam_campaign

]]> http://www.thespamcryer.com/stimulus-packages-stock-brokers-and-trojans-oh-my/feed/ 0 http://www.thespamcryer.com/8-signs-that-job-you-found-online-is-a-scam/ http://www.thespamcryer.com/8-signs-that-job-you-found-online-is-a-scam/#comments Mon, 08 Dec 2008 16:22:45 +0000 Shaun http://www.thespamcryer.com/?p=155 With both the holiday and the economic down turn just around the corner it is tempting to

While it is nice that spam volume has declined some since McColo has been shut down there is still a lot of messages out there that are spam and a vacuum right now waiting to be filled by other spammers.

While there is a temporary lull in spam volume the underlying problem still remains. The SMTP protocol that we all rely on and both love and hate was originally designed when the Internet was a small well-run network and everyone knew everyone else or knew someone who knew them and could vouch for each new connection or request to relay mail for someone. Open Relay mail servers were the norm and not the exception. Today you can

Here’s what the study shows:

A tiny response means spammers still cash in (PA)

By hijacking a working spam network, US researchers have uncovered some of the economics of being a junk mailer.

The analysis suggests that such a tiny response rate means a big spam operation can turn over millions of pounds in profit every year.

It also suggests that spammers may be susceptible to attacks that make it more costly to send junk mail.

Slim pickings

The spam study was carried out in early 2008 by computer scientists from University of California, Berkeley and UC, San Diego (UCSD).

For their month-long study the seven-strong team of computer scientists infiltrated the Storm network that uses hijacked home computers as relays for junk mail.

At its height Storm was believed to have more than one million machines under its control.

The team, led by Assistant Professor Stefan Savage from UCSD, took over a chunk of the Storm network to make it easier to run their study.

“The best way to measure spam is to be a spammer,” wrote the researchers in a paper describing their work.

They created several so-called “proxy bots” that acted as conduits of information between the command and control system for Storm and the hijacked home PCs that actually send out junk mail.

The team used these machines to control a total of 75,869 hijacked machines and routed their own fake spam campaigns through them.

The research team created a legitimate looking pharmacy site.

Two types of fake spam campaign were run through these machines. One mimicked the way Storm spreads using viruses and the other tried to tempt people to visit a fake pharmacy site and buy a herbal remedy to boost their libido.

The fake pharmacy site was made to resemble those run by Storm’s real owners but always returned an error message when potential buyers clicked a button to submit their credit card details.

While running their spam campaigns the researchers sent about 469 million junk e-mail messages. The vast majority of these were for the fake pharmacy campaign.

“After 26 days, and almost 350 million e-mail messages, only 28 sales resulted,” wrote the researchers.

The response rate for this campaign was less than 0.00001%. This is far below the average of 2.15% reported by legitimate direct mail organisations.

“Taken together, these conversions would have resulted in revenues of $2,731.88