antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
|  Information of your Transactions /Phishing+Malware attack
Good evening
Dear Credit Card Holder:
The last transaction report on your credit card shows a number of transactions that have questionable background. That gives us reasons to believe that your credit card details have been stolen, and your card has been abused for making unauthorized payments. Enclosed is the listing of transactions made with your credit card between 13.06.2009 and 15.06.2009. Please look through the enclosed document carefully and pay special attention to the last three of the listed transactions they are the ones that we suspect to be fraudulent.
Please find time to review the enclosed account statement and confirm the transactions you have authorized in person. This would help us both to have this issue resolved as quickly as possible.
The Word-formatted copy of your transaction list: »scananida.---.--/report_8977.exe
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/
|
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| LOL, they never give up. Hopefully one day, it will be true that crime doesn't pay, but it currently pays well enough that too many people are not deterred enough by the current system to look for gainful legitimate employment instead. 
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
kevyip1
join:2003-03-25
1 edit | reply to antiphishing
Anyone know what report_8977.exe does exactly? Is it a keylogger, trojan, etc.? My avast and adware can't find anything in it.
I heard about this type of email last year but couldn't find anywhere that says what the badware does. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | said by kevyip1  :Anyone know what report_8977.exe does exactly? Is it a keylogger, trojan, etc.? My avast and adware can't find anything in it. I heard about this type of email last year but couldn't find anywhere that says what the badware does. See: Virustotal's 06/17/09 analysis of the report-8977.exe file: »www.virustotal.com/analisis/8e6c···45259327
Threat Expert's analysis which includes:
quote:
...Threat characteristics of ZBot - a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.
and assigns the following categories:
• A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)
• A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
• A malicious backdoor trojan that runs in the background and allows remote access to the compromised system
See: »www.threatexpert.com/report.aspx···7cf26e36
MGD |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
| reply to antiphishing
Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
DC DSL
Stays crunchy even in milk
Premium
join:2000-07-30
Washington, DC
 ·Covad Communications
·Verizon Online DSL
| reply to antiphishing
FYI, the header from the one I got is:
--
There is no giant fur-bearing trout. |
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| reply to Doctor Four
said by Doctor Four :Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions. In my opinion,Their are a lot of naive internet users out there that would install this malware and or give up their credit card numbers by reading a email that utilizes Social Engineering.
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/
|
|
kevyip1
join:2003-03-25
| reply to MGD
Norton AV at Yahoo mail didn't find anything in report-8977.exe. Screenshot: »img87.imageshack.us/img87/8579/y···il01.jpg
As I said, avast also didn't find anything.
Is it really a malware or not? |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| reply to Doctor Four
said by Doctor Four :Obvious social engineering malware ploy. No real credit card holder is going to email you about suspicious transactions - they will always call you. At least this is what has happened with me on two separate occasions. They stop my card and send me an email to call them. I hate that.
--
Team JON. |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| reply to kevyip1
how many word formatted attachments are also executable files?
--
Team JON. |
|
Virus123
@xo.net | reply to antiphishing
Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve. |
|
kevyip1
join:2003-03-25
| reply to avd706
said by avd706 :how many word formatted attachments are also executable files? I know what Word files look like. That was not the question I asked. I asked why NAV at YM didn't detect anything. |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
1 edit | said by kevyip1 :Is it really a malware or not? ... I asked why NAV at YM didn't detect anything. To answer your second question: because AV software sucks and is a waste of system resources.
--
Team JON. |
|
kevyip1
join:2003-03-25
| said by avd706 :said by kevyip1 :Is it really a malware or not? ... I asked why NAV at YM didn't detect anything. To answer your second question: because AV software sucks and is a waste of system resources. But the virustotal report mentioned upthread says Symantec should detect it as Infostealer.Bancos.C . |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to kevyip1
According to the Virus Total report:
Avast was not one of the 6 AVs that detected it. While it did list Symantec detection version 1.4.4.12 as flagging it, I am not sure if that is the current definition that Yahoo is using.
Based on the distributed submits many AV's will update definitions to include this detection
From time to time there are discrepancies between VT's list of detections and the real world version results. In that AVs that are not listed as catching a virus, in fact are.
MGD |
|
kevyip1
join:2003-03-25
| FWIW, my avast just got the 6/17 definition and it still didn't detect anything.
Could bogus viruses be sent out? If the intent was to waste our time figuring it out, sending us bogus viruses would be one way to do it.
I've received harmless .exe files before in which months later my virus scanners still couldn't detect anything. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| It is possible, that ypur copy of the virus was detected during email processing. Upload your copy of the file to Virus Total for analysis: »www.virustotal.com/ request a fresh analysis if they show a previous submit. That way you can see if the the total detections has increased from the original 6.
It will also confirm whether you have a live or neutered copy of the virus.
MGD |
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| reply to Virus123
said by Virus123 :
Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.
You need to educate that users about clicking on links or attachments in spam (junk email) from users that they don't know or have any relations to.
This is the only way to stop the ongoing problem of users computers being infected and then turned into zombie machines or in this case , used in a phishing attempt.
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»loudobbs.tv.cnn.com/
»fraudwatchers.org/forums/
|
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| said by antiphishing :said by Virus123 :
Oh it's malware... I actually have a user that clicked on it.
I'm working with Symantec to diagnose and resolve.
You need to educate that users about clicking on links or attachments in spam (junk email) from users that they don't know or have any relations to. This is the only way to stop the ongoing problem of users computers being infected and then turned into zombie machines or in this case , used in a phishing attempt. The problem is that the users have a (false) reason to believe that this email is from a reputable source.
--
Team JON. |
|
DC DSL
Stays crunchy even in milk
Premium
join:2000-07-30
Washington, DC
·Covad Communications
·Verizon Online DSL
| said by avd706 :The problem is that the users have a (false) reason to believe that this email is from a reputable source.
Maybe if there weren't so many people who don't know how to read or write there'd be less gullibility. Pathetic spelling and grammar are always dead giveaways that a message is suspect.
--
There is no giant fur-bearing trout. |
|
