DSPy a system for AI to Write Prompts and Do Fine Tuning
Malware SPAM - March 2013
1. MALWARE SPAM – MARCH 2013
•Malicious SPAM is defined by me as any unsolicited email that
contains a potential information security risk. This does not include
the usual marketing newsletter emails. Only those for which there is
not a prior affiliation and that make it into my mail box.
Total #
Received
Type -
Viagra
Type -
Job
Type -
Green Card
Type -
Banking
Type -
LinkedIn
Type - Criminal
Background
Check
Type -
Other
Malicious
Link
Malicious
Attachment
Attachment
Type - .ZIP
Attachment
Type - .DOC
Attachment Type
- . PDF
Sent from
malformed email
header
Sent from
compromise
d known
contact
Contains my
email address in
"TO" field
Mar-13 10 0 0 0 0 0 1 9 10 0 - - - 7 0 2
2. MARCH 2013 – DETAILS – PAGE 1
Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks
Malicious
Attachment Attachment Type
Sent from malformed
email header
Sent from compromised
known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field
1 1/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 41.142.76.222 41.142.76.222Yes (no Whois record)
41.142.76.222- Unknown, registered to block
MAROC TELECOM (ISP) menara.ma
41.142.76.222- Morocco (MAROC
TELECOM -ISP, menara.ma ) No (starhub.net.sg listed as receipient)
2 2/03/2013 penial enlargements? Yes No No ydxa.org No Yes No yahoo.com 91.210.101.79
91.210.101.79- Yes (no Whois record)
ydxa.org - Yes (DomainsByProxy.com)
91.210.101.79- Unknown, registered to block
for UA-NETWORKING LTD
(ISP) uanetworking.com (net-art.cz ?)
ydxa.org - Unknown
91.210.101.79- UK (via
uanetworking.com)
ydxa.org - US (via bluehost.com) No (no recipients listed)
3 2/03/2013 Crime warning Yes No Yes - basic amazonaws.com No Yes No yahoo.com 62.244.130.100
62.244.130.100- Yes (no Whois record)
62.244.130.100- Unknown, registered to block
Netia Telekom S.A (ISP)
62.244.130.100- Poland (via Netia
Telekom S.A. netia.pl)
No (yahoo.co.in listed as recipient)
4 7/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 81.24.208.123 81.24.208.123- Yes (no Whois record)
81.24.208.123- Unknown, registered to block
for NKTV Ltd (ISP) 81.24.208.123- Ukraine (via nktv.mk.ua) No (yahoo.com listed as recipient)
5 10/03/2013Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 93.147.117.200
93.147.117.200- No, but Whois record
points to ISP record (teletu.it)
93.147.117.200- registered to block for ISP
teletu.it, Vodafone Omnitel N.V., Alicom s.r.l.,
http://www.tol.it, omnitel.it 93.147.117.200- Italy (via vodafone.it) No (yahoo.com listed as recipient)
6 15/03/2013Friend request? Yes No No funniest-pictures.com No Yes No hotmail.com 184.168.152.26
184.168.152.26- No
funniest-pictures.com - Yes (DYNADOT
Privacy)
184.168.152.26- SECURESERVER.NET
funniest-pictures.com - Unknown, registered to
block DYNADOT, LLC (ISP)
184.168.152.26- US (via
SECURESERVER.NET
& Go Daddy)
funniest-pictures.com - US (via
DYNADOT, LLC) Yes (amongst many others)
3. MARCH 2013 – DETAILS – PAGE 2
Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type
Sent from malformed
email header
Sent from compromised
known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field
7 21/03/2013Weight loss? Yes No Yes - basic amazonaws.com No No No yahoo.com yahoo.com No (tpg.com.au listed as recipient)
8 22/03/2013Weight loss? Yes No Yes - basic amazonaws.com
Performs File Modification and Destruction: The
executable modifies and destructs files which are not
temporary.
Changes security settings of Internet Explorer: This system
alteration could seriously affect safety surfing the World
Wide Web.
Performs Registry Activities: The executable creates
and/or modifies registry entries. No No No yahoo.com yahoo.com
9 23/03/2013Friend request? Yes No No evomerchantservices.org No No No yahoo.com yahoo.com
evomerchantservices.org - No
evomerchantservices.org - J and S Productions
LLC (jstmerchantservices.com)
evomerchantservices.org - US (via
Global Net Access, LLC
gnax.net) No (no recipients listed)
10 24/03/2013Unknown Yes No No
Performs File Modification and Destruction: The
executable modifies and destructs files which are not
temporary.
Changes security settings of Internet Explorer: This system
alteration could seriously affect safety surfing the World
Wide Web.
Performs Registry Activities: The executable creates
and/or modifies registry entries. No Yes No yahoo.com 83.26.142.16
83.26.142.16- Yes (no Whois record)
sv-schaephuysen.de -
83.26.142.16- registered to block tpnet.pl (ISP)
TELEKOMUNIKACJA POLSKA S.A. , az.pl
sv-schaephuysen.de - STRATO AG
83.26.142.16- Poland (via
TELEKOMUNIKACJA POLSKA S.A.)
sv-schaephuysen.de - Germany (via
STRATO AG, strato.de Yes (amongst many others)