antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
|  Information of your Transactions /Phishing+Malware attack
Dear Credit Card Holder:
The last transaction report on your credit card shows a number of transactions that have questionable background. That gives us reasons to believe that your credit card details have been stolen, and your card has been abused for making unauthorized payments. Enclosed is the listing of transactions made with your credit card between 13.06.2009 and 15.06.2009. Please look through the enclosed document carefully and pay special attention to the last three of the listed transactions they are the ones that we suspect to be fraudulent.
Please find time to review the enclosed account statement and confirm the transactions you have authorized in person. This would help us both to have this issue resolved as quickly as possible.
The Word-formatted copy of your transaction list: »scananida.---.--/report_8977.exe
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/
| |
|
 |
kevyip1
join:2003-03-25
1 edit | Anyone know what report_8977.exe does exactly? Is it a keylogger, trojan, etc.? My avast and adware can't find anything in it.
I heard about this type of email last year but couldn't find anywhere that says what the badware does. | |
|
 | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | Re: Information of your Transactions /Phishing+Malware attack said by kevyip1  :Anyone know what report_8977.exe does exactly? Is it a keylogger, trojan, etc.? My avast and adware can't find anything in it. I heard about this type of email last year but couldn't find anywhere that says what the badware does. See: Virustotal's 06/17/09 analysis of the report-8977.exe file: »www.virustotal.com/analisis/8e6c···45259327
Threat Expert's analysis which includes:
quote:
...Threat characteristics of ZBot - a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.
and assigns the following categories:
• A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)
• A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
• A malicious backdoor trojan that runs in the background and allows remote access to the compromised system
See: »www.threatexpert.com/report.aspx···7cf26e36
MGD | |
|
| | kevyip1
join:2003-03-25
| Re: Information of your Transactions /Phishing+Malware attack Norton AV at Yahoo mail didn't find anything in report-8977.exe. Screenshot: »img87.imageshack.us/img87/8579/y···il01.jpg
As I said, avast also didn't find anything.
Is it really a malware or not? | |
|
| | | 
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| Re: Information of your Transactions /Phishing+Malware attack how many word formatted attachments are also executable files?
--
Team JON. | |
|
| | | | kevyip1
join:2003-03-25
| Re: Information of your Transactions /Phishing+Malware attack said by avd706 :how many word formatted attachments are also executable files? I know what Word files look like. That was not the question I asked. I asked why NAV at YM didn't detect anything. | |
|
| | | | |
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
1 edit | Re: Information of your Transactions /Phishing+Malware attack said by kevyip1 :Is it really a malware or not? ... I asked why NAV at YM didn't detect anything. To answer your second question: because AV software sucks and is a waste of system resources.
--
Team JON. | |
|
| | | | | | kevyip1
join:2003-03-25
| Re: Information of your Transactions /Phishing+Malware attack said by avd706 :said by kevyip1 :Is it really a malware or not? ... I asked why NAV at YM didn't detect anything. To answer your second question: because AV software sucks and is a waste of system resources. But the virustotal report mentioned upthread says Symantec should detect it as Infostealer.Bancos.C . | |
|
| | | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| According to the Virus Total report:
Avast was not one of the 6 AVs that detected it. While it did list Symantec detection version 1.4.4.12 as flagging it, I am not sure if that is the current definition that Yahoo is using.
Based on the distributed submits many AV's will update definitions to include this detection
From time to time there are discrepancies between VT's list of detections and the real world version results. In that AVs that are not listed as catching a virus, in fact are.
MGD | |
|
| | | | kevyip1
join:2003-03-25
| Re: Information of your Transactions /Phishing+Malware attack FWIW, my avast just got the 6/17 definition and it still didn't detect anything.
Could bogus viruses be sent out? If the intent was to waste our time figuring it out, sending us bogus viruses would be one way to do it.
I've received harmless .exe files before in which months later my virus scanners still couldn't detect anything. | |
|
| | | | | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Re: Information of your Transactions /Phishing+Malware attack It is possible, that ypur copy of the virus was detected during email processing. Upload your copy of the file to Virus Total for analysis: »www.virustotal.com/ request a fresh analysis if they show a previous submit. That way you can see if the the total detections has increased from the original 6.
It will also confirm whether you have a live or neutered copy of the virus.
MGD | |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
| Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
| |
|
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| Re: Information of your Transactions /Phishing+Malware attack said by Doctor Four :Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions. In my opinion,Their are a lot of naive internet users out there that would install this malware and or give up their credit card numbers by reading a email that utilizes Social Engineering.
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/
| |
|
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| said by Doctor Four :Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions. They stop my card and send me an email to call them. I hate that.
--
Team JON. | |
|
| |
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| Re: Information of your Transactions /Phishing+Malware attackThis is new from AmEx
I just have a problem of them sending details over email, which I consider insecure. I would prefer they ask me to login to their online services webpage and then give me a notification.
--
Team JON. | |
|
| | | garys_2k
join:2004-05-07
Farmington, MI
 ·Future Nine Corpor..
·Vonage
| Re: Information of your Transactions /Phishing+Malware attack Asking people to sign into a "secure" web page is, IMHO, asking for trouble. Too easy to send a phish email that looks like that and includes a "helpful" link to their spoof site.
I guess that, to me, sending the last few digits of the CC number is better than sending a likely bad web link. At least the CC number gives legitimacy as to who sent it. | |
|
|
Virus123
@xo.net | Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve. | |
|
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| Re: Information of your Transactions /Phishing+Malware attack said by Virus123 :
Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.
You need to educate that users about clicking on links or attachments in spam (junk email) from users that they don't know or have any relations to.
This is the only way to stop the ongoing problem of users computers being infected and then turned into zombie machines or in this case , used in a phishing attempt.
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/
| |
|
| |
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| Re: Information of your Transactions /Phishing+Malware attack said by antiphishing :said by Virus123 :
Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.
You need to educate that users about clicking on links or attachments in spam (junk email) from users that they don't know or have any relations to. This is the only way to stop the ongoing problem of users computers being infected and then turned into zombie machines or in this case , used in a phishing attempt. The problem is that the users have a (false) reason to believe that this email is from a reputable source.
--
Team JON. | |
|
| | | 
DC DSL
Stays crunchy even in milk
Premium
join:2000-07-30
Washington, DC
 ·Covad Communications
·Verizon Online DSL
| Re: Information of your Transactions /Phishing+Malware attack said by avd706 :The problem is that the users have a (false) reason to believe that this email is from a reputable source.
Maybe if there weren't so many people who don't know how to read or write there'd be less gullibility. Pathetic spelling and grammar are always dead giveaways that a message is suspect.
--
There is no giant fur-bearing trout. | |
|
| | | |
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| Re: Information of your Transactions /Phishing+Malware attack said by DC DSL :said by avd706 :The problem is that the users have a (false) reason to believe that this email is from a reputable source. Maybe if there weren't so many people who don't know how to read or write there'd be less gullibility. Pathetic spelling and grammar are always dead giveaways that a message is suspect. A lot of naive internet users will miss those clues like bad spelling or poor grammar because they panic out of fear (bias) first rather then realize the obvious things which should trigger the right response, not react on impulse which then makes
them fall for the bait. (social engineering 101)
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»www.phishtank.com
»www.fraudwatchers.org
| |
|
| | |
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| said by avd706 :said by antiphishing :said by Virus123 :
Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.
You need to educate that users about clicking on links or attachments in spam (junk email) from users that they don't know or have any relations to. This is the only way to stop the ongoing problem of users computers being infected and then turned into zombie machines or in this case , used in a phishing attempt. The problem is that the users have a (false) reason to believe that this email is from a reputable source. But most reputable sources, like banks will suspend your account so that you have to call them.
Naive Internet users have to realize that a reputable company will NOT contact you about a problem, and they certainly will not do it in a insecure by sending you a email with a attachment . This is where educating naive computer users has to apply.
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»www.phishtank.com
»www.fraudwatchers.org
| |
|
|
|
|
