Comments

All quiet on the malware front — 6 Comments

  1. We’re still getting malspams in. Todays is
    From: mailer-daemon (Header:info@footballplayers1.gq)
    Date: 2016-06-09 14:03:23
    Subject: Failed on delivery

    Contains a zipped word doc which Kaspersky catches
    Contents are from Royal Mail something about a mis-delivery of a parcel

  2. Also getting the occasional zipped vbs, exe and js but they’re disallowed file types. We’re not getting flooded like we used to though.

  3. Text from failed on delivery

    Dear customer,

    We have attempted to deliver your item
    The delivery attempt failed because nobody was present at the shipping address, so this notification has been automaticlly sent.
    You may arrange redelivery by visiting the nearest Royal Mail Office with the printed shipping invoice mentioned below.

    If the package is not scheduled for delivery or picked up whitin 48 hours, it will be returned to the sender.

    Expected Deliver Date: 07.06.2016
    Class: Package services
    Service(s): Delivery Confirmation
    Status: eNotification sent

    To check pn the delivery status of oyur mailing or arrange redelivery please visit the following URL:
    https://www.royalmail.com/track-your-item

    2016 UPS Corporation

    *** This is an automatically generated email, please do not reply ***
    Mailing address 101 / 838 Collins St Docklands Vic 3008

    ABN 34 127 334 785

    Royal Mail Team

  4. It may be the multi-billion-dollar crimeware industry has just taken a break to redo their strategic plan, just as other “corporate” types do. I’m certain it’s still there – you can see it here:
    https://www.av-test.org/en/statistics/malware/
    … I’d like to see it all “go away”, but in this world – ‘not gonna happen. Only in the next life…
    //

  5. On the phishing thread –
    If you want to see real, live email addresses that phishing results are being sent to, go to usenet, group alt.binaries.hackers.malicious
    I have been collecting the zip files they have left behind for a while now, and they are posted using their email addresses.
    Lately I also include where I downloaded them from. You might think that irresponsible but I also asked the hosts to remove.
    I also gave a tip to tips.fbi.gov about where they could find this information if they wanted to investigate the email addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *