SlideShare a Scribd company logo

Malware SPAM - January 2013

Brent Muir
Brent Muir

Analysis of malicious SPAM emails received January 2013

Technology
1 of 2
Download to read offline
MALWARE SPAM – JANUARY 2013 Type - Sent from Sent from Contains my Type - Criminal malformed compromised email Total # Type - Type - Green Type - Type - Background Type - Malicious Malicious Attachment Attachment Attachment email known address in Received Viagra Job Card Banking LinkedIn Check Other Link Attachment Type - .ZIP Type - .DOC Type - . PDF header contact "TO" field 8^ 1 1 1 2 0 2 1 7 0 - - - 7 0 5 * Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. ^ January 2013 is not a complete month due to the automatic deletion rules of my account
JANUARY 2013 - DETAILS Sent from Sent from Contains my email Malicious Link Malicious Attachment malformed compromised address in "TO" Date Type Link Shortener Link Masking Link Host Link Risks Attachment Type email header known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) field fineoffr.com - Unknown (do4u.co.il, a.gtld- fineoffr.com - Yes servers.net) USA Green phpconvey.com, fineoffr.com (WhoisGuard) phpconvey.com - Israel (do4u.co.il, digital- fineoffr.com - UK 1 14/01/2013 Card Yes No Yes - Basic phpconvey.com No - Yes No canforward.com (via mail.visimail.org ) phpconvey.com - No campaign.info) phpconvey.com - UK (by eukhost.com) Yes 2 15/01/2013 Job offer No - - - - No - No No hotmail.com hotmail.com N/A Yes 1. Performs File Modification and Destruction. The executable modifies and destructs files which are not temporary. 2. Changes security settings of Internet Explorer. This system alteration could seriously affect safety surfing the World Wide Web. bartstals.be - Belgium bartstals.be - Netherlands (by instep.be) Direct 3. Performs Registry Activities. The executable creates and/or gdoehling.de (via gdoehling.de - Germany gdoehling.de - Germany (by strato.de) 3 23/01/2013 Deposit Bank Yes No Yes - Basic rogercbryan.com modifies registry entries. No - Yes No direct.nacha.org bartstals.be) rogercbryan.com - USA rogercbryan.com - USA (by softlayer.com) Yes Criminal No (ISP background 180.248.23.146 - Yes tpg.com.au listed 4 23/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 180.248.23.146 (no Whois record) - 180.248.23.146 - Indonesia (by telkom.net.id) as recipient) nadaorganics.com - USA (by GoDaddy.com) lifeflowki.com - No DNS record 1. Watches MSN Messenger (msmsgs.exe) cswineimports.com - Yes nadaorganics.com - Australia (lifeflowki.com) cswineimports.com - USA (by lunarpages.com) Direct cswineimports.com (via (Network Solutions Private cswineimports.com - Unknown maxime-tortelier.com - Germany (by 5 24/01/2013 Deposit Bank Yes No Yes - Basic maxime-tortelier.com 2. Watches the Windows login (winlogon.exe) No - Yes No direct.nacha.org nadaorganics.com) Registration) maxime-tortelier.com - France oneandone.net) Yes Fake No (yahoo.com emergency 187.151.36.39 - Yes listed as 6 24/01/2013 warning Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 187.151.36.39 (no Whois record) - 187.151.36.39 - Mexico (by UNINET.NET.MX) recipient) ties.itu.int (International Telecommunication Union) - Switzerland aroni.com.tr - Turkey (by gridtelekom.com / bn.by - Belarus (ties.itu.int) grid.com.tr) Viagra / aroni.com.tr - Turkey (veriturk.com) marijuanarxmedicine.com - UK (by 7 26/01/2013 Stamina Yes No No aroni.com.tr 1. Redirects to marijuanarxmedicine.com No - Yes No None mail.bn.by (via mail.bn) marijuanarxmedicine.com - Russia (cheapbox.ru) as29550.net) Yes Criminal No (ISP background 41.135.96.182 - Yes (no Whois 41.135.96.182 - South Africa (by mweb.com, tpg.com.au listed 8 27/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 41.135.96.182 record) - via mweb.co.za, optinet.net) as recipient) TOTAL 7/8 0 6/7 0 7/8 0 5/8 January SPAM emails were analysed on 14/02/2013, therefore some links were no longer active (eg. Amazon Web Services)

Recommended

Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013Brent Muir
 
On Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownOn Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownEC-Council
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founderKhalid Shaikh
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 

Recommended

Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013Brent Muir
 
On Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownOn Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownEC-Council
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founderKhalid Shaikh
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 
How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on InternetMuhammadArif823
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawBennet Kelley
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 
Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinCTIN
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

More Related Content

What's hot

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawBennet Kelley
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 

What's hot (10)

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself Online
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet Law
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
 

Viewers also liked

Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinCTIN
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 

Viewers also liked (11)

Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs Ctin
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Malware SPAM - January 2013

  • 1. MALWARE SPAM – JANUARY 2013 Type - Sent from Sent from Contains my Type - Criminal malformed compromised email Total # Type - Type - Green Type - Type - Background Type - Malicious Malicious Attachment Attachment Attachment email known address in Received Viagra Job Card Banking LinkedIn Check Other Link Attachment Type - .ZIP Type - .DOC Type - . PDF header contact "TO" field 8^ 1 1 1 2 0 2 1 7 0 - - - 7 0 5 * Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. ^ January 2013 is not a complete month due to the automatic deletion rules of my account
  • 2. JANUARY 2013 - DETAILS Sent from Sent from Contains my email Malicious Link Malicious Attachment malformed compromised address in "TO" Date Type Link Shortener Link Masking Link Host Link Risks Attachment Type email header known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) field fineoffr.com - Unknown (do4u.co.il, a.gtld- fineoffr.com - Yes servers.net) USA Green phpconvey.com, fineoffr.com (WhoisGuard) phpconvey.com - Israel (do4u.co.il, digital- fineoffr.com - UK 1 14/01/2013 Card Yes No Yes - Basic phpconvey.com No - Yes No canforward.com (via mail.visimail.org ) phpconvey.com - No campaign.info) phpconvey.com - UK (by eukhost.com) Yes 2 15/01/2013 Job offer No - - - - No - No No hotmail.com hotmail.com N/A Yes 1. Performs File Modification and Destruction. The executable modifies and destructs files which are not temporary. 2. Changes security settings of Internet Explorer. This system alteration could seriously affect safety surfing the World Wide Web. bartstals.be - Belgium bartstals.be - Netherlands (by instep.be) Direct 3. Performs Registry Activities. The executable creates and/or gdoehling.de (via gdoehling.de - Germany gdoehling.de - Germany (by strato.de) 3 23/01/2013 Deposit Bank Yes No Yes - Basic rogercbryan.com modifies registry entries. No - Yes No direct.nacha.org bartstals.be) rogercbryan.com - USA rogercbryan.com - USA (by softlayer.com) Yes Criminal No (ISP background 180.248.23.146 - Yes tpg.com.au listed 4 23/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 180.248.23.146 (no Whois record) - 180.248.23.146 - Indonesia (by telkom.net.id) as recipient) nadaorganics.com - USA (by GoDaddy.com) lifeflowki.com - No DNS record 1. Watches MSN Messenger (msmsgs.exe) cswineimports.com - Yes nadaorganics.com - Australia (lifeflowki.com) cswineimports.com - USA (by lunarpages.com) Direct cswineimports.com (via (Network Solutions Private cswineimports.com - Unknown maxime-tortelier.com - Germany (by 5 24/01/2013 Deposit Bank Yes No Yes - Basic maxime-tortelier.com 2. Watches the Windows login (winlogon.exe) No - Yes No direct.nacha.org nadaorganics.com) Registration) maxime-tortelier.com - France oneandone.net) Yes Fake No (yahoo.com emergency 187.151.36.39 - Yes listed as 6 24/01/2013 warning Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 187.151.36.39 (no Whois record) - 187.151.36.39 - Mexico (by UNINET.NET.MX) recipient) ties.itu.int (International Telecommunication Union) - Switzerland aroni.com.tr - Turkey (by gridtelekom.com / bn.by - Belarus (ties.itu.int) grid.com.tr) Viagra / aroni.com.tr - Turkey (veriturk.com) marijuanarxmedicine.com - UK (by 7 26/01/2013 Stamina Yes No No aroni.com.tr 1. Redirects to marijuanarxmedicine.com No - Yes No None mail.bn.by (via mail.bn) marijuanarxmedicine.com - Russia (cheapbox.ru) as29550.net) Yes Criminal No (ISP background 41.135.96.182 - Yes (no Whois 41.135.96.182 - South Africa (by mweb.com, tpg.com.au listed 8 27/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 41.135.96.182 record) - via mweb.co.za, optinet.net) as recipient) TOTAL 7/8 0 6/7 0 7/8 0 5/8 January SPAM emails were analysed on 14/02/2013, therefore some links were no longer active (eg. Amazon Web Services)