Spammers: PDF rules!
A few weeks ago a spam attack was launched – as it happens everyday. But that time there was something new. It was a pump and dump stock scam, using a PDF attachment. And what’s more, the PDF looked in a very professional way, so many people could be fooled. You can download the PDF clicking on the image below:
It must have been successful somehow, as the number of these PDF scams are increasing a lot. We must say that most of them are made in a really poor way, just take a look at the following screenshots:
But you can find some which look better:
As you can see most of the times they are just copy-pasting the body of the ”old” spam messages into the PDF file. But today, I have found one that has caught my eye. The first thing is the Subject (Off the record), which, on its own, makes anyone’s curiosity arouse. If the message is opened, there is a PDF attached, whose name is the name and surname of the user’s mail account! When it is opened, we discover that we will be given $500 if we reactivate an online casino account, finally it was not so exciting:
Spammers: PDF rules!
A few weeks ago a spam attack was launched – as it happens everyday. But that time there was something new. It was a pump and dump stock scam, using a PDF attachment. And what’s more, the PDF looked in a very professional way, so many people could be fooled. You can download the PDF clicking on the image below:
It must have been successful somehow, as the number of these PDF scams are increasing a lot. We must say that most of them are made in a really poor way, just take a look at the following screenshots:
But you can find some which look better:
As you can see most of the times they are just copy-pasting the body of the ”old” spam messages into the PDF file. But today, I have found one that has caught my eye. The first thing is the Subject (Off the record), which, on its own, makes anyone’s curiosity arouse. If the message is opened, there is a PDF attached, whose name is the name and surname of the user’s mail account! When it is opened, we discover that we will be given $500 if we reactivate an online casino account, finally it was not so exciting:
June spyware list
This month, Application/MyWebSearch joins the list in the first position, with only 36 detections less than Adware/Lop, which goes down to the second position.
1.- Application/MyWebSearch
2.- Adware/Lop
3.- Adware/Gator
4.- Dialer.XD
5.- Spyware/Virtumonde
6.- Application/SystemDoctor2006
Application/SystemDoctor2006 goes up from the 11th to the 6th position. It is a fake error-repairing program that is usually installed by Adware/SystemDoctor. There are also many websites or advertisements that simulate an analysis of the machine so that users install the program. Then, they are requested to purchase, for a modest price, a program to remove them.
Adware/Navipromo goes up from the 21st to 19th position. It is an adware that promotes dialers and uses rootkit techniques in order to go unnoticed. It usually comes with other programs such as MailSkinner, WebMediaplayer or InternetGameBox .
Trj/Torpig, which is a banker Trojan, keeps the 37th position as in the previous month. The families belonging to Trj/Torpig and Trj/Sinowal are very similar. We explained the techniques used by Trj/Sinowal in the eCrime Congress. You can take a look at the paper here.
A profitable use for stolen credit cards
We have often talked about the freedom with which certain cyber-crooks circulate around the Internet, but I must admit that even I am surprised sometimes…
The theft of credit card details and trading of this information is the order of the day. How is this information being used? We could make assumptions, carry out research or try to infiltrate some of these groups, but…why bother if they talk about it all so openly on their websites?
This is what appears on one of these websites:
As usual, everything is in perfect Russian. Basically, they are selling laptops, PDAs, cell phones, etc. for 20% of their real value. How is this possible? Well, if you visit their section “Answers to frequently asked questions-F.A.Q.”, the first question is: How can you offer such good prices? Pay attention to the answer:
“It’s very simple. We buy these products in Western countries with stolen credit cards. You don’t run any risk when purchasing these products.”
It couldn’t be any clearer. They even have a section for partners, where you are given the code you must include on your website and you get 25% of the money that comes from your website.
Dream System
“Dream System†is a bot that allows hackers to use infected machines as socket servers and to run any type of files in them.
It launches two types of DDOS attacks:
HTTP.
UDP flood.
The bot consists of:
A server component, called “Dream Bot builderâ€, which contains the configuration interface and allows servers to be generated.
And a client component, which allows the bot to be managed from a web interface.
The bot version 1.3 is sold for $750, including free updates for new versions.
This bot is known as “Dream System†or “Dream socketsâ€. It seems too much coincidence that the name of the program is very similar to “Dream Downloader†of the Mpack, which was programmed by DreamCoders Team. So, it is likely to be another software developed by this team.
It is detected in the signature file as part of the Bck/DreamSocks family.