Information of your Transactions /Phishing+Malware attack in Spam, Scam and Phishbusters

Re: Information of your Transactions /Phishing+Malware attack

Mon, 29 Jun 2009 11:11:52 EDT

garys_2k : Asking people to sign into a "secure" web page is, IMHO, asking for trouble. Too easy to send a phish email that looks like that and includes a "helpful" link to their spoof site.

I guess that, to me, sending the last few digits of the CC number is better than sending a likely bad web link. At least the CC number gives legitimacy as to who sent it.

Re: Information of your Transactions /Phishing+Malware attack

Mon, 29 Jun 2009 08:19:51 EDT

avd706 : This is new from AmEx

Account Servicing: Notification             Unusual Charge Activity     Your Account Number Ending: -x1xxx            Dear Axxxxxxxxxxxx, At American Express, the security of your account is of the utmost importance.  In an effort to protect and serve our Cardmembers, we consistently monitor accounts for possible fraudulent activity.  Occasionally, we find it necessary to contact our customers to verify certain charges.      06/26/09  $342  Nextel Communications    In order to verify that these charges are legitimate, we ask that you please have your American ExpressÒ Card available and call the American Express Account Security Group as soon as possible at 1-800-824-9289.  Representatives are available 24 hours per day, 7 days a week to assist you. You may also call the number on the back of your card and when prompted by our system, please enter your 15 digit American Express Card number.  This will automatically transfer you to our Account Security Group. Please note that some transactions at gas stations, hotels and car rental merchants are pre-authorized at the time a reservation is made, and the amount shown above may not reflect the exact amount of your final transaction. If we have already reached you, please disregard this letter. Thank you for using your American Express Card.    Sincerely,American Express P.S.  To learn how to protect yourself on the internet and for information about Identity Theft, Phishing and Internet Security, please visit our Fraud Protection Center at www.americanexpress.com/fraudprotection.     Privacy Statement                 Contact Customer Service                  Add Us to Your Address Book

I just have a problem of them sending details over email, which I consider insecure. I would prefer they ask me to login to their online services webpage and then give me a notification.

--
Team JON.

Re: Information of your Transactions /Phishing+Malware attack

Thu, 18 Jun 2009 15:01:00 EDT

antiphishing :

said by DC DSL :

said by avd706 :

The problem is that the users have a (false) reason to believe that this email is from a reputable source.

Maybe if there weren't so many people who don't know how to read or write there'd be less gullibility. Pathetic spelling and grammar are always dead giveaways that a message is suspect.

A lot of naive internet users will miss those clues like bad spelling or poor grammar because they panic out of fear (bias) first rather then realize the obvious things which should trigger the right response, not react on impulse which then makes
them fall for the bait. (social engineering 101)
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»www.phishtank.com
»www.fraudwatchers.org

Re: Information of your Transactions /Phishing+Malware attack

Thu, 18 Jun 2009 14:45:45 EDT

antiphishing :

said by avd706 :

said by antiphishing :

said by Virus123 :

Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.

The problem is that the users have a (false) reason to believe that this email is from a reputable source.

But most reputable sources, like banks will suspend your account so that you have to call them.

Naive Internet users have to realize that a reputable company will NOT contact you about a problem, and they certainly will not do it in a insecure by sending you a email with a attachment . This is where educating naive computer users has to apply.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»www.phishtank.com
»www.fraudwatchers.org

Re: Information of your Transactions /Phishing+Malware attack

Thu, 18 Jun 2009 14:37:39 EDT

DC DSL :

said by avd706 :

The problem is that the users have a (false) reason to believe that this email is from a reputable source.

Maybe if there weren't so many people who don't know how to read or write there'd be less gullibility. Pathetic spelling and grammar are always dead giveaways that a message is suspect.
--
There is no giant fur-bearing trout.

Re: Information of your Transactions /Phishing+Malware attack

Thu, 18 Jun 2009 14:33:50 EDT

avd706 :

said by antiphishing :

said by Virus123 :

Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.

The problem is that the users have a (false) reason to believe that this email is from a reputable source.
--
Team JON.

Re: Information of your Transactions /Phishing+Malware attack

Thu, 18 Jun 2009 13:39:44 EDT

antiphishing :

said by Virus123 :

Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.

You need to educate that users about clicking on links or attachments in spam (junk email) from users that they don't know or have any relations to.

This is the only way to stop the ongoing problem of users computers being infected and then turned into zombie machines or in this case , used in a phishing attempt.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 16:50:48 EDT
MGD : It is possible, that ypur copy of the virus was detected during email processing. Upload your copy of the file to Virus Total for analysis: »www.virustotal.com/ request a fresh analysis if they show a previous submit. That way you can see if the the total detections has increased from the original 6.

It will also confirm whether you have a live or neutered copy of the virus.

MGD

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 16:19:53 EDT
kevyip1 : FWIW, my avast just got the 6/17 definition and it still didn't detect anything.

Could bogus viruses be sent out? If the intent was to waste our time figuring it out, sending us bogus viruses would be one way to do it.

I've received harmless .exe files before in which months later my virus scanners still couldn't detect anything.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 15:44:25 EDT
MGD :
said by kevyip1 :

Norton AV at Yahoo mail didn't find anything in report-8977.exe. Screenshot: »img87.imageshack.us/img87/8579/y···il01.jpg

As I said, avast also didn't find anything.

Is it really a malware or not?

According to the Virus Total report:

[att=1]

Avast was not one of the 6 AVs that detected it. While it did list Symantec detection version 1.4.4.12 as flagging it, I am not sure if that is the current definition that Yahoo is using.

Based on the distributed submits many AV's will update definitions to include this detection

From time to time there are discrepancies between VT's list of detections and the real world version results. In that AVs that are not listed as catching a virus, in fact are.

MGD

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 15:25:33 EDT
kevyip1 :
said by avd706 :

said by kevyip1 :

Is it really a malware or not?

...

I asked why NAV at YM didn't detect anything.

To answer your second question: because AV software sucks and is a waste of system resources.

But the virustotal report mentioned upthread says Symantec should detect it as Infostealer.Bancos.C .

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 15:14:08 EDT
avd706 :
said by kevyip1 :

Is it really a malware or not?

...

I asked why NAV at YM didn't detect anything.

To answer your second question: because AV software sucks and is a waste of system resources.

--
Team JON.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 15:10:16 EDT
kevyip1 :
said by avd706 :

said by kevyip1 :

Norton AV at Yahoo mail didn't find anything in report-8977.exe. Screenshot: »img87.imageshack.us/img87/8579/y···il01.jpg

As I said, avast also didn't find anything.

Is it really a malware or not?

how many word formatted attachments are also executable files?

I know what Word files look like. That was not the question I asked. I asked why NAV at YM didn't detect anything.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 14:58:32 EDT
anon : Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 14:55:11 EDT
avd706 :
said by kevyip1 :

Norton AV at Yahoo mail didn't find anything in report-8977.exe. Screenshot: »img87.imageshack.us/img87/8579/y···il01.jpg

As I said, avast also didn't find anything.

Is it really a malware or not?

how many word formatted attachments are also executable files?
--
Team JON.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 14:54:18 EDT
avd706 :
said by Doctor Four :

Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions.

They stop my card and send me an email to call them. I hate that.
--
Team JON.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 14:41:40 EDT
kevyip1 : Norton AV at Yahoo mail didn't find anything in report-8977.exe. Screenshot: »img87.imageshack.us/img87/8579/y···il01.jpg

As I said, avast also didn't find anything.

Is it really a malware or not?

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 14:23:02 EDT
antiphishing :
said by Doctor Four :

Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions.

In my opinion,Their are a lot of naive internet users out there that would install this malware and or give up their credit card numbers by reading a email that utilizes Social Engineering.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 13:58:35 EDT
DC DSL : FYI, the header from the one I got is:

Return-Path: <checkmatevzzu@seesen.de>Received: from (my mail server) [my.mail.server.ip] by (my mail gateway) with SMTP; Wed, 17 Jun 2009 09:29:02 -0500Received: from 218.209.185.248 [218.209.185.248] by (my mail gateway) with SMTP; Wed, 17 Jun 2009 09:13:58 -0500Date: Wed, 17 Jun 2009 23:13:32 +0900From: "Mara Stark" <checkmatevzzu@seesen.de>Subject: Information of your TransactionsTo: <a little-used address@my domain>Message-ID: <000d01c9ef55$cbdce5c0$6400a8c0@checkmatevzzu>MIME-Version: 1.0X-MIMEOLE: Produced By Microsoft MimeOLE V6.0.6001.18049X-Mailer: Microsoft Windows Mail 6.0.6001.18000Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=originalContent-transfer-encoding: 7bitX-Priority: 3X-MSMail-priority: NormalX-SmarterMail-Spam: SPF_None, DK_NoneX-SmarterMail-TotalSpamWeight: 0
--
There is no giant fur-bearing trout.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 13:52:44 EDT
Doctor Four : Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 13:36:05 EDT
MGD :
said by kevyip1 :

Anyone know what report_8977.exe does exactly? Is it a keylogger, trojan, etc.? My avast and adware can't find anything in it.

I heard about this type of email last year but couldn't find anywhere that says what the badware does.

See: Virustotal's 06/17/09 analysis of the report-8977.exe file: »www.virustotal.com/analisis/8e6c···45259327

Threat Expert's analysis which includes:

quote:
...Threat characteristics of ZBot - a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.

and assigns the following categories:

• A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)

• A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

• A malicious backdoor trojan that runs in the background and allows remote access to the compromised system

See: »www.threatexpert.com/report.aspx···7cf26e36

MGD

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 13:26:35 EDT
kevyip1 : Anyone know what report_8977.exe does exactly? Is it a keylogger, trojan, etc.? My avast and adware can't find anything in it.

I heard about this type of email last year but couldn't find anywhere that says what the badware does.

Re: Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 13:08:14 EDT
Doctor Olds : LOL, they never give up. Hopefully one day, it will be true that crime doesn't pay, but it currently pays well enough that too many people are not deterred enough by the current system to look for gainful legitimate employment instead. :[
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Information of your Transactions /Phishing+Malware attack

Wed, 17 Jun 2009 12:55:25 EDT
antiphishing : Good evening
Dear Credit Card Holder:

The last transaction report on your credit card shows a number of transactions that have questionable background. That gives us reasons to believe that your credit card details have been stolen, and your card has been abused for making unauthorized payments. Enclosed is the listing of transactions made with your credit card between 13.06.2009 and 15.06.2009. Please look through the enclosed document carefully and pay special attention to the last three of the listed transactions they are the ones that we suspect to be fraudulent.

Please find time to review the enclosed account statement and confirm the transactions you have authorized in person. This would help us both to have this issue resolved as quickly as possible.

The Word-formatted copy of your transaction list: »scananida.---.--/report_8977.exe
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/