Thursday, February 2, 2017

Service client : Sécuriser votrᥱ Cybᥱrplus ! (Phishing Banque Populaire)

Bonjour

Le département technique procède à une mise à jour de logiciel programmée de
façon à améliorer la qualité de nos services . Nous vous demandons avec
bienveillance de sécuriser votre Cyberplus .

21-01-2017 : Régulation de votre dossier en linge.

Nous vous remercions de votre confiance.
Cordialement
Conseil Clientèle.

Email analysis :

NOTE : noreply@nej.fr
Received : from 184.164.74.221

Phishing analysis :NOTE :

CLICK : http://opticaguadalquivir.es/puce
REDIRECT : http://www.tailors-hostel.com/gestion/txt/-/ilon/resf/Pages/
SCREENSHOT :

No comments:
Labels : , , ,

Microsoft account termination request in progress. (Microsoft Phishing, Swisscom Phishing, Directory listing)

Microsoft Security info

We received a message from you requesting for your account termination, please ignore this message if the request was from you. Your account would be deleted from our system in the next 24 hours.

(Note: All mails in your inbox, spam, draft, and sent items would be terminated, and access to your account would be denied.)

Click on cancel request if the message wasn't from you.

CANCEL REQUEST

Cancel the termination request to keep enjoying Microsoft!

Thanks,

The Microsoft account team.

Safety Certification Copyright © 2017 Microsoft

Phishing analysis :

SCREENSHOT :


CLICK : http://ow.ly/***
RESULT : A BASE64 is loaded in the url bar.
RESULT : data:text/html;base64,
SCREENSHOT :


RESULT : Microsoft phishing
CODE SOURCE ANALYSIS : form action="http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/result.php
NOTE : Another wordpress website hacked...
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/


RESULT : Repository of phishing.
GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/bluewin


RESULT : Swisscom Phishing


GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/pahgy/


RESULT : Microsoft phishing

GO TO : http://dolphinsclubtema.org/wp-includes/js/mine/viko/


RESULT : Microsoft phishing
No comments:
Labels : , , , , ,

Mr.David Kamau

I am the final signatory to all foreign transfers of huge funds moving within banks both the local and international levels in line to foreign contracts settlement. I have before me the list of foreign contract payment files, which are due to be transferred to their nominated accounts. Meanwhile, we identified some of these accounts to be ghost accounts, unclaimed deposits and over invoiced sum etc. I wish to have a deal with you as regards to the unpaid fund. I have a file before me and hope the date's are correct and UN-tampered. As it is my duty to recommend the transfer of these surplus fund to the Federal Government Treasury and Reserve Accounts as unclaimed deposit. I have the opportunity to write you based on the instruction I received two days ago from the senate committee on contract payment/foreign debts to submit the list of payment reports expenditures and audited reports of revenues. Among several others, I have decided to remit the total sum of USD15.2 million following Mr.David Kamau.

Email analysis :

NOTE : mr.davidkamau1@yahoo.com
NOTE : mrdavidkamau1@gmail.com
NOTE : X-Rocketymmf : bsobeab
NOTE : Received : from [41.86.234.171]


NOTE : by web101604.mail.kks.yahoo.co.jp
No comments:
Labels : , ,

Letter From Hospital

My Dearest One, This is Ms Mariam Mubarak Mustafa from Trinidad &Tobago. I am writing from the hospital in Ivory Coast, therefore this mail is very urgent, I am dying in the hospital which I don't know what tomorrow will be. I was told by my doctor that I was poisoned and has got my liver damaged

I have an orphan child, named Kofi Peter and $12.6 million Dollars I inherited from my late father, my step mother and her children are after Kofi because he knows about the poison,

Kindly get back to me

May Almighty God bless you and use you to accomplish my wish. Pray for me always.

Ms Mariam Mubarak Mustafa

Email analysis :

NOTE : mariam.n1883@gmail.com
NOTE : ceo.kofipeter1950@gmail.com
NOTE : X-Mailer : YahooMailWebService/0.8.111_70
NOTE : X-Rocketymmf : sk_44no
NOTE : Received : from [173.208.81.180]


NOTE : by web101201.mail.kks.yahoo.co.jp via HTTP
No comments:
Labels : , , ,

Wednesday, February 1, 2017

Inheritance !

Did you get my previous email of your Thirty million dollars inheritance funds

Email analysis :

NOTE : barr.chambers@yahoo.ie
NOTE : ychreim@ul.edu.lb


NOTE : Received : from MBOX2.ul.edu.lb ([fe80::c9fd:276c:6116:a018])
NOTE : by MBOX2.ul.edu.lb ([fe80::c9fd:276c:6116:a018%21]) with mapi id 15.00.1210.000;
NOTE : Received : from MBOX2.ul.edu.lb (192.168.1.214)
NOTE : by mbox1.ul.edu.lb (192.168.1.213) with Microsoft SMTP Server (TLS) id 15.0.1210.3;
NOTE : Received : from smg1.ul.edu.lb (smg1.ul.edu.lb. [77.42.251.25])


NOTE : X-Originating-Ip : [41.56.106.125]


Conclusion

The ul.edu.lb server was used to relay this scam. Account : ychreim
No comments:
Labels : , ,

Tuesday, January 31, 2017

Our USPS courier can not contact you parcel # 781125158 (Virus)

Hello,

Your parcel was successfully delivered at Fri, 27 Jan 2017 12:42:51 +0300
to USPS Station, but our courier cound not contact you.
You can find more details in this e-mail attachment!

All the best.
Alishia Rawe - USPS Station Manager.

Delivery-Details.zip

Email analysis :

NOTE : afoytaay7@maurerfunerals.com.au
NOTE : Received : from maurerfunerals.com.au
NOTE : (194-28-243-94.pppoe.scatplus.ru [194.28.243.94])


File analysis :

OPEN : Delivery-Details.zip
SHA256 : 0ec1592225d89afbe04e8d15a16dfbd95b45864e31a60b0dea1d0529367acf50
RESULT : FILE IS A VIRUS

Virus analysis :

ALYac : Trojan.JS.Downloader.HMV
Ad-Aware : Trojan.JS.Downloader.HMV
AegisLab : Troj.Downloader.Script!c
AhnLab-V3 : JS/Obfus
Antiy-AVL : Trojan[Downloader]/JS.Nemucod
Arcabit : Trojan.JS.Downloader.HMV
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.JS.Downloader.HMV
CAT-QuickHeal : JS.Nemucod.BQN
Cyren : JS/Agent.WN!Eldorado
DrWeb : JS.DownLoader.3302
ESET-NOD32 : JS/TrojanDownloader.Nemucod.CBS
Emsisoft : Trojan.JS.Downloader.HMV (B)
F-Prot : JS/Agent.WN!Eldorado
F-Secure : Trojan.JS.Downloader.HMV
Fortinet : JS/Nemucod.D27C!tr
GData : Trojan.JS.Downloader.HMV
Ikarus : Trojan-Downloader.JS.Nemucod
Kaspersky : HEUR:Trojan-Downloader.Script.Generic
McAfee : JS/Nemucod.on
McAfee-GW-Edition : JS/Nemucod.on
eScan : Trojan.JS.Downloader.HMV
Microsoft : TrojanDownloader:JS/Nemucod
NANO-Antivirus : Trojan.Script.Heuristic-js.iacgm
Rising : Downloader.Nemucod!8.34-jtWRudNFo0M (cloud)
Sophos : JS/DwnLdr-RHP
Symantec : Trojan.Gen.7
Tencent : Js.Trojan.Raas.Auto

File analysis :

The file contains 3 elements,

- 1 JS script Delivery-Details.js
- 2 blank filename with hashed content.

To have more information about this virus, contact me contact@scam.cz
No comments:
Labels : , , , , ,
Subscribe to: Posts (Atom)
Copyright © Scam.cz | Created by Rbcafe