SlideShare a Scribd company logo

Malware SPAM - March 2013

Brent Muir
Brent Muir

Statistical analysis of malicious emails received March 2013

Technology
1 of 3
Download to read offline
MALWARE SPAM – MARCH 2013 •Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. Total # Received Type - Viagra Type - Job Type - Green Card Type - Banking Type - LinkedIn Type - Criminal Background Check Type - Other Malicious Link Malicious Attachment Attachment Type - .ZIP Attachment Type - .DOC Attachment Type - . PDF Sent from malformed email header Sent from compromise d known contact Contains my email address in "TO" field Mar-13 10 0 0 0 0 0 1 9 10 0 - - - 7 0 2
MARCH 2013 – DETAILS – PAGE 1 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 1 1/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 41.142.76.222 41.142.76.222Yes (no Whois record) 41.142.76.222- Unknown, registered to block MAROC TELECOM (ISP) menara.ma 41.142.76.222- Morocco (MAROC TELECOM -ISP, menara.ma ) No (starhub.net.sg listed as receipient) 2 2/03/2013 penial enlargements? Yes No No ydxa.org No Yes No yahoo.com 91.210.101.79 91.210.101.79- Yes (no Whois record) ydxa.org - Yes (DomainsByProxy.com) 91.210.101.79- Unknown, registered to block for UA-NETWORKING LTD (ISP) uanetworking.com (net-art.cz ?) ydxa.org - Unknown 91.210.101.79- UK (via uanetworking.com) ydxa.org - US (via bluehost.com) No (no recipients listed) 3 2/03/2013 Crime warning Yes No Yes - basic amazonaws.com No Yes No yahoo.com 62.244.130.100 62.244.130.100- Yes (no Whois record) 62.244.130.100- Unknown, registered to block Netia Telekom S.A (ISP) 62.244.130.100- Poland (via Netia Telekom S.A. netia.pl) No (yahoo.co.in listed as recipient) 4 7/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 81.24.208.123 81.24.208.123- Yes (no Whois record) 81.24.208.123- Unknown, registered to block for NKTV Ltd (ISP) 81.24.208.123- Ukraine (via nktv.mk.ua) No (yahoo.com listed as recipient) 5 10/03/2013Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 93.147.117.200 93.147.117.200- No, but Whois record points to ISP record (teletu.it) 93.147.117.200- registered to block for ISP teletu.it, Vodafone Omnitel N.V., Alicom s.r.l., http://www.tol.it, omnitel.it 93.147.117.200- Italy (via vodafone.it) No (yahoo.com listed as recipient) 6 15/03/2013Friend request? Yes No No funniest-pictures.com No Yes No hotmail.com 184.168.152.26 184.168.152.26- No funniest-pictures.com - Yes (DYNADOT Privacy) 184.168.152.26- SECURESERVER.NET funniest-pictures.com - Unknown, registered to block DYNADOT, LLC (ISP) 184.168.152.26- US (via SECURESERVER.NET & Go Daddy) funniest-pictures.com - US (via DYNADOT, LLC) Yes (amongst many others)
MARCH 2013 – DETAILS – PAGE 2 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 7 21/03/2013Weight loss? Yes No Yes - basic amazonaws.com No No No yahoo.com yahoo.com No (tpg.com.au listed as recipient) 8 22/03/2013Weight loss? Yes No Yes - basic amazonaws.com Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No No No yahoo.com yahoo.com 9 23/03/2013Friend request? Yes No No evomerchantservices.org No No No yahoo.com yahoo.com evomerchantservices.org - No evomerchantservices.org - J and S Productions LLC (jstmerchantservices.com) evomerchantservices.org - US (via Global Net Access, LLC gnax.net) No (no recipients listed) 10 24/03/2013Unknown Yes No No Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No Yes No yahoo.com 83.26.142.16 83.26.142.16- Yes (no Whois record) sv-schaephuysen.de - 83.26.142.16- registered to block tpnet.pl (ISP) TELEKOMUNIKACJA POLSKA S.A. , az.pl sv-schaephuysen.de - STRATO AG 83.26.142.16- Poland (via TELEKOMUNIKACJA POLSKA S.A.) sv-schaephuysen.de - Germany (via STRATO AG, strato.de Yes (amongst many others)

Recommended

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013Brent Muir
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 

Recommended

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013Brent Muir
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 
How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on InternetMuhammadArif823
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quizlockyerj
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Brent Muir
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013Brent Muir
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 

More Related Content

What's hot

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quizlockyerj
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 

What's hot (8)

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quiz
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
 

Viewers also liked

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Brent Muir
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013Brent Muir
 

Viewers also liked (9)

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013
 

More from Brent Muir

Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 

More from Brent Muir (6)

Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 

Recently uploaded

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 

Recently uploaded (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 

Malware SPAM - March 2013

  • 1. MALWARE SPAM – MARCH 2013 •Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. Total # Received Type - Viagra Type - Job Type - Green Card Type - Banking Type - LinkedIn Type - Criminal Background Check Type - Other Malicious Link Malicious Attachment Attachment Type - .ZIP Attachment Type - .DOC Attachment Type - . PDF Sent from malformed email header Sent from compromise d known contact Contains my email address in "TO" field Mar-13 10 0 0 0 0 0 1 9 10 0 - - - 7 0 2
  • 2. MARCH 2013 – DETAILS – PAGE 1 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 1 1/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 41.142.76.222 41.142.76.222Yes (no Whois record) 41.142.76.222- Unknown, registered to block MAROC TELECOM (ISP) menara.ma 41.142.76.222- Morocco (MAROC TELECOM -ISP, menara.ma ) No (starhub.net.sg listed as receipient) 2 2/03/2013 penial enlargements? Yes No No ydxa.org No Yes No yahoo.com 91.210.101.79 91.210.101.79- Yes (no Whois record) ydxa.org - Yes (DomainsByProxy.com) 91.210.101.79- Unknown, registered to block for UA-NETWORKING LTD (ISP) uanetworking.com (net-art.cz ?) ydxa.org - Unknown 91.210.101.79- UK (via uanetworking.com) ydxa.org - US (via bluehost.com) No (no recipients listed) 3 2/03/2013 Crime warning Yes No Yes - basic amazonaws.com No Yes No yahoo.com 62.244.130.100 62.244.130.100- Yes (no Whois record) 62.244.130.100- Unknown, registered to block Netia Telekom S.A (ISP) 62.244.130.100- Poland (via Netia Telekom S.A. netia.pl) No (yahoo.co.in listed as recipient) 4 7/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 81.24.208.123 81.24.208.123- Yes (no Whois record) 81.24.208.123- Unknown, registered to block for NKTV Ltd (ISP) 81.24.208.123- Ukraine (via nktv.mk.ua) No (yahoo.com listed as recipient) 5 10/03/2013Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 93.147.117.200 93.147.117.200- No, but Whois record points to ISP record (teletu.it) 93.147.117.200- registered to block for ISP teletu.it, Vodafone Omnitel N.V., Alicom s.r.l., http://www.tol.it, omnitel.it 93.147.117.200- Italy (via vodafone.it) No (yahoo.com listed as recipient) 6 15/03/2013Friend request? Yes No No funniest-pictures.com No Yes No hotmail.com 184.168.152.26 184.168.152.26- No funniest-pictures.com - Yes (DYNADOT Privacy) 184.168.152.26- SECURESERVER.NET funniest-pictures.com - Unknown, registered to block DYNADOT, LLC (ISP) 184.168.152.26- US (via SECURESERVER.NET & Go Daddy) funniest-pictures.com - US (via DYNADOT, LLC) Yes (amongst many others)
  • 3. MARCH 2013 – DETAILS – PAGE 2 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 7 21/03/2013Weight loss? Yes No Yes - basic amazonaws.com No No No yahoo.com yahoo.com No (tpg.com.au listed as recipient) 8 22/03/2013Weight loss? Yes No Yes - basic amazonaws.com Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No No No yahoo.com yahoo.com 9 23/03/2013Friend request? Yes No No evomerchantservices.org No No No yahoo.com yahoo.com evomerchantservices.org - No evomerchantservices.org - J and S Productions LLC (jstmerchantservices.com) evomerchantservices.org - US (via Global Net Access, LLC gnax.net) No (no recipients listed) 10 24/03/2013Unknown Yes No No Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No Yes No yahoo.com 83.26.142.16 83.26.142.16- Yes (no Whois record) sv-schaephuysen.de - 83.26.142.16- registered to block tpnet.pl (ISP) TELEKOMUNIKACJA POLSKA S.A. , az.pl sv-schaephuysen.de - STRATO AG 83.26.142.16- Poland (via TELEKOMUNIKACJA POLSKA S.A.) sv-schaephuysen.de - Germany (via STRATO AG, strato.de Yes (amongst many others)