Showing posts with label suspect trojan attack. Show all posts

Wednesday, September 29, 2010

Inbox - lo que su banco local no quiere que usted sepa. (As the sender has stolen our domain name we consider this a SCAM

Esto podría ser un phishing o robo de identidad o si hace clic en el enlace que podría introducir un virus troyano en su computadora para que el estafador puede robar su información. Hemos eliminado los enlaces a donde se había señalado para su seguridad. Como remitente, una vez más ha robado nuestro nombre de dominio se sospecha que es la misma persona que nos ha enviado la carta estafa en los últimos días. Nuestro dominio / blog atraer mucho interés de differnet IP en Syosset ESTADOS UNIDOS, y nos preguntamos si existe una relación entre los estafadores y timadores estos

----- Original Message -----

From: scammer sends from our domain name

To: domain email address

Sent: Tuesday, September 28, 2010 9:03 PM

Subject: lo que su banco local no quiere que usted sepa.

?Esta usted conforme con el
retorno de sus inversiones?

?Comience con un bono del 20%
por inversion desde el primer dia!

Descubre como
http://forex21ad.com/es-usd/ the suspect link

golpeo aqui para dejar de publicidad

este hijo de puta ni siquiera es español - Un extranjero! Es probable que un negro! que necesitan para invertir en un teclado español, si se va a tratar de estafar a los españoles. ESTAFADORES DETENIDOS http://bit.ly/cC8ixX vamos a tener más de este :-)

Información para la Policia Guardia Civil o Interpol
Return-Path: <scammer sends from our domain name>
Received: from aichain.com ([178.213.36.241])
by mailer.ran.es (8.14.2/8.13.8) with SMTP id o8SJ3Qqv008305
for ; Tue, 28 Sep 2010 21:03:27 +0200
Date: Tue, 28 Sep 2010 21:03:26 +0200
Message-Id: <201009281903.o8sj3qqv008305@mailer.ran.es>
To:
From:
Subject: =?utf-8?B?bG8gcXVlIHN1IGJhbmNvIGxvY2FsIG5vIHF1aWVyZSBxdWUgdXN0ZWQgc2VwYS4=?=
MIME-Version: 1.0
Importance: High
Content-Type: text/html
X-UIDL: F,m"!-$=!!?5:!!R+V!!
Status: U
Old-X-EsetId: E74D982990713469F84B987D932A76
X-EsetId: E74D982990713469F84B987D932A76
X-EsetScannerBuild: 7897
.
http://www.iphacks.com/index.php

178.213.36.241

Country

UNITED STATES

Thursday, September 9, 2010

Inbox - Check out my photos (If you do not know the person delete it - Could be a trojan virus)

Received by our South American Correspondent. This is a suspicious spam/scam It has a forged IP and if you click or copy the URL, it may send to pictures from your own country. In my case, it showed: Meet Venezuela singles. It may have variations depending on your country.

----- Original Message -----

From: Amy J. Papineau sg@fishinginthailand.com

To: d.l.shortz@gmail.com

Sent: Thursday, September 09, 2010 12:48 AM

Subject: Check out my photos

Hi,

I have my private pics uploaded. Interested in seeing them? Then go to:

http://www.upload-profile.com

Remove >From Mailing List

http://upload-profile.com/rmv/

Information for Police / Interpol





Delivered-To: 
Received: by 10.227.43.5 with SMTP id u5cs50614wbe;
        Wed, 8 Sep 2010 13:58:46 -0700 (PDT)
Received: by 10.220.62.136 with SMTP id x8mr123379vch.35.1283979525813;
        Wed, 08 Sep 2010 13:58:45 -0700 (PDT)
Return-Path: 
Received: from fishinginthailand.com (mamakos.ath.forthnet.gr [62.1.195.78])
        by mx.google.com with SMTP id t5si393084vch.28.2010.09.08.13.58.41;
        Wed, 08 Sep 2010 13:58:45 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning sg@fishinginthailand.com does not designate  
62.1.195.78 as permitted sender) client-ip=62.1.195.78; Authentication-Results: mx.google.com; 
spf=softfail (google.com: domain of transitioning sg@fishinginthailand.com does not designate 62.1.195.78 
as permitted sender) smtp.mail=sg@fishinginthailand.com
Received: from nntp.pinxodet.net ([120.212.73.149]) by smtp.doneohx.com with ESMTP; Thu, 09 Sep 
2010 21:52:24 +0100
 
Very similar routing to this email so the person behind it could be the same - if they hide this information 
they have something to hide from the authorities and China has a reputation for internet fraud
 
Message-ID: 
Date: Thu, 09 Sep 2010 21:39:36 +0100
From: "Amy J. Papineau" 
MIME-Version: 1.0
To: 
Subject: Check out my photos
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
.

http://www.iphacks.com/index.php

IP

62.1.195.78

Country

Greece (GRC)

Region

Attiki

City

Athens

and

120.212.73.149

Country

China (CHN)

Region

Beijing

City

Beijing

Google sender Amy J. Papineau


      

Spam.la - Fight spam, use an anonymous @spam.la address!
02588520@spam.la, "Kimi", Order anti-ed without prescription, 34 mins 27 secs. 

02588520@spam.la, "Amy J. Papineau", Check out my photos, 2 hours 26 mins ... 

www.spam.la/?f=02588520 - Cached
      

Radaris: Looking for Amy Papineau? Attempting to track down ...
Amy J Papineau A Alsterlund Amy Alsterlund, Coeur D Alene, IDCoeur D Alene, ID ...  

Amy J Papineau. Amy Papineau. Died in 1983. Amy Papineau Amy Papineau ...  

radaris.com/p/Amy/Papineau/

Webmaster says - Very similar to this scam email which if you click will put a trojan virus in your computer

"Hola, te envío fotos nuevas (2-3 de ellos son demasiado franca, pero tú sabes que yo no 
soy tímido ;-)). Captura: fotos"  
We have removed the link to prevent crook infecting your computer

OJAS from United States    on Delphi comments
"The user screen name fishing in Thailand says a lot!
Phishing! LOL!

We have been asking newbies to pay attention to user names" 
http://nextwink.com.au/useful/scammers.php

Wednesday, July 21, 2010

Inbox - the Amazon.com Scam / I did not order anything & do not live in USA

All the links lead to this website - http://superkub.com/index.php?pid=14 DO NOT CLICK ON THEM Could be Phishing - a trojan virus

Thanks for your order, ???????????

Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.

Order Information:

E-mail Address: xxxxxxx@xxxxxx

Order Grand Total: $ 92.99

Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More

Order Summary:

Details:

Order #:	D49-3691377-9749051
Subtotal of items:	$ 05.99
	------
Total before tax:	$ 35.99
Sales Tax:	$ 0.00
	------
Total for this Order:	$ 57.99

The following item was ordered:

	Click here and see items, Price: $ 74.99 By: Click here Sold by: Amazon Digital Services, Inc.

The charge for this order will appear on your credit card statement from the merchant 'AMZN Payment Services.'

You can review your orders in Your Account. If you've explored the links on that page but still have a question, please visit our online Help Department.

Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.

Thanks again for shopping with us.

Amazon.com
Earth's Biggest Selection

unsubscribe icon Prefer not to receive HTML mail? Click here

Information for the Police / Interpol
Return-Path:
Received: from 186.8.78-224-dynamic.movinet.com.uy (186.8.78-224-dynamic.movinet.com.uy [186.8.78.224])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o6LFlvIV010764
for ; Wed, 21 Jul 2010 17:48:10 +0200
Received: from 186.8.78.224 by mail.rcbcsavings.com; Wed, 21 Jul 2010 12:47:14 -0300
Message-ID: <000d01cb28eb$fd34c270$6400a8c0@wigwag4545>
From: "Amazon.com"
To:
Subject: Your Amazon.com Order (D53-8978496-9950310)
Date: Wed, 21 Jul 2010 12:47:14 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01CB28EB.FD34C270"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: 8gO"!-HY"!_*)"!+CQ!!
Old-X-EsetId: E74D982990713469F84B987D9E2378
X-EsetId: E74D982990713469F84B987D9E2378
X-EsetScannerBuild: 7509

Search Results for http://superkub.com

Site Information for superkub.com

Alexa Traffic Rank: No Data
No regional data
Sites Linking In: No Data

Google superkub.com

PhishTank > Details on suspected phish #1021605

Submitted Jul 21st 2010 2:08 PM by ThreatSTOP (Current time: Jul 21st 2010 2:13 PM UTC). http://superkub.com/index.php?pid=14 ...
www.phishtank.com/phish_detail.php?phish_id=1021605 - 2 hours ago

superkub.com

http://www.siteadvisor.de/sites/superkub.com/postid?p=4951988

Our analysis found that this site may be promoted through spammy e-mail.

Are you the owner of this site? Leave a comment

To shut down their evil schemes, use http://www.complainterator.com, which is FREE, and point to this page http://bit.ly/chM59b as evidence. Best stay away from sites such as this if you want to avoid being victimized. Over recent days, fully 55% of active domains which appear in e-mail and are registered at MONIKER ONLINE SERVICES, INC. were caught in spam traps. This is one of those sites. That rate of abuse is far to high.

And from our South American Correspondent
viernes, 23 de julio de 2010 17:58

Well; as an anecdote, I did look for ualadys a few years ago with McAfee internet security software and found out that it was a phishing scam or so. The point is: If it is reported as a SPAM/scam, the probabilities of being iy are high. amazon.com is in USA, it has international affiliates in UK, Germany that I know. They’re URL ara http://www.amazon.co.uk and http://www.amazon.de . Amazon.com should trace to a US based server, not in Uruguay

I’ve looked carefully the header and traced the IP. It comes from 186.8.78-224-dynamic.movinet.com.uy at Uruguay.

Here is the report of IP tracing.

186.8.78.224 IP address location & more:

IP address [?]: 186.8.78.224 [Whois][Reverse IP]

IP country code: UY IP address country: Uruguay

IP address state: n/a IP address city: n/a

IP address latitude: -33.0000

IP address longitude: -56.0000 ISP of this

IP [?]: Telefonica Moviles del Uruguay SA Organization: Telefonica Moviles del Uruguay SA Host of this

IP: [?]: 186.8.78-224-dynamic.movinet.com.uy [Whois] [Trace]

Saturday, January 16, 2010

Inbox - UPS Tracking Number 17044134. 2nd scam attempt this week!

Date: Fri, 15 Jan 2010 23:24:50 +0100
From: "UPS Manager Melanie Graham" <service@ups.com>
Different name to earlier advice this week
To: No Recepient - First warning sign!
Subject: UPS Tracking Number 17044134. Different number to earlier advice this week

Hello! Bit informal don´t you think?

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address. I was not expecting a delivery from anyone

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail. As this had an attachement I read the e-mail with JBMail program and deleted it on the server. It probably contained a virus/trojan
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service of America.

Friday, January 15, 2010

Inbox - UPS Tracking Number 2225216.

Date: Thu, 14 Jan 2010 19:34:17 -0800
From: "UPS Manager Lessie Chavez"
To: No Recepient - First warning sign!
Subject: UPS Tracking Number 2225216.

Hello! Bit informal don´t you think?

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address. I was not expecting a delivery from anyone

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail. As this had an attachement I read the e-mail with JBMail program and deleted it on the server. It probably contained a virus/trojan
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service of America.

Thursday, January 7, 2010

Inbox - "Western Union" If you never sent anything by WU it is obviously a scam!

Date: Thu, 7 Jan 2010 09:50:23 +0800
From: "Western Union" <westernunionresponse@mail.westernunion.com>
To: <xxxxxx@xxxxxxt>
Subject: Your Money Transfer Control Number is: 355505225

This is a multi-part message in MIME format.

Dear customer,

Thank you for using the Western Union Money Transfer®.
Your money transfer has been authorized and is now available for pick up by the receiver.
Transfers to certain destinations may be subject to further delay or additional restrictions.

TRANSACTION DETAILS:
Your Money Transfer Control Number [MTCN] is: 355505225
Please use this number for any inquiries.
Date of Order: Thu, 7 Jan 2010 09:50:23 +0800
Amount Sent: $89.50You can cancel this transfer by using the hyperlink below:
http://wumt.westernunion.com/WUCOMWEB/transactions/HomePage/cancel.php?session=&mtcn=355505225&summ=89.50&date=If you click the link you could download a trojan into your computer like the VISA e-mail exposed earlier that originated from Moscow

Thu, 7 Jan 2010 09:50:23 +0800

Thank you for using Western Union!

DO NOT REPLY TO THIS EMAIL.

Check where it came from > Right click Subject Archives Properties Details (but bear in mind crooks use Bots)
Return-Path:
Received: from 121-74-3-197. (Invalid IP Address Entered! according to http://bit.ly/7VJ6qx) telstraclear.net (121-74-3-197.telstraclear.net [121.74.3.197])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o077tNkj026257
for ; Thu, 7 Jan 2010 08:55:54 +0100
Received: from 121.74.3.197 by mail-in.freeserve.com; Thu, 7 Jan 2010 20:55:20 +1200
From: "westernunionresponse@mail.westernunion.com"
To: <xxxxxr@xxxxx>
Subject: Your Money Transfer Control Number [MTCN] is: 474384873
Date: Thu, 7 Jan 2010 20:55:20 +1200
Message-ID: <000d01ca8f6e$c26146d0$6400a8c0@ventilatesmz>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01CA8F6E.C26146D0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
X-UIDL: +1X"!US9"!p~+"!:Fp"!
Status: U
Old-X-EsetId: E74D982990713469F84B987C982372
X-EsetId: E74D982990713469F84B987C982372
X-EsetScannerBuild: 6303