Sunday, March 8, 2015

Please Read Very Important

Dear Sir/Madam,

Greetings from Esterad Investment Company and I hope this email reach out to you in good health.

I am pleased to contact you on a business platform haven noted your good background in business and investment sector in your region.

We are Esterad Investment Company a Bahraini investment group based in Manama, we are interested on a direct private bridge financing (soft loan). We offer both short term and long term investment loan with good financial background and we are interested in funding project(s) depending on how lucrative and turn out of the project/ business sector.

We are open for possible business discussion and are willing to move the funding procedures as soon as you indicate your interest to collaborate with us, If you have any lucrative project with a detailed business plan regardless of the business sector and the region, kindly provide me a detailed business plan for my review and valuation.

Allah Bless and protect our path as we join into this possible business venture, get back to me in my private email at joshi.zaman65@gmail.com

Best regards,
Mr. Joshi Zaman.
Senior Manager Investment & Loans.
Esterad Investment Company

Email analysis :

NOTE : joshi.zaman65@gmail.com
NOTE : sybilli@wawel-service.com.pl
NOTE : Received : from User (unknown [5.34.244.162])
NOTE : by wawelservice.nazwa.pl

HSBC Payment (Virus)

Sir/Madam

Upon your request, attached please find payment e-Advice for your reference.


HSBC

***************************************************************************

We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by e-mail or otherwise to ask you to validate personal information such as your user ID, password, or account numbers. If you receive such a request, please call our Direct Financial Services hotline.

Please do not reply to this e-mail. Should you wish to contact us, please send your e-mail to commercialbanking@hsbc.com.hk and we will respond to you.

Note: it is important that you do not provide your account or credit card numbers, or convey any confidential information or banking instructions, in your reply mail.

Copyright. The Hongkong and Shanghai Banking Corporation Limited 2015. All rights reserved.

***************************************************************************

HSBC-2739.zip

Analysis :

OPEN : HSBC-2739.zip
NOTE : HSBC-2739.zip is a virus

Virus analysis :

ALYac : Trojan.GenericKD.2203557
AVG : Generic_s.EHP
AVware : Trojan.Win32.Generic.pak!cobra
Ad-Aware : Trojan.GenericKD.2203557
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Angles.24012
Baidu-International : Trojan.Win32.Upatre.vje
BitDefender : Trojan.GenericKD.2203557
ClamAV : Win.Trojan.Agent-851779
Cyren : W32/Trojan.IATT-2425
DrWeb : Trojan.Upatre.144
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Emsisoft : Trojan.GenericKD.2203557 (B)
F-Prot : W32/Trojan3.OGD
F-Secure : Trojan.GenericKD.2203557
Fortinet : W32/Upatre.VJE!tr
GData : Trojan.GenericKD.2203557
Ikarus : Trojan.Win32.Emotet
K7AntiVirus : Trojan-Downloader ( 0048f6391 )
K7GW : Trojan-Downloader ( 0048f6391 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vje
Malwarebytes : Trojan.Upatre.FD
McAfee : RDN/Generic Downloader.x!mv
McAfee-GW-Edition : RDN/Generic Downloader.x!mv
MicroWorld-eScan : Trojan.GenericKD.2203557
Microsoft : TrojanDownloader:Win32/Upatre
Qihoo-360 : Win32/Trojan.d51
Sophos : Troj/Dyreza-DF
Symantec : Downloader.Upatre
TotalDefense : Win32/Tnega.fAAdaN
TrendMicro : TROJ_FR.97949EA3
TrendMicro-HouseCall : Suspicious_GEN.F47V0307
VIPRE : Trojan.Win32.Generic.pak!cobra
ViRobot : Trojan.Win32.S.Agent.29696.ASK[h]

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Return-Path : < no-replay@hsbc.co.uk >
NOTE : X-Ovh-Remote : 221.155.165.78 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO hsbc.co.uk) (221.155.165.78)
NOTE : HSBC Payment

From Joshi Zaman

Dear Sir/Madam,

Greetings from Esterad Investment Company and I hope this email reach out to you in good health.

I am pleased to contact you on a business platform haven noted your good background in business and investment sector in your region.

We are Esterad Investment Company a Bahraini investment group based in Manama, we are interested on a direct private bridge financing (soft loan). We offer both short term and long term investment loan with good financial background and we are interested in funding project(s) depending on how lucrative and turn out of the project/ business sector.

We are open for possible business discussion and are willing to move the funding procedures as soon as you indicate your interest to collaborate with us, If you have any lucrative project with a detailed business plan regardless of the business sector and the region, kindly provide me a detailed business plan for my review and valuation.

Allah Bless and protect our path as we join into this possible business venture, get back to me in my private email at joshi.zaman65@gmail.com

Best regards,
Mr. Joshi Zaman.
Senior Manager Investment & Loans.
Esterad Investment Company

Email analysis :

NOTE : sybilli@wawel-service.com.pl
NOTE : joshi.zaman65@gmail.com
NOTE : X-Msmail-Priority : Normal
NOTE : Return-Path : < sybilli@wawel-service.com.pl >
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/plain; charset="Windows-1251"
NOTE : Received-Spf : client-ip=85.128.247.168;
NOTE : Received : from aom168.rev.netart.pl (aom168.rev.netart.pl. [85.128.247.168])
NOTE : Received : from User (unknown [74.91.25.121]) by wawelservice.nazwa.pl (Postfix)
NOTE : From Joshi Zaman

Rép : UNITED STATES DEPARTMENT OF JUSTICE

Federal Bureau of Investigation (FBI)
Counter-terrorism Division and Cyber Crime Division
J. Edgar. Hoover Building Washington DC

Dear Beneficiary,

Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization. This ended 3 days ago. It is obvious that you have not received your fund which is to the tune of Eight Million and Five Hundred Thousand United State Dollars ($8,500,000.00) due to past corrupt Governmental Officials who almost held the fund to themselves for their selfish reason and some individuals who have taken advantage of your fund all in an attempt to swindle your fund which has led to so many losses from your end and unnecessary delay in the receipt of your fund.

The National Central Bureau of Interpol enhanced by the United Nations and Federal Bureau of Investigation have successfully passed a mandate to the current president of Nigeria his Excellency President Good luck Jonathan to boost the exercise of clearing all foreign debts owed to you and other individuals and organizations who have been found not to have receive their Contract Sum, Lottery/Gambling, Inheritance and the likes. Now how would you like to receive your payment? Because we have two method of payment which is by Check or by ATM card?

ATM Card: We will be issuing you a custom pin based ATM card which you will use to withdraw up to $3,000 per day from any ATM machine that has the Master Card Logo on it and the card have to be renewed in 4 years time which is 2018. Also with the ATM card you will be able to transfer your funds to your local bank account. The ATM card comes with a handbook or manual to enlighten you about how to use it. Even if you do not have a bank account.

Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via DHL. Because we have signed a contract with DHL which should expire in next three weeks you will only need to pay $300 instead of $720 saving you $420 So if you pay before the three weeks you save $420 Take note that anyone asking you for some kind of money above the usual fee is definitely a fraudsters and you will have to stop communication with every other person if you have been in contact with any. Also remember that all you will ever have to spend is $300.00 nothing more! Nothing less! And we guarantee the receipt of your fund to be successfully delivered to you within the next 48hrs after the receipt of payment has been confirmed.

Note: Everything has been taken care of by the Federal Government of Nigeria, The United Nation and also the FBI and including taxes, custom paper and clearance duty so all you will ever need to pay is $300.

DO NOT SEND MONEY TO ANYONE UNTIL YOU READ THIS: The actual fees for shipping your ATM card is $420 but because DHL have temporarily discontinued the C.O.D which gives you the chance to pay when package is delivered for international shipping We had to sign contract with them for bulk shipping which makes the fees reduce from the actual fee of $420 to $300 nothing more and no hidden fees of any sort!

To effect the release of your fund valued at $8,500,000.00 you are advised to contact our correspondent in Africa the delivery officer Phillip MacWilliam with the information below,

Name: Phillip MacWilliam
Email: macwilphilaccess@gmail.com

You are advised to contact him with the information's as stated below:

Your full Name..
Your Address:..............
Home/Cell Phone:..............
Preferred Payment Method (ATM / Cashier Check)

Upon receipt of payment the delivery officer will ensure that your package is sent within 48 working hours. Because we are so sure of everything we are giving you a 100% money back guarantee if you do not receive payment/package within the next 48hours after you have made the payment for shipping.

Yours sincerely,

NICHOLAS STORY
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON, D.C. 20535
TELEPHONE: (347) 471-0196
FAX: (347) 666-5283

Note: Do disregard any email you get from any impostors or offices claiming to be in possession of your ATM CARD, you are hereby advice only to be in contact with Phillip MacWilliam of the ATM CARD CENTRE who is the rightful person to deal with in regards to your ATM CARD PAYMENT and forward any emails you get from impostors to this office so we could act upon and commence investigation.

Email analysis :

NOTE : williamphillip01@yahoo.com.ph
NOTE : freq@rtv.gov.sy
NOTE : Received : from User (unknown [211.108.69.229])
NOTE : by mail.zs-info.cn (Postfix)
NOTE : X-Remote : 61.164.112.6 ()