Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Trustwave Trustkeeper Phish - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Trustwave Trustkeeper Phish

Just got another interesting phishing e-mail. This time around it is security company Trustwave that is being phished. I am not a customer, so I am not sure how well these e-mails reflect the real thing, but they confused me for a while. The give away that this is a fake is the from e-mail address as well as the link leading to a different site then advertised.

Click on the image for a full size example.

trustwave phishing email

[Update:] An analysis of this phish by Trustwave's own Spiderlabs can be found here: 

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4466 Posts
ISC Handler
Feb 25th 2013
Our Barracuda appliance shows a LOT of incoming "scan warning" spam starting at about 2/21 1100 EST.

Thankfully all either blocked or quarantined.

23 Posts

25 Feb 2013 - "... this "TrustKeeper Vulnerabilities Scan Information" -spam- leads to an exploit kit on saberdelvino .net...The malicious payload is at [donotclick]saberdelvino .net/detects/random-ship-members-daily.php (report here*) hosted on the following IPs: (PT Telekon, Indonesia) (Langate, Ukraine)..."
... Blackhole 2

160 Posts
One of these madeit thruclamav and spamassassin and into my INBOX today. :-(

133 Posts

Sign Up for Free or Log In to start participating in the conversation!