Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

A new (to me) malware spam

August 17th 2011 in Uncategorized

I haven’t seen this particular malware spam before – obviously it is not the real thing :)

Note the @nyc.gov email address.

The message path is interesting – the email *apparently* originated from nyc.gov (167.153.240.51) to be picked up by 115.240.131.132 (obbh.com – India Delhi Rcom-wireless-1x-mumbai).

Interestingly, 167.153.240.51 does, apparently, host nyc.gov as well as nycppf.org – the host resolves as prtl-drprd-web.nyc.gov.

So, are we looking at forged headers or a problem affecting nyc.gov? Note how the dates are screwy – according to the headers the mail was sent from 167.153.240.51 on 3 August but wasn’t passed on by 115.240.131.132 until the 17th of August?

The attachment is definitely bad – when unzipped the contents (a single file) has a PDF icon but is actually an EXE:
http://www.virustotal.com/file-scan/report.html?id=03bb5be0e6d29420526eb47fbed0558a0c72a9f1b6b41d1dadd280eca4a69f1f-1313626987

image

image

image


One comment to...
“A new (to me) malware spam”

thomas

Curious that the nyc.gov website has no means of forwarding this spam to them, alerting them to the problem. Guess they think…It’s not THEIR problem!


Source: http://nakedsecurity.sophos.com/2011/08/03/media-hoax-internet-explorer-users-dumb-research/ “It turned out that many websites (CNN, BBC, NPR, CNET, Forbes, the Daily Mail, Mashable, the Daily Telegraph are just a handful) had been duped in recent days by supposed research from AptiQuant showing that users of Internet Explorer scored lower than average in IQ tests.”

Previous Entry

As always, you can see by hovering your mouse cursor over the “Confirm Friend Request” or “See All Requests” buttons that the URL you would be taken to is NOT a legitimate Facebook URL. Please, don’t be tempted to visit the page – there is every chance the page will contain [...]

Next Entry