PornTube Malware Spam
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
From - Tue Jul 08 18:12:57 2008
X-Account-Key: account3
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <excipien@COMMERCIALAPPEAL.COM>
Delivered-To: 119-x
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
tucker.host4africa.com
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=7.0 tests=BAD_ENC_HEADER,FROM_EXCESS_QP,
SUBJECT_EXCESS_QP autolearn=no version=3.1.0
Received: (qmail 27207 invoked from network); 7 Jul 2008 17:34:53 +0200
Received: from 85-92-171-249.eurisp.net (HELO mailscanner.eurisp.net) (85.92.171.249)
by plesk.ev1servers.net with SMTP; 7 Jul 2008 17:34:52 +0200
From: "=?ISO-8859-1?Q?WINSLOW?=" <excipien@COMMERCIALAPPEAL.COM>
To: x
Subject: =?ISO-8859-1?Q?Memorabilia for heroes only?=
Date: Mon, 7 Jul 2008 16:34:50 +0100
Mime-Version: 1.0
Content-Type: text/plain;
charset="ISO-8859-1"
Content-Transfer-Encoding: 8BIT
Message-Id: <x@COMMERCIALAPPEAL.COM>
X-Account-Key: account3
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <excipien@COMMERCIALAPPEAL.COM>
Delivered-To: 119-x
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
tucker.host4africa.com
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=7.0 tests=BAD_ENC_HEADER,FROM_EXCESS_QP,
SUBJECT_EXCESS_QP autolearn=no version=3.1.0
Received: (qmail 27207 invoked from network); 7 Jul 2008 17:34:53 +0200
Received: from 85-92-171-249.eurisp.net (HELO mailscanner.eurisp.net) (85.92.171.249)
by plesk.ev1servers.net with SMTP; 7 Jul 2008 17:34:52 +0200
From: "=?ISO-8859-1?Q?WINSLOW?=" <excipien@COMMERCIALAPPEAL.COM>
To: x
Subject: =?ISO-8859-1?Q?Memorabilia for heroes only?=
Date: Mon, 7 Jul 2008 16:34:50 +0100
Mime-Version: 1.0
Content-Type: text/plain;
charset="ISO-8859-1"
Content-Transfer-Encoding: 8BIT
Message-Id: <x@COMMERCIALAPPEAL.COM>
Body:
FBI surveillance team reveals trade secrets http://livresedotabaco.com/r.html
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Gtsmobi.com Porn Spam - Your Next Purchase at McDonald's is FREE!MySafeStreams.com Porn Spam - Hey! Can you text me please? Or hit me up on
PayPal Phishing Scam - Resolution Center - Account Issues
General Malware Spam - You have received a new fax message
General Malware Spam - Ann Bailey has sent you a message on YouTube
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
These e-mails are normally plain text e-mails with an enticing, random subject line and the contents of the e-mail is normally a single line written in the format of a news headline, followed by a URL, creating the impression that the link points to a news article, where the user can read further about the (fake) newsworthy event. Spammers seem to use this technique more often these days and the spam easily adapt to current events like the U.S. elections.
All URL's we've seen so far point to a file called 'r.html', normally located in the root directory of a top-level domain or even a sub domain.
These pages contain pornographic material and attempts to infect your PC with a rogue ActiveX Control.
No matter what the subject line or contents of the e-mail, you should always use common sense when dealing with spam like this. Why would an e-mail from excipien@commercialappeal.com, about memorabilia for heroes, point to the site livresedotabaco.com for a news article about an FBI surveillance team that revealed certain trade secrets? The total lack of relevance between the different parts of this e-mail is enough reason to stay away from the dodgy URL.