Thursday, January 14, 2016

URGENT RFQ (MORE VIRUS)

Dear Sir,

We sent you an order inquiry last week, but we did not receive any response from your regarding our order.

ATTACHED is a copy of NEW ORDER LIST for December Shipment. Please let me know the availability and your best prices of MATERIALS MARKED IN BLUE.

We will be waiting for your quotation.

Best Regards,
Roy
Al Nasser LLC

Virus analysis :

RFQ NO (14203) JAN DELIVERY ETA ETD PMM 01062016 jpeg1..ace

SHA256 : dacb8ff543c462f954500431f2a795a24ed10fa454cd7f27e3f0f1787dbe58fa
AVG : MSIL9.BEMV
Ad-Aware : Gen:Variant.Zusy.175290
Arcabit : Trojan.Zusy.D2ACBA
Avast : MSIL:Injector-NE [Trj]
BitDefender : Gen:Variant.Zusy.175290
Cyren : W32/Trojan.ZNMT-3910
DrWeb : Trojan.PWS.Siggen1.45471
ESET-NOD32 : a variant of MSIL/Injector.NLR
Emsisoft : Gen:Variant.Zusy.175290 (B)
F-Prot : W32/Trojan3.TDU
F-Secure : Gen:Variant.Zusy.175290
Fortinet : PossibleThreat.P0
GData : Gen:Variant.Zusy.175290
Ikarus : Evilware.Outbreak
Kaspersky : Trojan-PSW.Win32.Tepfer.psxdsw
MicroWorld-eScan : Gen:Variant.Zusy.175290
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Sophos : Mal/DrodAce-A

RFQ#Requirments Quote list ETD 05012015 RFxNumber 6200133094 jpeg2..ace

SHA256 : b7dd4530f2b97c33d1ea6df114d8fd7a9a6c6b1b78288394fbcf175b182e4da0
AVG : MSIL9.BEMV
Ad-Aware : Gen:Variant.Zusy.175290
Arcabit : Trojan.Zusy.D2ACBA
Avast : MSIL:Injector-NE [Trj]
Avira : TR/Dropper.MSIL.242773
BitDefender : Gen:Variant.Zusy.175290
Cyren : W32/Trojan.PNIW-7381
DrWeb : Trojan.PWS.Siggen1.45471
ESET-NOD32 : a variant of MSIL/Injector.NLR
Emsisoft : Gen:Variant.Zusy.175290 (B)
F-Secure : Gen:Variant.Zusy.175290
Fortinet : PossibleThreat.P0
GData : Gen:Variant.Zusy.175290
Ikarus : Evilware.Outbreak
Kaspersky : Trojan-PSW.Win32.Tepfer.psxdsx
MicroWorld-eScan : Gen:Variant.Zusy.175290
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Sophos : Mal/DrodAce-A

Email analysis :

NOTE : brainkings24@gmail.com
NOTE : ecos@atr.ecos.kz
NOTE : Received : from [142.54.171.74] (helo=User)


NOTE : by ecos.kz

Urgent RQF

Dear Sir,

We sent you an order inquiry last week, but we did not receive any response from your regarding our order.

ATTACHED is a copy of NEW ORDER LIST for December Shipment. Please let me know the availability and your best prices of MATERIALS MARKED IN BLUE.

We will be waiting for your quotation.

Best Regards,
Roy
Al Nasser LLC
Proforma Invoice

RFQ#Requirments Quote list ETA ETD 05012015 RFxNumber 6200133094 jpeg.ace

Virus analysis :

DrWeb : Trojan.PWS.Stealer.15120
ESET-NOD32 : a variant of MSIL/Injector.NLF
Qihoo-360 : HEUR/QVM03.0.Malware.Gen 20160105
Sophos : Mal/DrodAce-A 20160105

Email analysis :

NOTE : prabhukumar59@yahoo.com
NOTE : ecos@atr.ecos.kz
NOTE : 185.22.65.41 (mail.ecos.kz)


NOTE : Received : from [142.54.171.74] (helo=User) by ecos.kz

JOHN EMERSON

Attn:

We have deposited the check of your fund ($4.500`000`00USD) through Western Union department after our finally meeting regarding your fund, All you will do is to contact Western Union director Dr.JOHN EMERSON via E-mail: (western286union@gmail.com)He will give you direction on how you will be receiving the funds daily.Remember to send him your Full information to avoid wrong transfer such as,

Receiver's Name_______________
Address: ________________
Country: _____________
Phone Number: _____________

Though, MR JOHN EMERSON has sent $5000 in your name today so contact Dr.kelvin jeo or you call him (+229-68473322)as soon as you receive this email and tell him to give you the Mtcn sender name and question/answer to pick the $5000 Please let us know as soon as you received all your fund,

Best Regards.

Email analysis :

NOTE : western286union@gmail.com
NOTE : commerceau01@gmail.com
NOTE : johnemer@cantv.net
NOTE : Received : from 41.216.48.87 ([41.216.48.87])
NOTE : by webmail-05.datacenter.cha.cantv.net

Scammer's last position :

Mr.Pascal Drissa (Libya Scam)

Good Day,

I am Mr.Pascal Drissa a senior staff with a financial Bank.

I want to let you know that the project is all about the transfer of the sum of US$6.7M which belongs to the late son of Libyan leader
Mr.Mutassim Gaddafi,

you should send your information for more details. I am waiting to hear from you soon.

thanks,
Mr.Pascal Drissa

Email analysis :

NOTE : P_drissa1@yahoo.com
NOTE : d.pascal782@laposte.net
NOTE : Received : by 66.196.81.118;

[Inquiry about your product (Alibaba Phishing)

The following message was generated on jan 2016(PST)

Lin Ning has sent you a new message

Dear Supplier,

You have received a message from Lin Ning on Alibaba.com

Lin Ning
Shenzhen Tongher Co., Ltd. Gold Member
China (Mainland)
Inquiry about your product

Hello, good day! Hope you will have a great day! I am Lin Ning from Shenzhen Tongher CO.,LTD. Our customer wants to place large order with your company for 8 x 40' " containers. Please kindly reply back to us with your company phone number and payment term so we can help the customer place the order. It is urgent.

Waiting for your reply! And best wishes to you from Lin Ning

Best Regards,

Lin Ning

Reply Now

Report Spam

Forgot password?

You are receiving this email because you are a registered member of Alibaba.com website.
To unsubscribe from future service emails, click here .
Read out Privacy Policy and Terms of Use
Alibaba.com Hong Kong Limited,
26/F Tower One,Times Square,1 Matheson Street,Causeway Bay,Hong Kong
If you encounter problems replying to this inquiry, please find help at or contact our service team immediately.
Free Member Service Center:alibaba@service.alibaba.com

Phishing analysis :

CLICK : Reply Now
OPEN : http://www.nsecollege.org/control/news/dhanush/login.jsp.html
SCREENSHOT :


NOTE : VALIDATE FORM
REDIRECT : http://tradeshow.alibaba.com/


Email analysis :

NOTE : security_update@alibaba.com
NOTE : Return-Path : < desmulmuis@desmulmuis.nl >
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : www.desmulmuis.nl
NOTE : X-Php-Script : www.desmulmuis.nl/content/Anyi1God.php for 154.118.60.84


NOTE : Received : from apache by panel.aeict.net with local (Exim 4.67)
NOTE : (envelope-from < desmulmuis@desmulmuis.nl >)
NOTE : [Inquiry about your product

nsecollege.org whois :

Registrant ID: 90b2c862431d5466
Registrant Name: Swapna Roy
Registrant Organization: Techno India Group
Registrant Street: Chatterjee International Centr
Registrant City: Kolkata
Registrant State/Province: WEST BENGAL
Registrant Postal Code: 700071
Registrant Country: IN
Registrant Phone: +91.3322176030
Registrant Fax: +91.3322176030
Registrant Email: ritam_73@hotmail.com

desmulmuis.nl whois :

Registrar:

AE-ICT bv
Uiterdijk 4
4191VJ GELDERMALSEN
Netherlands

Domain nameservers:

ns1.aeict.net
ns2.aeict.net