1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Very sneaky new phishing mail

Discussion in 'Computer Security' started by zebulebu, Oct 12, 2009.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Anyone else had the following drop into their spam traps today? We had one user who actually got the mail through (I think before the pattern files were picking it up)

    Attention!

    On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure. This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

    (Link to dirty bit of malware inserted into message here)

    Thank you in advance for your attention to this matter and sorry for possible inconveniences.

    System Administrator

    E-mail: administrator@(yourdomainhere)


    Verrrrry sneaky, that - apart from the tell-tale Russglish grammar, it looks for all the world to a regular lUser as thought that is a legitimate mail sent advising of a system upgrade from within the company.

    I can see this causing problems for people not patched up properly against whatever vulnerability the malicious code exploits...
     
    Certifications: A few
    WIP: None - f*** 'em
  2. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Thanks for the heads up Zeb, but this is the first time I see it....
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  3. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    Can you send me the link so that I can update my SSI certificate?

    :rolleyes:
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  4. VantageIsle

    VantageIsle Kilobyte Poster

    446
    8
    49
    Thanks for the heads up.

    We have had quite a large amount of Spam/Phishing emails through today, quite a few users reported them.

    Two users clicked on a link in these emails (even though it was marked as potential spam in the subject) and filled in their details :rolleyes: they were hooked by the potential rebate they thought they were going to recieve from the inland revenue!

    The emails originate from China, the domain has been blocked but one of the users who filled in his details is now getting bombarded with spam.


    I doesn't matter how many education emails we send out to the users, some will still click them.
     
    Certifications: A+, ITIL V3, MCSA, MCITP:EST, CCENT, 70-432-SQL, 70-401 SCCM
    WIP: MCSA upgrade MCITP:SA then EA
  5. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Looks like the security companies are picking up on it - noticed it's starting to get blocked by my Trend gateways, and just found this on the Sophos blog
     
    Certifications: A few
    WIP: None - f*** 'em
  6. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Actually, the scam above uses Russian name servers, with a domain registered in Malaysia.

    Personally, I don't bother sending mails round to my lUsers any more. I think it only serves to legitimise the fake-virus type hoax mails that do the rounds seemingly every month or so
     
    Certifications: A few
    WIP: None - f*** 'em
  7. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    The only e-mails I broadcast to my users were to notify them:

    1. warn them of impending downtime of services
    2. warning them that we will NEVER e-mail them asking them to click a link or install a patch or visit a Web site
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  8. VantageIsle

    VantageIsle Kilobyte Poster

    446
    8
    49
    Food for thought there, the emails we send out have the company Logo and formatting but it's obvious only handful of users read them.

    PS, the header of that Inland Revenue spam originated from a .cn address, I'll post it (and check it again) tomorrow. perhaps I missed something.
     
    Certifications: A+, ITIL V3, MCSA, MCITP:EST, CCENT, 70-432-SQL, 70-401 SCCM
    WIP: MCSA upgrade MCITP:SA then EA
  9. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    Typical malicious emails, after a while you just learn to ignore anything that has a link telling you to run this or visit that.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  10. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    There one going around that pupports to be from Microsoft claiming that an important secirty update is require click on the link which looks like a proper microsoft link but really it is phising scam.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  11. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Still, logos and formatting can be easily spoofed.

    True, warnings only go so far. I'm not surprised that 71% of users would give up their password for a chocolate bar.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  12. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    LOLOLOLOL! For the 71%, they should have a snickers bar thrown at their thick skulls.

    [​IMG]
     

Share This Page

Loading...