SlideShare a Scribd company logo

Malware SPAM - January 2013

Brent Muir
Brent Muir

Analysis of malicious SPAM emails received January 2013

Technology
1 of 2
Download to read offline
MALWARE SPAM – JANUARY 2013 Type - Sent from Sent from Contains my Type - Criminal malformed compromised email Total # Type - Type - Green Type - Type - Background Type - Malicious Malicious Attachment Attachment Attachment email known address in Received Viagra Job Card Banking LinkedIn Check Other Link Attachment Type - .ZIP Type - .DOC Type - . PDF header contact "TO" field 8^ 1 1 1 2 0 2 1 7 0 - - - 7 0 5 * Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. ^ January 2013 is not a complete month due to the automatic deletion rules of my account
JANUARY 2013 - DETAILS Sent from Sent from Contains my email Malicious Link Malicious Attachment malformed compromised address in "TO" Date Type Link Shortener Link Masking Link Host Link Risks Attachment Type email header known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) field fineoffr.com - Unknown (do4u.co.il, a.gtld- fineoffr.com - Yes servers.net) USA Green phpconvey.com, fineoffr.com (WhoisGuard) phpconvey.com - Israel (do4u.co.il, digital- fineoffr.com - UK 1 14/01/2013 Card Yes No Yes - Basic phpconvey.com No - Yes No canforward.com (via mail.visimail.org ) phpconvey.com - No campaign.info) phpconvey.com - UK (by eukhost.com) Yes 2 15/01/2013 Job offer No - - - - No - No No hotmail.com hotmail.com N/A Yes 1. Performs File Modification and Destruction. The executable modifies and destructs files which are not temporary. 2. Changes security settings of Internet Explorer. This system alteration could seriously affect safety surfing the World Wide Web. bartstals.be - Belgium bartstals.be - Netherlands (by instep.be) Direct 3. Performs Registry Activities. The executable creates and/or gdoehling.de (via gdoehling.de - Germany gdoehling.de - Germany (by strato.de) 3 23/01/2013 Deposit Bank Yes No Yes - Basic rogercbryan.com modifies registry entries. No - Yes No direct.nacha.org bartstals.be) rogercbryan.com - USA rogercbryan.com - USA (by softlayer.com) Yes Criminal No (ISP background 180.248.23.146 - Yes tpg.com.au listed 4 23/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 180.248.23.146 (no Whois record) - 180.248.23.146 - Indonesia (by telkom.net.id) as recipient) nadaorganics.com - USA (by GoDaddy.com) lifeflowki.com - No DNS record 1. Watches MSN Messenger (msmsgs.exe) cswineimports.com - Yes nadaorganics.com - Australia (lifeflowki.com) cswineimports.com - USA (by lunarpages.com) Direct cswineimports.com (via (Network Solutions Private cswineimports.com - Unknown maxime-tortelier.com - Germany (by 5 24/01/2013 Deposit Bank Yes No Yes - Basic maxime-tortelier.com 2. Watches the Windows login (winlogon.exe) No - Yes No direct.nacha.org nadaorganics.com) Registration) maxime-tortelier.com - France oneandone.net) Yes Fake No (yahoo.com emergency 187.151.36.39 - Yes listed as 6 24/01/2013 warning Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 187.151.36.39 (no Whois record) - 187.151.36.39 - Mexico (by UNINET.NET.MX) recipient) ties.itu.int (International Telecommunication Union) - Switzerland aroni.com.tr - Turkey (by gridtelekom.com / bn.by - Belarus (ties.itu.int) grid.com.tr) Viagra / aroni.com.tr - Turkey (veriturk.com) marijuanarxmedicine.com - UK (by 7 26/01/2013 Stamina Yes No No aroni.com.tr 1. Redirects to marijuanarxmedicine.com No - Yes No None mail.bn.by (via mail.bn) marijuanarxmedicine.com - Russia (cheapbox.ru) as29550.net) Yes Criminal No (ISP background 41.135.96.182 - Yes (no Whois 41.135.96.182 - South Africa (by mweb.com, tpg.com.au listed 8 27/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 41.135.96.182 record) - via mweb.co.za, optinet.net) as recipient) TOTAL 7/8 0 6/7 0 7/8 0 5/8 January SPAM emails were analysed on 14/02/2013, therefore some links were no longer active (eg. Amazon Web Services)

Recommended

Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013
Brent Muir
 
On Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownOn Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin Brown
EC-Council
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13
ketaman
 
Gloria flores
Gloria floresGloria flores
Gloria flores
yaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevara
jessica97
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
Jason S
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founder
Khalid Shaikh
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Taylor Van Sickle
 

Recommended

Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013
Brent Muir
 
On Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin BrownOn Defending Against Doxxing: Benjamin Brown
On Defending Against Doxxing: Benjamin Brown
EC-Council
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13
ketaman
 
Gloria flores
Gloria floresGloria flores
Gloria flores
yaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevara
jessica97
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
Jason S
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founder
Khalid Shaikh
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Taylor Van Sickle
 
How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
Paul Bossky
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself Online
Gary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
Naval OPSEC
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
MuhammadArif823
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
dkp205
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet Law
Bennet Kelley
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
Phil Cryer
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
mafer23
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Online News Association
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
Christos Beretas
 
Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs Ctin
CTIN
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
Brent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
Brent Muir
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
Brent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
Brent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
Brent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
Brent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
Brent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
Brent Muir
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 

More Related Content

What's hot

What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
Phil Cryer
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
mafer23
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
Christos Beretas
 

What's hot (10)

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself Online
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet Law
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
 

Viewers also liked

Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs Ctin
CTIN
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
Brent Muir
 

Viewers also liked (11)

Recovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs CtinRecovering Information From Deleted Security Event Logs Ctin
Recovering Information From Deleted Security Event Logs Ctin
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Malware SPAM - January 2013

  • 1. MALWARE SPAM – JANUARY 2013 Type - Sent from Sent from Contains my Type - Criminal malformed compromised email Total # Type - Type - Green Type - Type - Background Type - Malicious Malicious Attachment Attachment Attachment email known address in Received Viagra Job Card Banking LinkedIn Check Other Link Attachment Type - .ZIP Type - .DOC Type - . PDF header contact "TO" field 8^ 1 1 1 2 0 2 1 7 0 - - - 7 0 5 * Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. ^ January 2013 is not a complete month due to the automatic deletion rules of my account
  • 2. JANUARY 2013 - DETAILS Sent from Sent from Contains my email Malicious Link Malicious Attachment malformed compromised address in "TO" Date Type Link Shortener Link Masking Link Host Link Risks Attachment Type email header known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) field fineoffr.com - Unknown (do4u.co.il, a.gtld- fineoffr.com - Yes servers.net) USA Green phpconvey.com, fineoffr.com (WhoisGuard) phpconvey.com - Israel (do4u.co.il, digital- fineoffr.com - UK 1 14/01/2013 Card Yes No Yes - Basic phpconvey.com No - Yes No canforward.com (via mail.visimail.org ) phpconvey.com - No campaign.info) phpconvey.com - UK (by eukhost.com) Yes 2 15/01/2013 Job offer No - - - - No - No No hotmail.com hotmail.com N/A Yes 1. Performs File Modification and Destruction. The executable modifies and destructs files which are not temporary. 2. Changes security settings of Internet Explorer. This system alteration could seriously affect safety surfing the World Wide Web. bartstals.be - Belgium bartstals.be - Netherlands (by instep.be) Direct 3. Performs Registry Activities. The executable creates and/or gdoehling.de (via gdoehling.de - Germany gdoehling.de - Germany (by strato.de) 3 23/01/2013 Deposit Bank Yes No Yes - Basic rogercbryan.com modifies registry entries. No - Yes No direct.nacha.org bartstals.be) rogercbryan.com - USA rogercbryan.com - USA (by softlayer.com) Yes Criminal No (ISP background 180.248.23.146 - Yes tpg.com.au listed 4 23/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 180.248.23.146 (no Whois record) - 180.248.23.146 - Indonesia (by telkom.net.id) as recipient) nadaorganics.com - USA (by GoDaddy.com) lifeflowki.com - No DNS record 1. Watches MSN Messenger (msmsgs.exe) cswineimports.com - Yes nadaorganics.com - Australia (lifeflowki.com) cswineimports.com - USA (by lunarpages.com) Direct cswineimports.com (via (Network Solutions Private cswineimports.com - Unknown maxime-tortelier.com - Germany (by 5 24/01/2013 Deposit Bank Yes No Yes - Basic maxime-tortelier.com 2. Watches the Windows login (winlogon.exe) No - Yes No direct.nacha.org nadaorganics.com) Registration) maxime-tortelier.com - France oneandone.net) Yes Fake No (yahoo.com emergency 187.151.36.39 - Yes listed as 6 24/01/2013 warning Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 187.151.36.39 (no Whois record) - 187.151.36.39 - Mexico (by UNINET.NET.MX) recipient) ties.itu.int (International Telecommunication Union) - Switzerland aroni.com.tr - Turkey (by gridtelekom.com / bn.by - Belarus (ties.itu.int) grid.com.tr) Viagra / aroni.com.tr - Turkey (veriturk.com) marijuanarxmedicine.com - UK (by 7 26/01/2013 Stamina Yes No No aroni.com.tr 1. Redirects to marijuanarxmedicine.com No - Yes No None mail.bn.by (via mail.bn) marijuanarxmedicine.com - Russia (cheapbox.ru) as29550.net) Yes Criminal No (ISP background 41.135.96.182 - Yes (no Whois 41.135.96.182 - South Africa (by mweb.com, tpg.com.au listed 8 27/01/2013 check Yes No Yes - Basic amazonaws.com No - Yes No yahoo.com 41.135.96.182 record) - via mweb.co.za, optinet.net) as recipient) TOTAL 7/8 0 6/7 0 7/8 0 5/8 January SPAM emails were analysed on 14/02/2013, therefore some links were no longer active (eg. Amazon Web Services)