Showing posts with label virus. Show all posts

Friday, July 11, 2014

SCAM intended to spread malware - Rv: Hearing of your case in Court No#3824

El Jueves 1 de enero de 1970 1:00, GreenWinick Lawyers escribió:


		Green Winick
		ATTORNEYS AT LAW
	Notice to Appear, To view copy of the court notice click here. Please, read it thoroughly. Note: If you do not attend the hearing the judge may hear the case in your absence.

	2014 Green Winick, P.L.C. All Rights Reserved.

Do not click the link and if you ever do not trust and email always do a Google search on it

In this case we just Googled "Green Winick, P.L.C scam"

The link has been disconnected and changed to blue lettering with a line under it

News for Green Winick, P.L.C scam
1. Virus Alert: 'Green Winick Attorneys at Law – Notice to ...
  
  The Epoch Times ‎- by Jack Phillips ‎- 55 minutes ago
  
  Virus Alert: 'Green Winick Attorneys at Law – Notice to Appear in Court' ... The Trojan Horse can allow the scammers behind it to access your ...
More news for Green Winick, P.L.C scam

Virus: 'Green Winick Attorneys at Law - Notice to Appear in ...

m.theepochtimes.com/.../796398-virus-green-winick-attorneys-at-law-no...

by Jack Phillips - 3 hours ago - Virus: 'Green Winick Attorneys at Law – Notice to Appear in Court' is a Scam ... It's nothing more than a scam intended to spread malware, ...

The genuine company´s website is here http://www.brownwinick.com/our-attorneys/default.aspx

Wednesday, April 20, 2011

Inbox - SPAM ALERT "United Parcel Service notification #45165 & #55699" we have received these before the 3rd one contained a virus

If you are from Britain please forward details of these email to The National Fraud Authority (NFA) for sooner or latter this crook will send an identical email that contains a virus. The more that you send the more chances the NFA have of locating this crook

Date: Tue, 19 Apr 2011 21:12:01 -0300

From: "United Parcel Service"

To:

Subject: United Parcel Service notification #45165

This is a multi-part message in MIME format.

Dear customerThe parcel was sent your home adressAnd it will arrive within 10 business days More information and the tracking numberare attached in document below.Thank You)UPS 1995-2011 JP5TN6HWCY0TUHACT5Y157NB4QI35NP5VHB39ZA3Q60YXGD945J7U0BIRF95GT0

-------------------------------------------------------------------------------------------------------------------------------

-----Mensaje original-----
De: United Parcel Service [mailto:info97018@ups.com]
Enviado el: Wednesday, April 20, 2011 1:57 AM
Para:
Asunto: United Parcel Service notification #55699

Dear customer

The parcel was sent your home adress

And it will arrive within 10 business days

More information and the tracking number

are attached in document below.

Thank You

)UPS 1995-2011

__________ Información de ESET NOD32 Antivirus, versión de la base de firmas de virus

Wednesday, September 29, 2010

Inbox - lo que su banco local no quiere que usted sepa. (As the sender has stolen our domain name we consider this a SCAM

Esto podría ser un phishing o robo de identidad o si hace clic en el enlace que podría introducir un virus troyano en su computadora para que el estafador puede robar su información. Hemos eliminado los enlaces a donde se había señalado para su seguridad. Como remitente, una vez más ha robado nuestro nombre de dominio se sospecha que es la misma persona que nos ha enviado la carta estafa en los últimos días. Nuestro dominio / blog atraer mucho interés de differnet IP en Syosset ESTADOS UNIDOS, y nos preguntamos si existe una relación entre los estafadores y timadores estos

----- Original Message -----

From: scammer sends from our domain name

To: domain email address

Sent: Tuesday, September 28, 2010 9:03 PM

Subject: lo que su banco local no quiere que usted sepa.

?Esta usted conforme con el
retorno de sus inversiones?

?Comience con un bono del 20%
por inversion desde el primer dia!

Descubre como
http://forex21ad.com/es-usd/ the suspect link

golpeo aqui para dejar de publicidad

este hijo de puta ni siquiera es español - Un extranjero! Es probable que un negro! que necesitan para invertir en un teclado español, si se va a tratar de estafar a los españoles. ESTAFADORES DETENIDOS http://bit.ly/cC8ixX vamos a tener más de este :-)

Información para la Policia Guardia Civil o Interpol
Return-Path: <scammer sends from our domain name>
Received: from aichain.com ([178.213.36.241])
by mailer.ran.es (8.14.2/8.13.8) with SMTP id o8SJ3Qqv008305
for ; Tue, 28 Sep 2010 21:03:27 +0200
Date: Tue, 28 Sep 2010 21:03:26 +0200
Message-Id: <201009281903.o8sj3qqv008305@mailer.ran.es>
To:
From:
Subject: =?utf-8?B?bG8gcXVlIHN1IGJhbmNvIGxvY2FsIG5vIHF1aWVyZSBxdWUgdXN0ZWQgc2VwYS4=?=
MIME-Version: 1.0
Importance: High
Content-Type: text/html
X-UIDL: F,m"!-$=!!?5:!!R+V!!
Status: U
Old-X-EsetId: E74D982990713469F84B987D932A76
X-EsetId: E74D982990713469F84B987D932A76
X-EsetScannerBuild: 7897
.
http://www.iphacks.com/index.php

178.213.36.241

Country

UNITED STATES

Thursday, August 26, 2010

Inbox - Fedex Invoice copy N4705832 - Scam email - (examined on Server with JBMail & as had an attachment deleted it. Not expecting a delivery and Iran has nothing to do with FEDEX)

Date:       Wed, 25 Aug 2010 21:28:36 +0100
From:       "Fedex Support, Madelyn Downey"
To:
Subject:   Fedex Invoice copy N4705832

This is a multi-part message in MIME format.

   [IMAGE]

   Iran starts to fuel up first nuclear power plant

__________ Información de ESET NOD32 Antivirus, versión de la base de firmas de virus 5397 (20100825) __________

ESET NOD32 Antivirus ha comprobado este mensaje.

http://www.eset.com

--- HTML content follows ---

Iran starts to fuel up first nuclear power plant

------_NextPart_001_001F_01CB449C.7A6C5CA0
Content-Type: image/jpeg;
   name"file753.jpg"

Thursday, August 19, 2010

Inbox - Fotos from Charo Manzanares (he/she sent same email on 10 May) Do not click on link unless you want a virus

From: Charo Manzanares

To:

Sent: Thursday, August 19, 2010 5:58 AM

Subject: Fotos

Hola, te envío fotos nuevas (2-3 de ellos son demasiado franca, pero tú sabes que yo no soy tímido ;-)). Captura: fotos

News & Comments: Inbox - this CROOK is active again! Do not click ...

10 May 2010 ... Hola, te envío fotos nuevas (2-3 de ellos son demasiado franca, pero tú sabes que yo no soy tímido ;-)). Captura: fotos ...
itccommunicationsnet-johnnichols.blogspot.com/.../inbox-this-crook-is-active-again-do-not.html - Cached

Nuevos troyanos RootKit ZBOT que llegan por mail, uno como FOTOS ...

- [ Translate this page ]

11 May 2010 ... Hola, te envío fotos nuevas (2-3 de ellos son demasiado franca, pero tú sabes que yo no soy tímido ;-) ). Captura: fotos ...
www.satinfo.es/blog/?p=3928 - Cached

11 @ Mayo @ 2010 @ SATINFO

- [ Translate this page ]

11 May 2010 ... Nuevos troyanos RootKit ZBOT que llegan por mail, uno como FOTOS, y el otro aun no detectado por ningun antivirus del VirusTotal ... fotos Hola, te envío fotos nuevas2-3 de ellos son demasiado franca, pero tú sabes que yo no soy tímido ). Captura: fotos...
www.satinfo.es/blog/?m=20100511 - Cached ( ______ Recibido el mail con EL LINK “FOTOS”

Información para la Policia y Interpol

Return-Path:
Received: from JQASPPIS ([189.127.115.149])
    by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o7J3wclw016037;
    Thu, 19 Aug 2010 05:58:39 +0200
Message-ID: <000d01cb3f52$cb29e620$6400a8c0@pasturingqed4>
From: "Charo Manzanares"
To:
Subject: Fotos
Date: Thu, 19 Aug 2010 00:58:33 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0007_01CB3F52.CB29E620"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: >aI!!C5""!oc=!!(\R"!
Status: U
Old-X-EsetId: E74D982990713469F84B987D9D2470
X-EsetId: E74D982990713469F84B987D9D2470
X-EsetScannerBuild: 7671

Wednesday, July 21, 2010

Inbox - the Amazon.com Scam / I did not order anything & do not live in USA

All the links lead to this website - http://superkub.com/index.php?pid=14 DO NOT CLICK ON THEM Could be Phishing - a trojan virus

Thanks for your order, ???????????

Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.

Order Information:

E-mail Address: xxxxxxx@xxxxxx

Order Grand Total: $ 92.99

Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More

Order Summary:

Details:

Order #:	D49-3691377-9749051
Subtotal of items:	$ 05.99
	------
Total before tax:	$ 35.99
Sales Tax:	$ 0.00
	------
Total for this Order:	$ 57.99

The following item was ordered:

	Click here and see items, Price: $ 74.99 By: Click here Sold by: Amazon Digital Services, Inc.

The charge for this order will appear on your credit card statement from the merchant 'AMZN Payment Services.'

You can review your orders in Your Account. If you've explored the links on that page but still have a question, please visit our online Help Department.

Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.

Thanks again for shopping with us.

Amazon.com
Earth's Biggest Selection

unsubscribe icon Prefer not to receive HTML mail? Click here

Information for the Police / Interpol
Return-Path:
Received: from 186.8.78-224-dynamic.movinet.com.uy (186.8.78-224-dynamic.movinet.com.uy [186.8.78.224])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o6LFlvIV010764
for ; Wed, 21 Jul 2010 17:48:10 +0200
Received: from 186.8.78.224 by mail.rcbcsavings.com; Wed, 21 Jul 2010 12:47:14 -0300
Message-ID: <000d01cb28eb$fd34c270$6400a8c0@wigwag4545>
From: "Amazon.com"
To:
Subject: Your Amazon.com Order (D53-8978496-9950310)
Date: Wed, 21 Jul 2010 12:47:14 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01CB28EB.FD34C270"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: 8gO"!-HY"!_*)"!+CQ!!
Old-X-EsetId: E74D982990713469F84B987D9E2378
X-EsetId: E74D982990713469F84B987D9E2378
X-EsetScannerBuild: 7509

Search Results for http://superkub.com

Site Information for superkub.com

Alexa Traffic Rank: No Data
No regional data
Sites Linking In: No Data

Google superkub.com

PhishTank > Details on suspected phish #1021605

Submitted Jul 21st 2010 2:08 PM by ThreatSTOP (Current time: Jul 21st 2010 2:13 PM UTC). http://superkub.com/index.php?pid=14 ...
www.phishtank.com/phish_detail.php?phish_id=1021605 - 2 hours ago

superkub.com

http://www.siteadvisor.de/sites/superkub.com/postid?p=4951988

Our analysis found that this site may be promoted through spammy e-mail.

Are you the owner of this site? Leave a comment

To shut down their evil schemes, use http://www.complainterator.com, which is FREE, and point to this page http://bit.ly/chM59b as evidence. Best stay away from sites such as this if you want to avoid being victimized. Over recent days, fully 55% of active domains which appear in e-mail and are registered at MONIKER ONLINE SERVICES, INC. were caught in spam traps. This is one of those sites. That rate of abuse is far to high.

And from our South American Correspondent
viernes, 23 de julio de 2010 17:58

Well; as an anecdote, I did look for ualadys a few years ago with McAfee internet security software and found out that it was a phishing scam or so. The point is: If it is reported as a SPAM/scam, the probabilities of being iy are high. amazon.com is in USA, it has international affiliates in UK, Germany that I know. They’re URL ara http://www.amazon.co.uk and http://www.amazon.de . Amazon.com should trace to a US based server, not in Uruguay

I’ve looked carefully the header and traced the IP. It comes from 186.8.78-224-dynamic.movinet.com.uy at Uruguay.

Here is the report of IP tracing.

186.8.78.224 IP address location & more:

IP address [?]: 186.8.78.224 [Whois][Reverse IP]

IP country code: UY IP address country: Uruguay

IP address state: n/a IP address city: n/a

IP address latitude: -33.0000

IP address longitude: -56.0000 ISP of this

IP [?]: Telefonica Moviles del Uruguay SA Organization: Telefonica Moviles del Uruguay SA Host of this

IP: [?]: 186.8.78-224-dynamic.movinet.com.uy [Whois] [Trace]

Friday, July 9, 2010

Inbox - a friend received this today Under no circumstances click on the link if you receive one similar

TELEGRAMA: 945676922534
CONFIRMACION: MF044554392ES
CATEGORIA: URGENTE

Haga cliq aqui para abrir tu telegrama

http://telegrama.correos.pochta.ru/telegrama.doc.exe
exe in the url signifies that this Russian crook wants to place a trojan virus in your computer having sent you this e-mail purporting to be the Spanish postal company Correos!

Saturday, February 20, 2010

Inbox - Your order has been paid! Parcel NR.7507. email contains Virus Win32/Kryptik.CNC Trojan

From: Shop Manager Tracy Drake
To: xxxxxx
Date: sábado, 20 de febrero de 2010 4:50
Subject: Your order has been paid! Parcel NR.7507 (Well I never made an order with amazon.com so the first warning sign)

Good afternoon!

Thank you for shopping at Amazon.com

Goodafternoon!

Thank you for shopping at Amazon.com

We have successfully received your payment.

Your order has been shipped to your billing address.

You have ordered " Microsoft LifeCam NX-6000 "

You can find your tracking number in attached to the e-mail document.

Print the postal label to get your package.

We hope you enjoy your order!
Amazon.com

__________ Alerta de ESET NOD32 Antivirus, versión de la base de firmas de virus 4881 (20100219) __________

Alerta, ESET NOD32 Antivirus ha encontrado las siguientes amenazas en este mensaje:

Postal_package_NR8422.zip - una variante de Win32/Kryptik.CNC Troyano - eliminado
Postal_package_NR8422.zip > ZIP > Postal_package_NR8422.exe - una variante de Win32/Kryptik.CNC Troyano - era parte de un objeto eliminado

http://www.eset.com

Friday, February 5, 2010

Inbox - 2nd Virus/TROJAN email sent to me today! Re: factura

Date: Fri, 05 Feb 2010 13:48:47 +0100
From:
To:
Subject: [virus Win32/Oficla.DF Troyano] Re: factura

Buenos dias webmaster@isoarquitec.es.

A su solicitud, le envio la factura de la compra.
Gracias por su cooperacion!

__________ Alerta de ESET NOD32 Antivirus, versión de la base de firmas de virus 4838 (20100205) __________

Alerta, ESET NOD32 Antivirus ha encontrado las siguientes amenazas en este mensaje:

Factura028.zip - Win32/Oficla.DF Troyano - eliminado
Factura028.zip > ZIP > Factura028.Doc____________________________________________________________________________________.Doc.Exe - Win32/Oficla.DF Troyano - era parte de un objeto eliminado

http://www.eset.com

Monday, January 25, 2010

Inbox - this one did not smell right! "Hola, Es esto tuyo foto?" so I GOOGLED it!

Google results

Quizás quiso decir: Aldrich 1983 Hola, Es esto tuyo foto?.

Resultados de la búsqueda

Virus del Msn Esta foto es tuya? - Cerolag
20 entradas - 19 autores - Última entrada: 24 Sep 2008
Virus del Msn Esta foto es tuya? Las barracas. ... Ahora voy a repetir todo esto pero en modo seguro ya que esta habilitada esa opcion! ...
foros.cerolag.com › ... › Battlefield 1942 › Las barracas - En caché - Similares -
ALMACEN
DOCE DEL PATIBULO VHS-DVD ROBERT ALDRICH 1983 ...... FOTOS VHS ELIO QUIROGA 1997. FOUR ROOMS VHS QUENTIN TARANTINO 1995 ...... HOLA CARIÑO ESTOY MUERTO VHS ALAN MYERSON 1991 ...... MUEVETE, ESTO ES NUEVA YORK DVD DENNIE GORDON 2004 ...... TU, YO Y TODOS LOS DEMAS DVD MIRANDA JULY 2005. TU, YO. ...
videonews.galeon.com/productos1653822.html - En caché - Similares -
¿ Estas fotos son tuyas ? | Emezeta
3 Nov 2008 ... (email); Estas foto so tuyo?? http://hi5hi5.us/lola.exe? .... Hola oigan un amigo me mando eso pero mi computadora no me dejo seguir lo que ...
www.emezeta.com/.../estas-fotos-son-tuyas - hace 11 horas - En caché - Similares -

the email

hola

Hola, Es esto tuyo foto?.
Curiosity could give you a virus. do not click on the link

link

Information on the sender if you want to be a detective today!
Return-Path:
Received: from LZASOQCNQR ([95.35.95.166])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o0PAKCbX012429;
Mon, 25 Jan 2010 11:20:34 +0100
Received: from 95.35.95.166 by mx.spasgate.ru; Mon, 25 Jan 2010 12:20:10 +0200
From: "Aldrich1983"
To:
Subject: Fw: funkyhairnlw@xxxxxxx photo
Date: Mon, 25 Jan 2010 12:20:10 +0200
Message-ID: <000d01ca9da7$f9b023d0$6400a8c0@marketplaceukf82>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01CA9DA7.F9B023D0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-UIDL: IYh!!0*1"!T(5"!Z*C!!
Status: RO
Old-X-EsetId: E74D982990713469F84B987C982372
X-EsetId: E74D982990713469F84B987C982372
X-EsetScannerBuild: 6303

Saturday, January 16, 2010

Inbox - UPS Tracking Number 17044134. 2nd scam attempt this week!

Date: Fri, 15 Jan 2010 23:24:50 +0100
From: "UPS Manager Melanie Graham" <service@ups.com>
Different name to earlier advice this week
To: No Recepient - First warning sign!
Subject: UPS Tracking Number 17044134. Different number to earlier advice this week

Hello! Bit informal don´t you think?

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address. I was not expecting a delivery from anyone

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail. As this had an attachement I read the e-mail with JBMail program and deleted it on the server. It probably contained a virus/trojan
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service of America.

Friday, January 15, 2010

Inbox - UPS Tracking Number 2225216.

Date: Thu, 14 Jan 2010 19:34:17 -0800
From: "UPS Manager Lessie Chavez"
To: No Recepient - First warning sign!
Subject: UPS Tracking Number 2225216.

Hello! Bit informal don´t you think?

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address. I was not expecting a delivery from anyone

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail. As this had an attachement I read the e-mail with JBMail program and deleted it on the server. It probably contained a virus/trojan
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service of America.

News & Comments