New variation of SSL Spam
We've received numerous emails about this already today. This is an update to a diary we did earlier this week.
The body of the spam today is:
Dear user of the <some company> mailing service! We are informing you that because of the security upgrade of the mailing service your mailbox (<user>@<some company>) settings were changed. In order to apply the new set of settings click on the following link: The email contains a link with a file to download. Some of the files we have seen are: settings-file.exe MD5: 0244586f873a83d89caa54db00853205 settings-file2.exe MD5: e6436811c99289846b0532812ac49986 The files are being detected by some anti-virus software programs at this time as Zbot variants. Thanks Jon, Frank, iTinker, Nick and others for your reports on this.
Keywords:
5 comment(s)
×
Diary Archives
Comments
----------------------------------
Received: from source ([213.21.97.141]) by eu1sys200amx117.postini.com ([207.126.147.14]) with SMTP;
Thu, 15 Oct 2009 05:01:31 GMT
Received: from 213.21.97.141 by mail-red.research.att.com; Thu, 15 Oct 2009 07:01:25 +0100
Message-ID: <000d01ca4d54$8bc16760$6400a8c0@lizapf5>
From: "support@target-domain.com" <support@target-domain.com>
To: <user@target-domain.com>
Subject: A new settings file for the user@target-domain.com mailbox has just been released
Date: Thu, 15 Oct 2009 07:01:25 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01CA4D54.8BC16760"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.71.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.00533/92.62311 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 3 (1.0000:1.0000) s cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <support@target-domain.com> [233/12]
X-pstn-disposition: quarantine
Date: Thu, 15 Oct 2009 07:01:25 +0100
From: "support@target-domain.com" <support@target-domain.com>
To: <user@target-domain.com>
Subject: A new settings file for the user@target-domain.com mailbox has just been released
Dear user of the target-domain.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (user@target-domain.com) settings were changed. In order to apply the new set of settings click on the following link:
http://target-domain.com/owa/service_directory/settings.php?email=user@target-domain.com&from=target-domain.com&fromname=user
Best regards, target-domain.com Technical Support.
----------------------------------
One of our users came round very confused although when i explained that if we had emailed him (internal mail) it wouldn't go through the spam filter at all.
MartynJSimpson
Oct 15th 2009
1 decade ago
Stephane
Oct 15th 2009
1 decade ago
Note the addition of the .polikko.eu to the domain name !
Karl
Oct 15th 2009
1 decade ago
"Note the addition of the .polikko.eu to the domain name !"
Actually they use a sub-domain of "polikko.eu". In the Text they only quote that sub-domain.
So it has nothing to do with "target-domain .com"
PS:
I am the holder of the "target-domain .com" domain, and I can assure that this junk does originate elsewhere.
This really is a pain in the butt :(
Harry
Oct 15th 2009
1 decade ago
Stephane
Oct 15th 2009
1 decade ago