Commtouch Café

Please wait while we infect your computer – more malicious HTML attachments

2010-09-01T21:06:43Z

Commtouch labs have detected large volumes of emails with malicious HTML attachments. The emails purport to come from a range of legitimate sites including: Bell Canada Craigslist NewEgg So let’s say you read our previous blog about the rise of the malicious HTML attachments. You open the attached HTML file in a text reader to find the malicious links [...]

Spammers Almost Take Our Advice about LinkedIn

2010-08-24T13:51:24Z

In February, we “recommended” that cybercriminals save time and money by using LinkedIn as a way to harvest email addresses and details about corporate employees. Instead, they have added LinkedIn to the pantheon of trusted brands being used to scam unaware recipients. Thanks to the simplicity of the LinkedIn design, spammers have had an easy time [...]

Amazon phishing – when username and password is just not enough

2010-08-17T17:27:04Z

In the grand phishing universe, it’s clear that Amazon would be a target. This particular phishing outbreak caught our eye though. It starts with a typical “account verification” email. Recipients must submit the required information or they will suffer the dreaded “locked account”. Opening the attached HTML file reveals phishing for more than just a username [...]

Even Wikipedia and WordPress used for pharmacy spam

2010-08-05T14:50:56Z

Perhaps you’ve gotten used to phishing, spam and scams supposedly coming from Facebook, Apple and Google. Now, though, even trusted brands that we thought were safe are being used in an attempt to get recipients to click the embedded URLs. Check out the emails below, both related to “recent account opening activity”. Wikipedia and WordPress, whose [...]

Silly 419

2010-08-04T13:48:23Z

One of the advantages of following us on Twitter is that you get our #Sillyspam posts. In their efforts to confound mail filters, spammers often need to perform all sorts of language acrobatics. We usually feel compelled to add a comment to these amusing bits of email – and we summarize our favorites every 3 [...]

Email-malware senders guide – Chapter 1

2010-07-26T12:07:35Z

Last week we saw an interesting series of emails which seemed to indicate a mid-outbreak change of tactic. The initial series of emails all had banking and account related themes. The emails indicated that it was necessary to open an attached document file. The attachments were actually zipped executable Trojan downloaders. A Virus-Total (www.virustotal.com) scan showed [...]

Widespread fake Amazon orders lead to PDF malware

2010-07-22T11:15:58Z

Well-crafted emails mimicking Amazon order confirmations have been detected in large quantities in the past week. The Amazon logo and “your account” button actually take image files from the Amazon website. The email includes twelve links designed to motivate recipients to click: More information about an Amazon Visa card The ordered items are not shown and are [...]

HTML attachments – now with malware!

2010-07-20T13:42:28Z

In the last few weeks we have detected increasing usage of HTML attachments in a variety of message types – all of them attempting to install malware. These sorts of attachments are generally not blocked by message scanning systems. In addition they may arouse less suspicion in users than zipped attachments. In the examples below, the [...]

Outbound spam? Survey says – Service Providers are looking for a solution

2010-07-07T14:37:01Z

Recently, our service provider customers have become increasingly vocal about the problem of outbound spam, the spam generated within their own networks. We recently sponsored a survey with Osterman Research asking Web hosting companies, ISPs, and email managed service providers how they manage outbound spam. As you can see from our beautiful chart – service providers [...]

Survey Says – Outbound Spam IS Your Problem

2010-07-07T14:35:53Z

Zombies, compromised accounts, and malicious users are just some of the friendly neighborhood spammers on service providers’ networks. Every piece of spam going in AND getting out is your problem, long before it becomes someone else’s. Commtouch recently commissioned a survey by Osterman Research to determine the state of the industry with regard to outbound [...]