Dear Friend,
My name is Wai Kim Chim; I am contacting you with regards to a
discreet and somewhat sensitive business asset available to my knowledge by virtue of my position. I will furnish you with further exclusive and of course, confidential details once I receive your affirmatory response.
Note : You are to respond to my private email : wkimbnk1@qq.com or just click "REPLY"
Faithfully,
WKM.
wkimchim@wonderproject.jp
Monday, April 20, 2015
Important Legal Business,
Very Important Business,
From Mrs Geena,
geenaahmad@aol.com
Hello Dear Friends,
My name is Mrs. Geena, Head of international Remittance department (Cimb Bank Malaysia). I was instructed by my bank to pay all our owed foreign contractors/inheritors who have not yet received their funds.
In the process of paying the beneficiaries, I came across a file as on unclaimed fund belonging to one of our foreign late customer who was a gorverment road contractor he came to my country some years ago. Unfortunately, the customer died along with the Malaysia Missing plane MH370.
Reason of sending this message to any foreigners who l can seek for his or her assistance to enable me transfer the late customer funds amount U,S.D. 6.5 Million out in my bank to your bank account in your country as business between us. We will offer you 45% percentage if you are interesting partner.
For confidential purpose please contact me on this my private Email: geeenaahmad@aol.com
Regards,
Mrs.Geena B.Ahmad.
From Mrs Geena,
geenaahmad@aol.com
Hello Dear Friends,
My name is Mrs. Geena, Head of international Remittance department (Cimb Bank Malaysia). I was instructed by my bank to pay all our owed foreign contractors/inheritors who have not yet received their funds.
In the process of paying the beneficiaries, I came across a file as on unclaimed fund belonging to one of our foreign late customer who was a gorverment road contractor he came to my country some years ago. Unfortunately, the customer died along with the Malaysia Missing plane MH370.
Reason of sending this message to any foreigners who l can seek for his or her assistance to enable me transfer the late customer funds amount U,S.D. 6.5 Million out in my bank to your bank account in your country as business between us. We will offer you 45% percentage if you are interesting partner.
For confidential purpose please contact me on this my private Email: geeenaahmad@aol.com
Regards,
Mrs.Geena B.Ahmad.
Saturday, April 18, 2015
do you remember me (Love Scam)
Hello
I am a down to earth, energetic, fun person. I work hard, and when its time to relax, I make the most of it. I would like to think that I am also the woman that my mother raised me to be. So, in some respects I am a bit old fashioned.
I'm not looking for the perfect man, just a man that would be perfect for me! Now here you are... you reading this complex profile, and me hoping to hear from you... if you are that mysterious male that has eluded me for so long! I almost sure you don't live in my neighborhood, because I have looked! I can only assume that you might live in some faraway place! So, now that you have found me, let me know that you are the one I seek.
If you want to know more then send me an email.
Sofiya
Email analysis :
NOTE : qymisom@ezkjjkbdgkabhccz.facebookmeets.com
NOTE : Received : from 50-88-247-129.res.bhn.net (HELO ezkjjkbdgkabhccz) (50.88.247.129)
NOTE : User-Agent : Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.2.93) Gecko/20080509 Thunderbird/2.0.0.23
I am a down to earth, energetic, fun person. I work hard, and when its time to relax, I make the most of it. I would like to think that I am also the woman that my mother raised me to be. So, in some respects I am a bit old fashioned.
I'm not looking for the perfect man, just a man that would be perfect for me! Now here you are... you reading this complex profile, and me hoping to hear from you... if you are that mysterious male that has eluded me for so long! I almost sure you don't live in my neighborhood, because I have looked! I can only assume that you might live in some faraway place! So, now that you have found me, let me know that you are the one I seek.
If you want to know more then send me an email.
Sofiya
Email analysis :
NOTE : qymisom@ezkjjkbdgkabhccz.facebookmeets.com
NOTE : Received : from 50-88-247-129.res.bhn.net (HELO ezkjjkbdgkabhccz) (50.88.247.129)
NOTE : User-Agent : Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.2.93) Gecko/20080509 Thunderbird/2.0.0.23
Thursday, April 16, 2015
Scanned Image from a Xerox WorkCentre (Virus)
Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.
Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip
WorkCentre Pro Location: Machine location not set
Device Name: ***.com
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Email analysis :
NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)
File analysis :
ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006
Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip
WorkCentre Pro Location: Machine location not set
Device Name: ***.com
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Email analysis :
NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)
File analysis :
ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006
ATTENTION PLEASE!!!!! (Diplomatic Scam)
FROM :
DIPLOMATIC AGENT I am a Diplomat named Mr. James Morgan , mandated to deliver your inheritance to you in your country of residence.The funds total US$7.5 Million and you were made the beneficiary of these funds by a benefactor whose details will be revealed to you after handing over the funds to you in accordance with the Agreement I signed with the benefactor when he enlisted my assistance in delivering the funds to you. I am presently at JFK Airport in the United States of America and before I can deliver the funds to you, you have to reconfirm the following information so as to ensure that I am dealing with the right person.
1.Full Name................
2.Residential Address ...............
3.Age ................................
4.Occupation ......................
5.Direct Telephone Numbers
After verification of the information with what I have on file,I shall contact you so that we can make arrangements on the exact time I will be bringing your package to your residential address. Send the requested information so that we can proceed.
Regards
Mr James Morgan
Email analysis :
NOTE : jm_morgan11@yahoo.com
NOTE : dejanz@eltosan.rs
NOTE : Received : from unknown (HELO EXCHANGE2010.eltosan.local) (212.200.54.100)
NOTE : Received : from User (197.228.213.211) by EXCHANGE2010.eltosan.local (192.168.2.203)
DIPLOMATIC AGENT I am a Diplomat named Mr. James Morgan , mandated to deliver your inheritance to you in your country of residence.The funds total US$7.5 Million and you were made the beneficiary of these funds by a benefactor whose details will be revealed to you after handing over the funds to you in accordance with the Agreement I signed with the benefactor when he enlisted my assistance in delivering the funds to you. I am presently at JFK Airport in the United States of America and before I can deliver the funds to you, you have to reconfirm the following information so as to ensure that I am dealing with the right person.
1.Full Name................
2.Residential Address ...............
3.Age ................................
4.Occupation ......................
5.Direct Telephone Numbers
After verification of the information with what I have on file,I shall contact you so that we can make arrangements on the exact time I will be bringing your package to your residential address. Send the requested information so that we can proceed.
Regards
Mr James Morgan
Email analysis :
NOTE : jm_morgan11@yahoo.com
NOTE : dejanz@eltosan.rs
NOTE : Received : from unknown (HELO EXCHANGE2010.eltosan.local) (212.200.54.100)
NOTE : Received : from User (197.228.213.211) by EXCHANGE2010.eltosan.local (192.168.2.203)
RE: AN INVESTMENT OPPORTUNITY. (Investment Scam)
Dear Friend,
AN INVESTMENT OPPORTUNITY.
I hope this email finds you in good health. I m Dr. Donald Adams, originally from Fiji Islands, but I am presently in Afghanistan as an expert doctor of medicine. On the 12Th of April 2014 my wife and I were approached by a British Soldier, Warrant Officer Faulkner Spencer, who handed a box full of cash totaling TWENTY-TWO MILLION EIGHT HUNDRED THOUSAND UNITED STATES DOLLARS ONLY {$22,800,000.00} to me and my wife for safe keeping and begged us never to disclose this to anyone. Unfortunately,exactly two weeks later news reached us that he had an accident and died in an Helicopter crash in Takhta Pul District, Afghanistan.
Kindly view the link below for confirmation:
http://www.bbc.com/news/uk-10629358
My wife and I wants to use this opportunity to seek for your assistance to help us repatriate this fund to your country for investment purposes because the fund is not safe here and we can no longer hold on to this fund since Officer Faulkner is no more and we are willing to compensate you with 35% of the total sum for your help.
We will be very grateful if our proposal is considered and given the urgent attention it deserves. This is our private e-mails:
donadams223@gmail.com
Sincerely,
Dr. Donald Adams.
Email analysis :
NOTE : donadams2233@gmail.com
NOTE : no_reply@delta.net.id
NOTE : Received : from mail.shponder.co.il ([81.218.175.83]:21099 helo=User)
NOTE : by webhosting.delta.net.id with esmtpa (Exim 4.85)
NOTE : (envelope-from < no_reply@delta.net.id >)
NOTE : X-Get-Message-Sender-Via : webhosting.delta.net.id:
NOTE : authenticated_id: dedy/only user confirmed/virtual account not confirmed
AN INVESTMENT OPPORTUNITY.
I hope this email finds you in good health. I m Dr. Donald Adams, originally from Fiji Islands, but I am presently in Afghanistan as an expert doctor of medicine. On the 12Th of April 2014 my wife and I were approached by a British Soldier, Warrant Officer Faulkner Spencer, who handed a box full of cash totaling TWENTY-TWO MILLION EIGHT HUNDRED THOUSAND UNITED STATES DOLLARS ONLY {$22,800,000.00} to me and my wife for safe keeping and begged us never to disclose this to anyone. Unfortunately,exactly two weeks later news reached us that he had an accident and died in an Helicopter crash in Takhta Pul District, Afghanistan.
Kindly view the link below for confirmation:
http://www.bbc.com/news/uk-10629358
My wife and I wants to use this opportunity to seek for your assistance to help us repatriate this fund to your country for investment purposes because the fund is not safe here and we can no longer hold on to this fund since Officer Faulkner is no more and we are willing to compensate you with 35% of the total sum for your help.
We will be very grateful if our proposal is considered and given the urgent attention it deserves. This is our private e-mails:
donadams223@gmail.com
Sincerely,
Dr. Donald Adams.
Email analysis :
NOTE : donadams2233@gmail.com
NOTE : no_reply@delta.net.id
NOTE : Received : from mail.shponder.co.il ([81.218.175.83]:21099 helo=User)
NOTE : by webhosting.delta.net.id with esmtpa (Exim 4.85)
NOTE : (envelope-from < no_reply@delta.net.id >)
NOTE : X-Get-Message-Sender-Via : webhosting.delta.net.id:
NOTE : authenticated_id: dedy/only user confirmed/virtual account not confirmed
Subscribe to:
Posts (Atom)