SlideShare a Scribd company logo

Malware SPAM - March 2013

Brent Muir
Brent Muir

Malware spam received in March 2013 is summarized as follows: - A total of 10 malware spam emails were received in March 2013 containing malicious links or attachments. The majority contained links to websites hosting malware. - Common link domains and hosting IPs traced back to registration proxies and ISPs in countries like the UK, Poland, Germany, Italy and Morocco, obscuring the original senders. - Several emails contained malicious attachments that could modify files, security settings and registry entries upon opening, posing security risks to users.

Technology
1 of 3
Download to read offline
MALWARE SPAM – MARCH 2013 •Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. Total # Received Type - Viagra Type - Job Type - Green Card Type - Banking Type - LinkedIn Type - Criminal Background Check Type - Other Malicious Link Malicious Attachment Attachment Type - .ZIP Attachment Type - .DOC Attachment Type - . PDF Sent from malformed email header Sent from compromise d known contact Contains my email address in "TO" field Mar-13 10 0 0 0 0 0 1 9 10 0 - - - 7 0 2
MARCH 2013 – DETAILS – PAGE 1 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 1 1/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 41.142.76.222 41.142.76.222Yes (no Whois record) 41.142.76.222- Unknown, registered to block MAROC TELECOM (ISP) menara.ma 41.142.76.222- Morocco (MAROC TELECOM -ISP, menara.ma ) No (starhub.net.sg listed as receipient) 2 2/03/2013 penial enlargements? Yes No No ydxa.org No Yes No yahoo.com 91.210.101.79 91.210.101.79- Yes (no Whois record) ydxa.org - Yes (DomainsByProxy.com) 91.210.101.79- Unknown, registered to block for UA-NETWORKING LTD (ISP) uanetworking.com (net-art.cz ?) ydxa.org - Unknown 91.210.101.79- UK (via uanetworking.com) ydxa.org - US (via bluehost.com) No (no recipients listed) 3 2/03/2013 Crime warning Yes No Yes - basic amazonaws.com No Yes No yahoo.com 62.244.130.100 62.244.130.100- Yes (no Whois record) 62.244.130.100- Unknown, registered to block Netia Telekom S.A (ISP) 62.244.130.100- Poland (via Netia Telekom S.A. netia.pl) No (yahoo.co.in listed as recipient) 4 7/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 81.24.208.123 81.24.208.123- Yes (no Whois record) 81.24.208.123- Unknown, registered to block for NKTV Ltd (ISP) 81.24.208.123- Ukraine (via nktv.mk.ua) No (yahoo.com listed as recipient) 5 10/03/2013Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 93.147.117.200 93.147.117.200- No, but Whois record points to ISP record (teletu.it) 93.147.117.200- registered to block for ISP teletu.it, Vodafone Omnitel N.V., Alicom s.r.l., http://www.tol.it, omnitel.it 93.147.117.200- Italy (via vodafone.it) No (yahoo.com listed as recipient) 6 15/03/2013Friend request? Yes No No funniest-pictures.com No Yes No hotmail.com 184.168.152.26 184.168.152.26- No funniest-pictures.com - Yes (DYNADOT Privacy) 184.168.152.26- SECURESERVER.NET funniest-pictures.com - Unknown, registered to block DYNADOT, LLC (ISP) 184.168.152.26- US (via SECURESERVER.NET & Go Daddy) funniest-pictures.com - US (via DYNADOT, LLC) Yes (amongst many others)
MARCH 2013 – DETAILS – PAGE 2 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 7 21/03/2013Weight loss? Yes No Yes - basic amazonaws.com No No No yahoo.com yahoo.com No (tpg.com.au listed as recipient) 8 22/03/2013Weight loss? Yes No Yes - basic amazonaws.com Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No No No yahoo.com yahoo.com 9 23/03/2013Friend request? Yes No No evomerchantservices.org No No No yahoo.com yahoo.com evomerchantservices.org - No evomerchantservices.org - J and S Productions LLC (jstmerchantservices.com) evomerchantservices.org - US (via Global Net Access, LLC gnax.net) No (no recipients listed) 10 24/03/2013Unknown Yes No No Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No Yes No yahoo.com 83.26.142.16 83.26.142.16- Yes (no Whois record) sv-schaephuysen.de - 83.26.142.16- registered to block tpnet.pl (ISP) TELEKOMUNIKACJA POLSKA S.A. , az.pl sv-schaephuysen.de - STRATO AG 83.26.142.16- Poland (via TELEKOMUNIKACJA POLSKA S.A.) sv-schaephuysen.de - Germany (via STRATO AG, strato.de Yes (amongst many others)

Recommended

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013
Brent Muir
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13
ketaman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
Jason S
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself Online
Gary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
Naval OPSEC
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Taylor Van Sickle
 

Recommended

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013
Brent Muir
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13
ketaman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
Jason S
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself Online
Gary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
Naval OPSEC
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Taylor Van Sickle
 
How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
Paul Bossky
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
MuhammadArif823
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
dkp205
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
Phil Cryer
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Online News Association
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quizlockyerj
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
Brent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
Brent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
Brent Muir
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
Brent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0
Brent Muir
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013
Brent Muir
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
Brent Muir
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
Brent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)
Brent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
Brent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
Brent Muir
 

More Related Content

What's hot

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
Paul Bossky
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
MuhammadArif823
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
dkp205
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
Phil Cryer
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Online News Association
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quizlockyerj
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 

What's hot (8)

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quiz
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
 

Viewers also liked

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
Brent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
Brent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
Brent Muir
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
Brent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0
Brent Muir
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013
Brent Muir
 

Viewers also liked (9)

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013
 

More from Brent Muir

Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
Brent Muir
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
Brent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)
Brent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
Brent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
Brent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
Brent Muir
 

More from Brent Muir (6)

Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 

Recently uploaded

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

Malware SPAM - March 2013

  • 1. MALWARE SPAM – MARCH 2013 •Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. Total # Received Type - Viagra Type - Job Type - Green Card Type - Banking Type - LinkedIn Type - Criminal Background Check Type - Other Malicious Link Malicious Attachment Attachment Type - .ZIP Attachment Type - .DOC Attachment Type - . PDF Sent from malformed email header Sent from compromise d known contact Contains my email address in "TO" field Mar-13 10 0 0 0 0 0 1 9 10 0 - - - 7 0 2
  • 2. MARCH 2013 – DETAILS – PAGE 1 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 1 1/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 41.142.76.222 41.142.76.222Yes (no Whois record) 41.142.76.222- Unknown, registered to block MAROC TELECOM (ISP) menara.ma 41.142.76.222- Morocco (MAROC TELECOM -ISP, menara.ma ) No (starhub.net.sg listed as receipient) 2 2/03/2013 penial enlargements? Yes No No ydxa.org No Yes No yahoo.com 91.210.101.79 91.210.101.79- Yes (no Whois record) ydxa.org - Yes (DomainsByProxy.com) 91.210.101.79- Unknown, registered to block for UA-NETWORKING LTD (ISP) uanetworking.com (net-art.cz ?) ydxa.org - Unknown 91.210.101.79- UK (via uanetworking.com) ydxa.org - US (via bluehost.com) No (no recipients listed) 3 2/03/2013 Crime warning Yes No Yes - basic amazonaws.com No Yes No yahoo.com 62.244.130.100 62.244.130.100- Yes (no Whois record) 62.244.130.100- Unknown, registered to block Netia Telekom S.A (ISP) 62.244.130.100- Poland (via Netia Telekom S.A. netia.pl) No (yahoo.co.in listed as recipient) 4 7/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 81.24.208.123 81.24.208.123- Yes (no Whois record) 81.24.208.123- Unknown, registered to block for NKTV Ltd (ISP) 81.24.208.123- Ukraine (via nktv.mk.ua) No (yahoo.com listed as recipient) 5 10/03/2013Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 93.147.117.200 93.147.117.200- No, but Whois record points to ISP record (teletu.it) 93.147.117.200- registered to block for ISP teletu.it, Vodafone Omnitel N.V., Alicom s.r.l., http://www.tol.it, omnitel.it 93.147.117.200- Italy (via vodafone.it) No (yahoo.com listed as recipient) 6 15/03/2013Friend request? Yes No No funniest-pictures.com No Yes No hotmail.com 184.168.152.26 184.168.152.26- No funniest-pictures.com - Yes (DYNADOT Privacy) 184.168.152.26- SECURESERVER.NET funniest-pictures.com - Unknown, registered to block DYNADOT, LLC (ISP) 184.168.152.26- US (via SECURESERVER.NET & Go Daddy) funniest-pictures.com - US (via DYNADOT, LLC) Yes (amongst many others)
  • 3. MARCH 2013 – DETAILS – PAGE 2 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 7 21/03/2013Weight loss? Yes No Yes - basic amazonaws.com No No No yahoo.com yahoo.com No (tpg.com.au listed as recipient) 8 22/03/2013Weight loss? Yes No Yes - basic amazonaws.com Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No No No yahoo.com yahoo.com 9 23/03/2013Friend request? Yes No No evomerchantservices.org No No No yahoo.com yahoo.com evomerchantservices.org - No evomerchantservices.org - J and S Productions LLC (jstmerchantservices.com) evomerchantservices.org - US (via Global Net Access, LLC gnax.net) No (no recipients listed) 10 24/03/2013Unknown Yes No No Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No Yes No yahoo.com 83.26.142.16 83.26.142.16- Yes (no Whois record) sv-schaephuysen.de - 83.26.142.16- registered to block tpnet.pl (ISP) TELEKOMUNIKACJA POLSKA S.A. , az.pl sv-schaephuysen.de - STRATO AG 83.26.142.16- Poland (via TELEKOMUNIKACJA POLSKA S.A.) sv-schaephuysen.de - Germany (via STRATO AG, strato.de Yes (amongst many others)