Your G8 Clearance Approval

European Union

PRESIDENT OF THE EUROPEAN COMMISSION. JOSE MANUEL BARROSO

Following Clearance Received From United Nation And The World Bank during the G8 Summit on April, 2016. Confirming You As The Genuine Beneficiary Of The Said Payment. We Are Hereby Informing You That the European commission Has Been Officially Adviced by the G20 summit and the world To Credit Your Fund Into Your Account Through our payment Bank (Citibank China) Within The Next 72 banking hours From Now.

Note that you have to make sure you make available the necessary credentials needed by our payment bank for your transfer to be done this week. Because after the meeting with the Secretary General of the European commission, your payment will be confiscated by EU by next month, so you have to make sure you contact Mr. John Winter of the Citibank today and I know you have his contact information below:

Mr. John Winter
Director, Financial Management Department Citibank China (FMDCBC)
Direct line: +862128966000
Email: johnwinter241@gmail.com
Email: officefile1963@gmail.co m
Office Address: Citigroup Tower. No.33 Hua Yuan Shi Qiao Road. Lu Jia Zui, Shanghai, 200120. China.

Your urgent call to him is important and also contact our office as soon as you receive your payment with citibank.

Congratulations.

PRESIDENT OF THE EUROPEAN COMMISSION.
JOSE MANUEL BARROSO
officefile1963@gmail.com

Email analysis :

NOTE : mrjohnteddy@gmail.com
NOTE : mdanielndoye@gmail.com
NOTE : officefile1963@gmail.com

Rép : FINANCING YOUR PROJECT

Fund available for investment please get in touch for more details.

Regional Representative
Sheikh Naseefa Investment Group Company

Telfax: +971 2413 0001

Email analysis :

NOTE : sheikhnaseefinvestmentgroup020@gmail.com
NOTE : User-Agent : Horde Application Framework 5
NOTE : Rép : FINANCING YOUR PROJECT
NOTE : client-ip=202.128.161.127;

Attention

The delivery of your package is currently ongoing with our Dip. Richard Great
and he has arrived at Washington DC International Airport with the package
Please send him your delivery details as stated below; contact info is;

@ phone# +1 828-756-0997 or text him in case he may be busy.

SINCERELY
Mr.Tony Dan

Email analysis :

NOTE : morganobeche@gmail.com
NOTE : gaelle.cohen@gmail.com
NOTE : markdon@cantv.net
NOTE : X-Originating-Ip : [23.27.244.254]

bernadette

Je me permets de vous contacter pour parler de mon expérience. J'ai rencontré un homme sur un site de rencontre du non de Didier Lapierre, et nous avons échangé nos adresses mail pour mieux converser, je me suis fait arnaquer sur le site de rencontre meetic: je me rends compte que je suis en communication avec exactement le même profil, juste un petit changement de nom. La personne avec qui je discute est Donald Thivolle, pseudo la force sur meetic, il me dit d’être sur Angers, que son meilleur ami s’appelle Pascal Pichon. Qu’il a dû partir en Italie pour son fils Thomas qui doit subir un greffe de poumon. Que pour cela, il faut qu’il paye 14 000€. Il m’a demandé si je pouvais l’aider, et c’est malheureusement ce que j’ai fait, avec un mandat cash urgent envoyé hier de 1 200€, au frère de son ami, un soi-disant Mallet Christophe, habitant allée de Beauregard, 37200 Tours Quand je lis les témoignages, j’ai eu le même discours. Ce qui me perturbe vraiment, c’est que je l’ai eu au téléphone et il a bien un accent polonais, je l’ai eu en webcam et c’est bien la même personne que sur les photos. Cela me détruit, car j’y croyais vraiment Ensuite, il me demanda une somme de 1800 euros, car il devait payer sa chambre d'hôtel, car on lui menaçait de le jeter à la porte-là, j'ai commencé à douter de sa sincérité alors j'ai exposé mon cas à une amie qui, ma mise en contact avec Mr George Arthuro qui est un agent Interpole qui m'a beaucoup aidé. En effet, il m'a démonté que s'était de l'arnaque alors il m'a aidé à récupérer tout mon argent Voici L'Adresse : lieutenant.george.arthuro@francemel.fr pour ceux qui sont dans une situation d'arnaque.

Email analysis :

NOTE : bernadette2011@hotmail.fr
NOTE : lieutenant.george.arthuro@francemel.fr

Oxfam Donation!!!

Dear E-mail Account User,

Congratulations! You e-mail has just won you the sum of $3,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you so get back to us for more information.

Email analysis :

NOTE : oxfaminternational786@gmail.com
NOTE : aldila@yes24.co.id
NOTE : Received : from User (8ta-146-92-50.telkomadsl.co.za [41.146.92.50])

NOTE : (Authenticated sender: aldila@yes24.co.id) by mail.hanastar.net.id

< no subject >

2016111105002973550858.zip

File analysis :

Download : 2016111105002973550858.zip
Result : 2016111105002973550858.zip is a virus.

Virus analysis :

ALYac Trojan.JS.Downloader.GYQ
AVG JS/Downloader.Agent.62_I
AVware Trojan-Downloader.JS.Nemucod.bbp (v)
Ad-Aware Trojan.JS.Downloader.GYQ
AegisLab Troj.Downloader.Js.Cryptoload!c
AhnLab-V3 JS/Obfus
Antiy-AVL Trojan/Generic.ASVCS3S.3F7
Arcabit Trojan.JS.Downloader.GYQ
Avast JS:Downloader-DSB [Trj]
Avira (no cloud) HEUR/Suspar.Gen
Baidu JS.Trojan-Downloader.Nemucod.od
BitDefender Trojan.JS.Downloader.GYQ
CAT-QuickHeal JS.Locky.JE
Cyren JS/Nemucod.CA2
DrWeb JS.DownLoader.1225
ESET-NOD32 JS/TrojanDownloader.Nemucod.BMK
Emsisoft Trojan.JS.Downloader.GYQ (B)
F-Prot JS/Nemucod.CA2
F-Secure Trojan.JS.Downloader.GYQ
Fortinet JS/Nemucod.BDA!tr
GData Trojan.JS.Downloader.GYQ
Ikarus Trojan-Downloader.JS.Nemucod
K7AntiVirus Trojan ( 004dfe6d1 )
K7GW Trojan ( 004dfe6d1 )
Kaspersky Trojan-Downloader.JS.Agent.nbi
McAfee JS/Nemucod.jg
McAfee-GW-Edition JS/Nemucod.jg
eScan Trojan.JS.Downloader.GYQ
Microsoft TrojanDownloader:JS/Nemucod!rfn
NANO-Antivirus Trojan.Script.Heuristic-js.iacgm
Rising Downloader.Cryptoload!8.7DA (topis)
Sophos Mal/DrodZp-A
Symantec Trojan.Gen.NPE
Tencent Js.Trojan.Raas.Auto
TrendMicro JS_NEMUCOD.SMK14
VIPRE Trojan-Downloader.JS.Nemucod.bbp (v)

Final result :

I opened the virus, and the raw version of this virus is here : http://pastebin.com/raw/FVM8wh4v

This virus sounds like a ransomware...

Email analysis :

NOTE : diann.laughton99@winterbrew.com
NOTE : User-Agent : Microsoft-MacOutlook/14.0.0.100825
NOTE : Received : from customer-SLRC-130-213.megared.net.mx
NOTE : (unknown [201.164.130.213])

!!!World Bank Notification!!!

Attention: Beneficiary

The office of the European Union, the President Federal Republic of Nigerian (Mohammed Buhari), the CIA, FBI, EFCC, British Government, American Government and United Nations Organization in Benin Republic, Ghana, Burkina Faso, Malaysia, South Africa, Togo, Senegal in collaboration with UK (London) Anti-Crime Squad received a report of fund transaction/scam against you and other British, US and Asian citizens including other countries whom the aforementioned countries vital offices/authorities have recompensed you due to meeting held with the International Financial Agency, the IMF, four countries Government and the World High Commission against fraud and other international fund transaction activities by the four country Citizens during the recent G20 and ACSP meeting. Your name was among those approved listed beneficiary to be paid by the International Financial Intelligent Unit (NFIU) through the United Nations account holder bank.

You are to contact the UN appointed officer immediately for the release/transfer of your approved compensation fund valued $750,000.00 United States Dollars only. With matter of urgency, you are to reconfirm to the UN appointed officer your full data as follows:

A)Your Full Name, B) Present Address, C) Home and Mobile Telephone Numbers, D) Occupation, E) Company Name and Position.

As soon as you send this information to the officer he will direct you accordingly on the release of your Fund. You are to contact Mr.Mensha Baah Head supervisor with the information below, for the release of your fund now.

Contact Person: Mr.Mensha Baah.
C/8815 off Ring Road, P.O.Box 2515
Cadastral, Zone A, Central Business District
Accra-Ghana.
Email: officeunited@yahoo.com.hk
smtp.office365.com:587
Yours in Service,

Maria Colgate (Secretary Foreign Affair)
World Bank Payment Monitoring Unit.
1818 H Street, N.W.Washington, DC 20433

Email analysis :

NOTE : officeunited@yahoo.com.hk
NOTE : prova@thsbo.com
NOTE : Ms.Maria Colgate
NOTE : Received : from User (unknown [154.118.65.101])

NOTE : by mail.thsbo.com (Postfix)

Website Design/Development and Google Ranking Proposal

Hi,

Greetings,

Hope you are doing well.

I am Kelly Bell working as a Website Consultant of IT Company. I can share more details and portfolio of my company in next email if you are interested.

We deliver following services:-
- Website Design and Development
- Website Online Marketing: SEO, SMO, SEM
- Mobile Application Development – iOS, Android

We have an in-house design and development team who can assist you in above services on reasonable cost with high-quality deliverables.

Please contact us, if you are interested.

Warm Regards,
Kelly Bell
Website Consultant
www.***.com

Disclaimer: Thank you for reading this. In the event that you do not wish me to contact you again, simply send an email with Unsubscribe as a subject line.

Email analysis :

NOTE : kelly@saleguru.biz
NOTE : X-Mailer : Microsoft Outlook 16.0
NOTE : Mime-Version : 1.0
NOTE : 98.138.207.10

Article N° 1606281234CZF9E (Phishing Cdiscount)

Cdiscount

Bonjour,

Félicitation vous etes GAGNANT du: 3eme Prix: iPad Air 2.
Pour plus d'informations, veuillez acceder a notre page :

Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%

A bientôt,
Votre Service Client
Cdiscount

Cdiscount, C aussi...

... la fourmilière, un espace d’échange entièrement dédié à la Relation Clients de Cdiscount.
Retrouvez sur la Fourmilière, un forum pour vous exprimer et partager votre expérience avec les autres clients Cdiscount. Mais aussi des guides pratiques, des actus, des tutoriaux et un médiateur pour vous informer et vous guider tout au long de vos commandes !

🏈 Offre exceptionnelle pour France/Australie Si vous ne visualisez pas bien cet e-mail, cliquez ici OFFRE EXCEPTIONNELLE Bénéficiez dès aujourd'hui d'une réduction de - 40 %* sur les derniers billets mis en vente pour le match France / Australie FRANCE / AUSTRALIE Samedi 19 novembre 2016 à 21h00 au Stade de France *Offre valable uniquement sur les catégories 6 et 9 dans la limite des places disponibles Pour vous désabonner, cliquez ici

Phishing screenshot :

Email analysis :

NOTE : Cadeau_iPad_Air_2-Cdiscount@mail.live.fr

Phishing analysis :

CLICK : Http://cdiscount.com/espace.client.securise%90PANNE20%CASSE_Projet%20%Fiche20%
OPEN : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0ahUKEwi0xLz3naPQAhVCuRQKHVx3AiwQFgglMAI&url=http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F&usg=AFQjCNHlFFJAM-e7Ef16rEjcZMCdBNewPA&sig2=rLcfO8_NS1EXdCvy21UNVA&bvm=bv.138493631,d.d2s&cad=rja
SPLIT : http%3A%2F%2Fcarambolabykids.com.br%2Fcategoria-produto%2Fbebe-menina%2Fconjunto-verao%2F
DECODE : http://carambolabykids.com.br/categoria-produto/bebe-menina/conjunto-verao/
OPEN URL : REDIRECT
REDIRECT : http://archicad.kark.fi/js/Cdiscount/Cadeau_iPad_Air_2/
NOTE : Phishing was removed.