Wednesday, November 16, 2016

Oxfam Donation!!!

Dear E-mail Account User,

Congratulations! You e-mail has just won you the sum of $3,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you so get back to us for more information.

Email analysis :

NOTE : oxfaminternational786@gmail.com
NOTE : aldila@yes24.co.id
NOTE : Received : from User (8ta-146-92-50.telkomadsl.co.za [41.146.92.50])


NOTE : (Authenticated sender: aldila@yes24.co.id) by mail.hanastar.net.id

< no subject >


2016111105002973550858.zip

File analysis :

Download : 2016111105002973550858.zip
Result : 2016111105002973550858.zip is a virus.

Virus analysis :

ALYac Trojan.JS.Downloader.GYQ
AVG JS/Downloader.Agent.62_I
AVware Trojan-Downloader.JS.Nemucod.bbp (v)
Ad-Aware Trojan.JS.Downloader.GYQ
AegisLab Troj.Downloader.Js.Cryptoload!c
AhnLab-V3 JS/Obfus
Antiy-AVL Trojan/Generic.ASVCS3S.3F7
Arcabit Trojan.JS.Downloader.GYQ
Avast JS:Downloader-DSB [Trj]
Avira (no cloud) HEUR/Suspar.Gen
Baidu JS.Trojan-Downloader.Nemucod.od
BitDefender Trojan.JS.Downloader.GYQ
CAT-QuickHeal JS.Locky.JE
Cyren JS/Nemucod.CA2
DrWeb JS.DownLoader.1225
ESET-NOD32 JS/TrojanDownloader.Nemucod.BMK
Emsisoft Trojan.JS.Downloader.GYQ (B)
F-Prot JS/Nemucod.CA2
F-Secure Trojan.JS.Downloader.GYQ
Fortinet JS/Nemucod.BDA!tr
GData Trojan.JS.Downloader.GYQ
Ikarus Trojan-Downloader.JS.Nemucod
K7AntiVirus Trojan ( 004dfe6d1 )
K7GW Trojan ( 004dfe6d1 )
Kaspersky Trojan-Downloader.JS.Agent.nbi
McAfee JS/Nemucod.jg
McAfee-GW-Edition JS/Nemucod.jg
eScan Trojan.JS.Downloader.GYQ
Microsoft TrojanDownloader:JS/Nemucod!rfn
NANO-Antivirus Trojan.Script.Heuristic-js.iacgm
Rising Downloader.Cryptoload!8.7DA (topis)
Sophos Mal/DrodZp-A
Symantec Trojan.Gen.NPE
Tencent Js.Trojan.Raas.Auto
TrendMicro JS_NEMUCOD.SMK14
VIPRE Trojan-Downloader.JS.Nemucod.bbp (v)

Final result :

I opened the virus, and the raw version of this virus is here : http://pastebin.com/raw/FVM8wh4v

This virus sounds like a ransomware...

Email analysis :

NOTE : diann.laughton99@winterbrew.com
NOTE : User-Agent : Microsoft-MacOutlook/14.0.0.100825
NOTE : Received : from customer-SLRC-130-213.megared.net.mx
NOTE : (unknown [201.164.130.213])

!!!World Bank Notification!!!

Attention: Beneficiary

The office of the European Union, the President Federal Republic of Nigerian (Mohammed Buhari), the CIA, FBI, EFCC, British Government, American Government and United Nations Organization in Benin Republic, Ghana, Burkina Faso, Malaysia, South Africa, Togo, Senegal in collaboration with UK (London) Anti-Crime Squad received a report of fund transaction/scam against you and other British, US and Asian citizens including other countries whom the aforementioned countries vital offices/authorities have recompensed you due to meeting held with the International Financial Agency, the IMF, four countries Government and the World High Commission against fraud and other international fund transaction activities by the four country Citizens during the recent G20 and ACSP meeting. Your name was among those approved listed beneficiary to be paid by the International Financial Intelligent Unit (NFIU) through the United Nations account holder bank.

You are to contact the UN appointed officer immediately for the release/transfer of your approved compensation fund valued $750,000.00 United States Dollars only. With matter of urgency, you are to reconfirm to the UN appointed officer your full data as follows:

A)Your Full Name, B) Present Address, C) Home and Mobile Telephone Numbers, D) Occupation, E) Company Name and Position.

As soon as you send this information to the officer he will direct you accordingly on the release of your Fund. You are to contact Mr.Mensha Baah Head supervisor with the information below, for the release of your fund now.

Contact Person: Mr.Mensha Baah.
C/8815 off Ring Road, P.O.Box 2515
Cadastral, Zone A, Central Business District
Accra-Ghana.
Email: officeunited@yahoo.com.hk
smtp.office365.com:587
Yours in Service,

Maria Colgate (Secretary Foreign Affair)
World Bank Payment Monitoring Unit.
1818 H Street, N.W.Washington, DC 20433

Email analysis :

NOTE : officeunited@yahoo.com.hk
NOTE : prova@thsbo.com
NOTE : Ms.Maria Colgate
NOTE : Received : from User (unknown [154.118.65.101])


NOTE : by mail.thsbo.com (Postfix)

Tuesday, November 15, 2016

Website Design/Development and Google Ranking Proposal

Hi,

Greetings,

Hope you are doing well.

I am Kelly Bell working as a Website Consultant of IT Company. I can share more details and portfolio of my company in next email if you are interested.

We deliver following services:-
- Website Design and Development
- Website Online Marketing: SEO, SMO, SEM
- Mobile Application Development – iOS, Android

We have an in-house design and development team who can assist you in above services on reasonable cost with high-quality deliverables.

Please contact us, if you are interested.

Warm Regards,
Kelly Bell
Website Consultant
www.***.com

Disclaimer: Thank you for reading this. In the event that you do not wish me to contact you again, simply send an email with Unsubscribe as a subject line.

Email analysis :

NOTE : kelly@saleguru.biz
NOTE : X-Mailer : Microsoft Outlook 16.0
NOTE : Mime-Version : 1.0
NOTE : 98.138.207.10

Article N° 1606281234CZF9E (Phishing Cdiscount)

Cdiscount

Bonjour,

Félicitation vous etes GAGNANT du: 3eme Prix: iPad Air 2.
Pour plus d'informations, veuillez acceder a notre page :

Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%

A bientôt,
Votre Service Client
Cdiscount

Cdiscount, C aussi...

... la fourmilière, un espace d’échange entièrement dédié à la Relation Clients de Cdiscount.
Retrouvez sur la Fourmilière, un forum pour vous exprimer et partager votre expérience avec les autres clients Cdiscount. Mais aussi des guides pratiques, des actus, des tutoriaux et un médiateur pour vous informer et vous guider tout au long de vos commandes !

🏈 Offre exceptionnelle pour France/Australie Si vous ne visualisez pas bien cet e-mail, cliquez ici OFFRE EXCEPTIONNELLE Bénéficiez dès aujourd'hui d'une réduction de - 40 %* sur les derniers billets mis en vente pour le match France / Australie FRANCE / AUSTRALIE Samedi 19 novembre 2016 à 21h00 au Stade de France *Offre valable uniquement sur les catégories 6 et 9 dans la limite des places disponibles Pour vous désabonner, cliquez ici

Phishing screenshot :


Email analysis :

NOTE : Cadeau_iPad_Air_2-Cdiscount@mail.live.fr

Phishing analysis :

CLICK : Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%
OPEN : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0ahUKEwi0xLz3naPQAhVCuRQKHVx3AiwQFgglMAI&url=http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F&usg=AFQjCNHlFFJAM-e7Ef16rEjcZMCdBNewPA&sig2=rLcfO8_NS1EXdCvy21UNVA&bvm=bv.138493631,d.d2s&cad=rja
SPLIT : http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F
DECODE : http://carambolabykids.com.br/categoria-produto/bebe-menina/conjunto-verao/
OPEN URL : REDIRECT
REDIRECT : http://archicad.kark.fi/js/Cdiscount/Cadeau_iPad_Air_2/
NOTE : Phishing was removed.

Monday, November 14, 2016

Ugly Spam

A Spam old as the Internet.


An ugly Spam.

Email analysis :

NOTE : owesly@rem.rem217.com
NOTE : authenticated_id: owesly/primary_hostname/system user
NOTE : Cheap-Day: 79% off, Coach Bags, Moncler and More!