Invoice Notification Spam/Scam possible trojan

Discussion in 'other security issues & news' started by Daveski17, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I don't get much spam, even in AOL Mail, but three years to the day from when I contracted a trojan, surfing Russian sites in SeaMonkey without NoScript, I get an 'Invoice Notification' with several links. I'm sure most people at Wilders see these kinds of things comparatively regularly, but I really don't get that much spam (even of the harmless kind).

    I was suspicious straight away as I hardly ever buy anything online. I opened the message as I am pretty sure you can't be infected until you actually click a hyperlink:

    Dear Customer,
    <br><br>
    We attempted to deliver your item at 9:47 am on November 12, 2011 and a notice
    was left. You may arrange redelivery by clicking the link below or pick up the
    item at the Post Office indicated on the notice. If this item is unclaimed after
    15 days then it will be returned to the sender. The sender has requested that
    you receive a Track & Confirm update, as shown below.
    <br><br>
    Label Number: <b>7007 4472 2912 7362 5648</b><br>
    Weight: <b>1.3 LBS</b><br>
    Expected Delivery Date: <b>November 12, 2011</b><br>
    Service Type: <b>First-Class Certified Mail</b><br>
    Service(s): <b>Delivery Confirmation</b><br>
    Status: <b>Final Notice</b>

    To check on the delivery status of your mailing or arrange redelivery please
    visit our website:
    'Link'

    I was suspicious for a variety of reasons, notwithstanding the weight of the supposed purchase being in Imperial instead of the usual Metric.

    I checked the link in VirusTotal & this is a portion of the results:

    ~VT results removed per Policy~

    Is the universe trying to tell me something about November 15th, using SeaMonkey & trojans LOL? :D

    Of course, this time I didn't get infected! ;) :thumb:

    Microsoft Protection Centre Encylopedia Entry: TrojanDownloader:Win32/Srotgnat.A

    F-Secure Threat Description: Trojan.Generic.KDV.406678
     
    Last edited by a moderator: Nov 15, 2011
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Sorry about the VT post Ron, I forgot about the policy.
     
  3. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    You have two alternatives regarding Security:

    (01) Mark the Email as Spam and have the Email Program Automatically Delete the Email upon Arrival.

    (02) Suspend or Delete the Email Account that is being Spammed and create an New Email Account, then,
    If that Invoice Email shows up in your New Email Account, then I would be Very Concerned.

    Yes, one's computer can be Infected by an Poisoned Email Simply by Viewing In Preview or Opening it.


    HKEY1952
     
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Oh Bollocks! Now you tell me. :eek: I didn't click any of the links anyway & technically there was nothing to open. I have scanned with MSE & SAS, to be on the safe side & nothing detrimental was found.
     
  5. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Double check the status of that Email.....if it is marked as 'Read' opposed to 'Unread' then it Was Opened.

    I am not proposing that the Email in question is poisoned, only informing that an computer Can Become Infected
    Simply by Opening Up An Poisoned Email.


    HKEY1952
     
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I have deleted it now, but I suppose it was technically opened. I normally just send them to the spam folder, but I was curious. Of course, we all know what killed the cat don't we? ;)

    I believe you, I think that I'm OK in this instance though.
     
  7. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    That's what I like about my ISP's spam/virus quarantine ... I can look at the contents of anything that's there, but with all HTML content (and, AFAIK, any other kinds of scripting) stripped out.

    In the case of suspected viruses or other malware, all of the message's contents are replaced with "This warning replaces the original content because ...". Dealing with this ISP for something like 15 years now, my a-v (avast) has yet to find anything in downloaded email.
     
Loading...
Thread Status:
Not open for further replies.