|
This is more of a reminder then "breaking news". But it may be worthwhile to include this in an awareness newsletter or similar presentation to keep your staff up to date on current social engineering malware. Our reader Andy sent us this e-mail he received. The domain name in the link has been modified. We of course had similar malware in the past claiming to be court documents or intellectual property violation notices.
---------------- Subject: Notice: Contract terms breached. 5 April, 2010 Hello, You are hereby put on notice that as of 7/1/2010 you are in breach of our contract dated 3/12/2007. The nature of said breach is: False Advertising, Breach of Contract, Bad faith Breach of Contract, Fraud and Deceit. It is our desire to inform you of the foregoing and afford you the opportunity to cure said breach. You may in any event be held responsible for all damages arising from said breach. To view a copy of the complaint please visit our company website: http://---URL REMOVED---/ Please use the CASE ID located at the end of the document to find the copy of the complaint. You have until 10th of May 2010 to cure said breach, after which we will be forced to pursue further legal action. Regards, Jim Karter CASE ID: 4322524
------ |
Johannes 4478 Posts ISC Handler Apr 13th 2010 |
| Thread locked Subscribe |
Apr 13th 2010 1 decade ago |
|
We just received the same junk mail this morning, as well as another:
---------------- Subject: Complaint regarding Breach of Contract. Notice is hereby given that we cancel our contract dated 0/1/2007 for the following reason. That on 8/4/2010, you breached said contract in the following respect: . Cancellation of said contract is effected in respect to that certain installment delivered on 2/6/2010, and for any subsequent delivery of goods, contracted for in said contract, inasmuch as your breach impairs the contract as a whole. We claim damages from you in the amount of $22,981.55 If you would like to view a copy of the full complaint please visit our website and search for your Case ID at the bottom of this letter. http://---URL REMOVED---/ Sincerely, |
Anonymous |
| Quote |
Apr 13th 2010 1 decade ago |
|
We had six of these on 4/12 targeting HR and C-level users. The first URL was not blocked by our web filtering system. Following the redirect and obfuscated-script trail, the second two hops were blocked, so no users were affected, though one did click through...
|
Paul 47 Posts |
| Quote |
Apr 13th 2010 1 decade ago |
|
Would anyone be willing to post the URL so that I could block it?
|
Anonymous |
| Quote |
Apr 13th 2010 1 decade ago |
|
Davef, here you go: (remove all of the spaces)
h t t p : / / w w w . l a w - t o - d a . c o m |
Chris 4 Posts |
| Quote |
Apr 13th 2010 1 decade ago |
|
Has anyone seen a consistent Sender email address or domain that we could use to update our Spam filters? Thanks in advance
|
Anonymous |
| Quote |
Apr 13th 2010 1 decade ago |
|
There is another URL as well, http://www. durand blaw. com
(remove spaces) The sender addresses varied. |
CBob 23 Posts |
| Quote |
Apr 13th 2010 1 decade ago |
|
No consistency to the senders or source IPs, this was very low volume and very targeted.
|
Paul 47 Posts |
| Quote |
Apr 13th 2010 1 decade ago |
|
A reminder: when you receive malware like this, _PLEASE_ report the domain names to malwaredomains.com so that others can benefit.
Thanks! |
John Hardin 62 Posts |
| Quote |
Apr 15th 2010 1 decade ago |
|
I've had similar emails come through with a URL link via IP not domain name. The URL is http://75.119.193.234/
|
John Hardin 6 Posts |
| Quote |
Apr 19th 2010 1 decade ago |
|
Another run over the past couple of days is using www.t h o m a s - a n d - h a r r i s.com
|
Paul 47 Posts |
| Quote |
Apr 26th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
