Very sneaky new phishing mail

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Anyone else had the following drop into their spam traps today? We had one user who actually got the mail through (I think before the pattern files were picking it up)

Attention!

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure. This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

(Link to dirty bit of malware inserted into message here)

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

E-mail: administrator@(yourdomainhere)

Verrrrry sneaky, that - apart from the tell-tale Russglish grammar, it looks for all the world to a regular lUser as thought that is a legitimate mail sent advising of a system upgrade from within the company.

I can see this causing problems for people not patched up properly against whatever vulnerability the malicious code exploits...

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Thanks for the heads up Zeb, but this is the first time I see it....

 

Can you send me the link so that I can update my SSI certificate?

 

Thanks for the heads up.

We have had quite a large amount of Spam/Phishing emails through today, quite a few users reported them.

Two users clicked on a link in these emails (even though it was marked as potential spam in the subject) and filled in their details they were hooked by the potential rebate they thought they were going to recieve from the inland revenue!

The emails originate from China, the domain has been blocked but one of the users who filled in his details is now getting bombarded with spam.


I doesn't matter how many education emails we send out to the users, some will still click them.

 

Looks like the security companies are picking up on it - noticed it's starting to get blocked by my Trend gateways, and just found this on the Sophos blog

 

Actually, the scam above uses Russian name servers, with a domain registered in Malaysia.

Personally, I don't bother sending mails round to my lUsers any more. I think it only serves to legitimise the fake-virus type hoax mails that do the rounds seemingly every month or so

 

The only e-mails I broadcast to my users were to notify them:

1. warn them of impending downtime of services
2. warning them that we will NEVER e-mail them asking them to click a link or install a patch or visit a Web site

 

Food for thought there, the emails we send out have the company Logo and formatting but it's obvious only handful of users read them.

PS, the header of that Inland Revenue spam originated from a .cn address, I'll post it (and check it again) tomorrow. perhaps I missed something.

 

Typical malicious emails, after a while you just learn to ignore anything that has a link telling you to run this or visit that.

 

There one going around that pupports to be from Microsoft claiming that an important secirty update is require click on the link which looks like a proper microsoft link but really it is phising scam.

 

Still, logos and formatting can be easily spoofed.

True, warnings only go so far. I'm not surprised that 71% of users would give up their password for a chocolate bar.

 

LOLOLOLOL! For the 71%, they should have a snickers bar thrown at their thick skulls.