SlideShare uma empresa Scribd logo

Malware SPAM - March 2013

Brent Muir
Brent Muir

Statistical analysis of malicious emails received March 2013

Tecnologia
1 de 3
Baixar para ler offline
MALWARE SPAM – MARCH 2013 •Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. Total # Received Type - Viagra Type - Job Type - Green Card Type - Banking Type - LinkedIn Type - Criminal Background Check Type - Other Malicious Link Malicious Attachment Attachment Type - .ZIP Attachment Type - .DOC Attachment Type - . PDF Sent from malformed email header Sent from compromise d known contact Contains my email address in "TO" field Mar-13 10 0 0 0 0 0 1 9 10 0 - - - 7 0 2
MARCH 2013 – DETAILS – PAGE 1 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 1 1/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 41.142.76.222 41.142.76.222Yes (no Whois record) 41.142.76.222- Unknown, registered to block MAROC TELECOM (ISP) menara.ma 41.142.76.222- Morocco (MAROC TELECOM -ISP, menara.ma ) No (starhub.net.sg listed as receipient) 2 2/03/2013 penial enlargements? Yes No No ydxa.org No Yes No yahoo.com 91.210.101.79 91.210.101.79- Yes (no Whois record) ydxa.org - Yes (DomainsByProxy.com) 91.210.101.79- Unknown, registered to block for UA-NETWORKING LTD (ISP) uanetworking.com (net-art.cz ?) ydxa.org - Unknown 91.210.101.79- UK (via uanetworking.com) ydxa.org - US (via bluehost.com) No (no recipients listed) 3 2/03/2013 Crime warning Yes No Yes - basic amazonaws.com No Yes No yahoo.com 62.244.130.100 62.244.130.100- Yes (no Whois record) 62.244.130.100- Unknown, registered to block Netia Telekom S.A (ISP) 62.244.130.100- Poland (via Netia Telekom S.A. netia.pl) No (yahoo.co.in listed as recipient) 4 7/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 81.24.208.123 81.24.208.123- Yes (no Whois record) 81.24.208.123- Unknown, registered to block for NKTV Ltd (ISP) 81.24.208.123- Ukraine (via nktv.mk.ua) No (yahoo.com listed as recipient) 5 10/03/2013Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 93.147.117.200 93.147.117.200- No, but Whois record points to ISP record (teletu.it) 93.147.117.200- registered to block for ISP teletu.it, Vodafone Omnitel N.V., Alicom s.r.l., http://www.tol.it, omnitel.it 93.147.117.200- Italy (via vodafone.it) No (yahoo.com listed as recipient) 6 15/03/2013Friend request? Yes No No funniest-pictures.com No Yes No hotmail.com 184.168.152.26 184.168.152.26- No funniest-pictures.com - Yes (DYNADOT Privacy) 184.168.152.26- SECURESERVER.NET funniest-pictures.com - Unknown, registered to block DYNADOT, LLC (ISP) 184.168.152.26- US (via SECURESERVER.NET & Go Daddy) funniest-pictures.com - US (via DYNADOT, LLC) Yes (amongst many others)
MARCH 2013 – DETAILS – PAGE 2 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 7 21/03/2013Weight loss? Yes No Yes - basic amazonaws.com No No No yahoo.com yahoo.com No (tpg.com.au listed as recipient) 8 22/03/2013Weight loss? Yes No Yes - basic amazonaws.com Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No No No yahoo.com yahoo.com 9 23/03/2013Friend request? Yes No No evomerchantservices.org No No No yahoo.com yahoo.com evomerchantservices.org - No evomerchantservices.org - J and S Productions LLC (jstmerchantservices.com) evomerchantservices.org - US (via Global Net Access, LLC gnax.net) No (no recipients listed) 10 24/03/2013Unknown Yes No No Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No Yes No yahoo.com 83.26.142.16 83.26.142.16- Yes (no Whois record) sv-schaephuysen.de - 83.26.142.16- registered to block tpnet.pl (ISP) TELEKOMUNIKACJA POLSKA S.A. , az.pl sv-schaephuysen.de - STRATO AG 83.26.142.16- Poland (via TELEKOMUNIKACJA POLSKA S.A.) sv-schaephuysen.de - Germany (via STRATO AG, strato.de Yes (amongst many others)

Recomendados

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013Brent Muir
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 

Recomendados

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013Brent Muir
 
De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13De-anonymizing Members of French Political Forums - Passwords13
De-anonymizing Members of French Political Forums - Passwords13ketaman
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Gloria flores
Gloria floresGloria flores
Gloria floresyaya700
 
Jessica guevara
Jessica guevaraJessica guevara
Jessica guevarajessica97
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014Naval OPSEC
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 
How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on InternetMuhammadArif823
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quizlockyerj
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Brent Muir
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013Brent Muir
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 

Mais conteúdo relacionado

Mais procurados

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlinePaul Bossky
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Msmafer23
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Online News Association
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quizlockyerj
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are EverywhereChristos Beretas
 

Mais procurados (8)

How to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating OnlineHow to Catch Someone Who Is Cheating Online
How to Catch Someone Who Is Cheating Online
 
Anonomity on Internet
Anonomity on InternetAnonomity on Internet
Anonomity on Internet
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
Research Project Ms
Research Project MsResearch Project Ms
Research Project Ms
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
 
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
Rx for Online Harassment: Preparation, Response, Support and Self-Care – ONA19
 
Internet Quiz
Internet QuizInternet Quiz
Internet Quiz
 
Honeypot Projects are Everywhere
Honeypot Projects are EverywhereHoneypot Projects are Everywhere
Honeypot Projects are Everywhere
 

Destaque

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Brent Muir
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013Brent Muir
 

Destaque (9)

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0
 
Malware Spam February 2013
Malware Spam February 2013Malware Spam February 2013
Malware Spam February 2013
 

Mais de Brent Muir

Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 

Mais de Brent Muir (6)

Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Malware SPAM - March 2013

  • 1. MALWARE SPAM – MARCH 2013 •Malicious SPAM is defined by me as any unsolicited email that contains a potential information security risk. This does not include the usual marketing newsletter emails. Only those for which there is not a prior affiliation and that make it into my mail box. Total # Received Type - Viagra Type - Job Type - Green Card Type - Banking Type - LinkedIn Type - Criminal Background Check Type - Other Malicious Link Malicious Attachment Attachment Type - .ZIP Attachment Type - .DOC Attachment Type - . PDF Sent from malformed email header Sent from compromise d known contact Contains my email address in "TO" field Mar-13 10 0 0 0 0 0 1 9 10 0 - - - 7 0 2
  • 2. MARCH 2013 – DETAILS – PAGE 1 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 1 1/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 41.142.76.222 41.142.76.222Yes (no Whois record) 41.142.76.222- Unknown, registered to block MAROC TELECOM (ISP) menara.ma 41.142.76.222- Morocco (MAROC TELECOM -ISP, menara.ma ) No (starhub.net.sg listed as receipient) 2 2/03/2013 penial enlargements? Yes No No ydxa.org No Yes No yahoo.com 91.210.101.79 91.210.101.79- Yes (no Whois record) ydxa.org - Yes (DomainsByProxy.com) 91.210.101.79- Unknown, registered to block for UA-NETWORKING LTD (ISP) uanetworking.com (net-art.cz ?) ydxa.org - Unknown 91.210.101.79- UK (via uanetworking.com) ydxa.org - US (via bluehost.com) No (no recipients listed) 3 2/03/2013 Crime warning Yes No Yes - basic amazonaws.com No Yes No yahoo.com 62.244.130.100 62.244.130.100- Yes (no Whois record) 62.244.130.100- Unknown, registered to block Netia Telekom S.A (ISP) 62.244.130.100- Poland (via Netia Telekom S.A. netia.pl) No (yahoo.co.in listed as recipient) 4 7/03/2013 Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 81.24.208.123 81.24.208.123- Yes (no Whois record) 81.24.208.123- Unknown, registered to block for NKTV Ltd (ISP) 81.24.208.123- Ukraine (via nktv.mk.ua) No (yahoo.com listed as recipient) 5 10/03/2013Ciggarettes ? Yes No Yes - basic amazonaws.com No Yes No yahoo.com 93.147.117.200 93.147.117.200- No, but Whois record points to ISP record (teletu.it) 93.147.117.200- registered to block for ISP teletu.it, Vodafone Omnitel N.V., Alicom s.r.l., http://www.tol.it, omnitel.it 93.147.117.200- Italy (via vodafone.it) No (yahoo.com listed as recipient) 6 15/03/2013Friend request? Yes No No funniest-pictures.com No Yes No hotmail.com 184.168.152.26 184.168.152.26- No funniest-pictures.com - Yes (DYNADOT Privacy) 184.168.152.26- SECURESERVER.NET funniest-pictures.com - Unknown, registered to block DYNADOT, LLC (ISP) 184.168.152.26- US (via SECURESERVER.NET & Go Daddy) funniest-pictures.com - US (via DYNADOT, LLC) Yes (amongst many others)
  • 3. MARCH 2013 – DETAILS – PAGE 2 Date Type Malicious Link Link Shortener Link Masking Link Host Link Risks Malicious Attachment Attachment Type Sent from malformed email header Sent from compromised known contact Listed Email Host Real Email Host Domain Proxy Service Registration Information Country Hosting Domain (IP) Contains my email address in "TO" field 7 21/03/2013Weight loss? Yes No Yes - basic amazonaws.com No No No yahoo.com yahoo.com No (tpg.com.au listed as recipient) 8 22/03/2013Weight loss? Yes No Yes - basic amazonaws.com Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No No No yahoo.com yahoo.com 9 23/03/2013Friend request? Yes No No evomerchantservices.org No No No yahoo.com yahoo.com evomerchantservices.org - No evomerchantservices.org - J and S Productions LLC (jstmerchantservices.com) evomerchantservices.org - US (via Global Net Access, LLC gnax.net) No (no recipients listed) 10 24/03/2013Unknown Yes No No Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Performs Registry Activities: The executable creates and/or modifies registry entries. No Yes No yahoo.com 83.26.142.16 83.26.142.16- Yes (no Whois record) sv-schaephuysen.de - 83.26.142.16- registered to block tpnet.pl (ISP) TELEKOMUNIKACJA POLSKA S.A. , az.pl sv-schaephuysen.de - STRATO AG 83.26.142.16- Poland (via TELEKOMUNIKACJA POLSKA S.A.) sv-schaephuysen.de - Germany (via STRATO AG, strato.de Yes (amongst many others)