Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phishing Ransomware email


  • Please log in to reply
14 replies to this topic

#1 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:12:56 AM

Posted 30 April 2015 - 08:54 PM

[Image ignored]


Your Apple ID was just used to download Camfrog PRO 6.99$ from the App Store on a computer or device that had not previously been associated with that Apple ID.

This download was initiated from Morocco.

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

If you did not initiate this download, we recommend that you go to iforgot.apple.com [links to 'http://www.tastefinders.com/'] to change your password, then see Apple ID: Security and your Apple ID [links to '] for further assistance.

Regards,
Apple


[Image ignored]
TM and Copyright ý 2014 Apple Inc. 31-33, rue Sainte Zithe, L-2763 Luxembourg.
All rights reserved [links to https://www.apple.com/uk/legal/] / Keep Informed [links to www.apple.com/enews/subscribe/] / Privacy Policy [links to https://www.apple.com/uk/privacy/] / My Apple ID [links to https://appleid.apple.com/cgi-bin/WebObjects/MyInfo]


[Image ignored]923554342


Return-Path: 105465@hewsl03.webreus.nl
Delivered-To: crazycat@insane.com
Date: Thu, 30 Apr 2015 04:51:57 +0200
Message-Id:
To: crazycat@insane.com
Subject: Your receipt No.610434296540951
MIME-Version: 1.0
Content-type: text/html; charset:utf-8
Content-Transfer-Encoding: base64
From: crazycat@insane.com

Edited by Crazy Cat, 30 April 2015 - 08:59 PM.

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


BC AdBot (Login to Remove)

 


m

#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:56 PM

Posted 30 April 2015 - 09:01 PM

Tricky buggers... social engineering at its finest.



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:56 AM

Posted 30 April 2015 - 09:19 PM

Well, it didn't last long.

rnuSxSh.png

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:56 PM

Posted 30 April 2015 - 09:22 PM

More clever than technical...

 

They'll have to go back to sending out "invoice.zip"

 

:lmao:



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 01 May 2015 - 05:46 AM

The malware writers could always put it on a CD and use FedEx or UPS to hand deliver at your front door. I suspect most folks would open the package and promptly insert it into their PC without thinking twice.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:56 AM

Posted 01 May 2015 - 06:44 AM

The malware writers could always put it on a CD and use FedEx or UPS to hand deliver at your front door. I suspect most folks would open the package and promptly insert it into their PC without thinking twice.


I'm honestly imagining someone doing that right now, and it's hilarious :lol:

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:56 AM

Posted 01 May 2015 - 08:01 AM

The malware writers could always put it on a CD and use FedEx or UPS to hand deliver at your front door. I suspect most folks would open the package and promptly insert it into their PC without thinking twice.


I developed a few web based phishing applications that work great. Reporting, statistics, alerting, awareness training modules, etc. Written from scratch in Notepad++ so the functionality is endless. :)

However, I do enjoy the "USB drop" assessment. The best part is the look on the client's face when (if) they find out that USB/email came from you!

Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 01 May 2015 - 04:29 PM

As I often say..."An uninformed user can be their own worst enemy when acting in ignorance."
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 PhotoAce

PhotoAce

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:56 AM

Posted 01 May 2015 - 06:48 PM

The malware writers could always put it on a CD and use FedEx or UPS to hand deliver at your front door. I suspect most folks would open the package and promptly insert it into their PC without thinking twice.

 

Something similar has been done : http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage

 

"The attackers used universal methods to infect targets: not only through the web, but also in the physical world. For that they used an interdiction technique – intercepting physical goods and replacing them with Trojanized versions. One such example involved targeting participants at a scientific conference in Houston: upon returning home, some of the participants received a copy of the conference materials on a CD-ROM which was then used to install the group’s DoubleFantasy implant into the target’s machine. The exact method by which these CDs were interdicted is unknown."



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:56 PM

Posted 01 May 2015 - 07:19 PM

Or you can just get free malware with your brand new computer...

 

http://netsecurity.about.com/od/antivirusandmalware/a/Is-Your-Brand-New-Computer-Pre-Infected-With-Malware.htm



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 01 May 2015 - 07:35 PM

...The exact method by which these CDs were interdicted is unknown."

Most likely these highly sophisticated attackers built and used a Teleportation device.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:56 PM

Posted 01 May 2015 - 07:36 PM

:lmao:



#13 PhotoAce

PhotoAce

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:56 AM

Posted 01 May 2015 - 07:42 PM

 

...The exact method by which these CDs were interdicted is unknown."

Most likely these highly sophisticated attackers built and used a Teleportation device.

 

 

Looks good - that would explain the memory stick that just appeared on your desk.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 01 May 2015 - 07:50 PM

...that would explain the memory stick that just appeared on your desk.

Now we know who to blame...only the bad guy would know I just received that. :crazy:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 PhotoAce

PhotoAce

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:56 AM

Posted 01 May 2015 - 07:54 PM


Now we know who to blame...only the bad guy would know I just received that. :crazy:

 

 

What you have to do now, of course, is plug it into your computer to see if it contains anything interesting.........






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users