SlideShare a Scribd company logo

Malware SPAM - January 2013

Brent Muir
Brent Muir

Analysis of malicious SPAM emails received January 2013

Technology
1 of 2
Download to read offline
MALWARE SPAM – JANUARY 2013 Type - Sent from Sent from Contains my Type - Criminal malformed compromised email Total # Type - Type - Green Type - Type - Background Type - Malicious Malicious Attachment Attachment Attachment email known address in Received Viagra Job Card Banking LinkedIn Check Other Link Attachment Type - .ZIP Type - .DOC Type - . PDF header contact "TO" field 8^ 1 1 1 2 0 2 1 7 0 - - - 7 0 5 * Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. ^ January 2013 is not a complete month due to the automatic deletion rules of my account
JANUARY 2013 - DETAILS Sent from Sent from Contains my email Malicious Link Malicious Attachment malformed compromised address in "TO" Date Type Link Shortener Link Masking Link Host Link Risks Attachment Type email header known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) field fineoffr.com - Unknown (do4u.co.il, a.gtld- fineoffr.com - Yes servers.net) USA Green phpconvey.com, fineoffr.com (WhoisGuard) phpconvey.com - Israel (do4u.co.il, digital- fineoffr.com - UK 1 14/01/2013 Card Yes No Yes - Basic phpconvey.com No - Yes No canforward.com (via mail.visimail.org ) phpconvey.com - No campaign.info) phpconvey.com - UK (by eukhost.com) Yes 2 15/01/2013 Job offer No - - - - No - No No hotmail.com hotmail.com N/A Yes 1. Performs File Modification and Destruction. The executable modifies and destructs files which are not temporary. 2. Changes security settings of Internet Explorer. This system alteration could seriously affect safety surfing the World Wide Web. bartstals.be - Belgium bartstals.be - Netherlands (by instep.be) Direct 3. Performs Registry Activities. The executable creates and/or gdoehling.de (via gdoehling.de - Germany gdoehling.de - Germany (by strato.de) 3 23/01/2013 Deposit Bank Yes No Yes - Basic rogercbryan.com modifies registry entries. No - Yes No direct.nacha.org bartstals.be) rogercbryan.com - USA rogercbryan.com - USA (by softlayer.com) Yes Criminal No (ISP background 180.248.23.146 - Yes tpg.com.au listed 4 23/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 180.248.23.146 (no Whois record) - 180.248.23.146 - Indonesia (by telkom.net.id) as recipient) nadaorganics.com - USA (by GoDaddy.com) lifeflowki.com - No DNS record 1. Watches MSN Messenger (msmsgs.exe) cswineimports.com - Yes nadaorganics.com - Australia (lifeflowki.com) cswineimports.com - USA (by lunarpages.com) Direct cswineimports.com (via (Network Solutions Private cswineimports.com - Unknown maxime-tortelier.com - Germany (by 5 24/01/2013 Deposit Bank Yes No Yes - Basic maxime-tortelier.com 2. Watches the Windows login (winlogon.exe) No - Yes No direct.nacha.org nadaorganics.com) Registration) maxime-tortelier.com - France oneandone.net) Yes Fake No (yahoo.com emergency 187.151.36.39 - Yes listed as 6 24/01/2013 warning Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 187.151.36.39 (no Whois record) - 187.151.36.39 - Mexico (by UNINET.NET.MX) recipient) ties.itu.int (International Telecommunication Union) - Switzerland aroni.com.tr - Turkey (by gridtelekom.com / bn.by - Belarus (ties.itu.int) grid.com.tr) Viagra / aroni.com.tr - Turkey (veriturk.com) marijuanarxmedicine.com - UK (by 7 26/01/2013 Stamina Yes No No aroni.com.tr 1. Redirects to marijuanarxmedicine.com No - Yes No None mail.bn.by (via mail.bn) marijuanarxmedicine.com - Russia (cheapbox.ru) as29550.net) Yes Criminal No (ISP background 41.135.96.182 - Yes (no Whois 41.135.96.182 - South Africa (by mweb.com, tpg.com.au listed 8 27/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 41.135.96.182 record) - via mweb.co.za, optinet.net) as recipient) TOTAL 7/8 0 6/7 0 7/8 0 5/8 January SPAM emails were analysed on 14/02/2013, therefore some links were no longer active (eg. Amazon Web Services)

Recommended

Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013Brent Muir
 
On Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownOn Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownEC-Council
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founderKhalid Shaikh
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 

Recommended

Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013Brent Muir
 
On Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownOn Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownEC-Council
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founderKhalid Shaikh
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 
How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on InternetMuhammadArif823
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawBennet Kelley
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 
Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinCTIN
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

More Related Content

What's hot

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawBennet Kelley
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 

What's hot (10)

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself Online
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet Law
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
 

Viewers also liked

Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinCTIN
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 

Viewers also liked (11)

Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs Ctin
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

Malware SPAM - January 2013

  • 1. MALWARE SPAM – JANUARY 2013 Type - Sent from Sent from Contains my Type - Criminal malformed compromised email Total # Type - Type - Green Type - Type - Background Type - Malicious Malicious Attachment Attachment Attachment email known address in Received Viagra Job Card Banking LinkedIn Check Other Link Attachment Type - .ZIP Type - .DOC Type - . PDF header contact "TO" field 8^ 1 1 1 2 0 2 1 7 0 - - - 7 0 5 * Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. ^ January 2013 is not a complete month due to the automatic deletion rules of my account
  • 2. JANUARY 2013 - DETAILS Sent from Sent from Contains my email Malicious Link Malicious Attachment malformed compromised address in "TO" Date Type Link Shortener Link Masking Link Host Link Risks Attachment Type email header known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) field fineoffr.com - Unknown (do4u.co.il, a.gtld- fineoffr.com - Yes servers.net) USA Green phpconvey.com, fineoffr.com (WhoisGuard) phpconvey.com - Israel (do4u.co.il, digital- fineoffr.com - UK 1 14/01/2013 Card Yes No Yes - Basic phpconvey.com No - Yes No canforward.com (via mail.visimail.org ) phpconvey.com - No campaign.info) phpconvey.com - UK (by eukhost.com) Yes 2 15/01/2013 Job offer No - - - - No - No No hotmail.com hotmail.com N/A Yes 1. Performs File Modification and Destruction. The executable modifies and destructs files which are not temporary. 2. Changes security settings of Internet Explorer. This system alteration could seriously affect safety surfing the World Wide Web. bartstals.be - Belgium bartstals.be - Netherlands (by instep.be) Direct 3. Performs Registry Activities. The executable creates and/or gdoehling.de (via gdoehling.de - Germany gdoehling.de - Germany (by strato.de) 3 23/01/2013 Deposit Bank Yes No Yes - Basic rogercbryan.com modifies registry entries. No - Yes No direct.nacha.org bartstals.be) rogercbryan.com - USA rogercbryan.com - USA (by softlayer.com) Yes Criminal No (ISP background 180.248.23.146 - Yes tpg.com.au listed 4 23/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 180.248.23.146 (no Whois record) - 180.248.23.146 - Indonesia (by telkom.net.id) as recipient) nadaorganics.com - USA (by GoDaddy.com) lifeflowki.com - No DNS record 1. Watches MSN Messenger (msmsgs.exe) cswineimports.com - Yes nadaorganics.com - Australia (lifeflowki.com) cswineimports.com - USA (by lunarpages.com) Direct cswineimports.com (via (Network Solutions Private cswineimports.com - Unknown maxime-tortelier.com - Germany (by 5 24/01/2013 Deposit Bank Yes No Yes - Basic maxime-tortelier.com 2. Watches the Windows login (winlogon.exe) No - Yes No direct.nacha.org nadaorganics.com) Registration) maxime-tortelier.com - France oneandone.net) Yes Fake No (yahoo.com emergency 187.151.36.39 - Yes listed as 6 24/01/2013 warning Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 187.151.36.39 (no Whois record) - 187.151.36.39 - Mexico (by UNINET.NET.MX) recipient) ties.itu.int (International Telecommunication Union) - Switzerland aroni.com.tr - Turkey (by gridtelekom.com / bn.by - Belarus (ties.itu.int) grid.com.tr) Viagra / aroni.com.tr - Turkey (veriturk.com) marijuanarxmedicine.com - UK (by 7 26/01/2013 Stamina Yes No No aroni.com.tr 1. Redirects to marijuanarxmedicine.com No - Yes No None mail.bn.by (via mail.bn) marijuanarxmedicine.com - Russia (cheapbox.ru) as29550.net) Yes Criminal No (ISP background 41.135.96.182 - Yes (no Whois 41.135.96.182 - South Africa (by mweb.com, tpg.com.au listed 8 27/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 41.135.96.182 record) - via mweb.co.za, optinet.net) as recipient) TOTAL 7/8 0 6/7 0 7/8 0 5/8 January SPAM emails were analysed on 14/02/2013, therefore some links were no longer active (eg. Amazon Web Services)