TechnoBlogic

We saw this email being spammed a week ago:

Hey, great opportunity for growth? High salary?

Sounds good. Maybe I should apply.

So I did. Here’s what I wrote back (do note that I used my normal F-Secure work address for this):

Well, I got a reply two hours later. Here’s the answer in full (emphasis added):

Date: Mon, 3 Mar 2008 03:55:44 -0800From: “Dexter Union Inc.” Organization: Dexter Union Inc.To: “Mikko H. Hypponen”Subject: Dexter Union Inc. Employment Details

Greetings.Thank you for being interested in our work proposal. Please note we looking forcandidates from United States Only!

Let me introduce myself. I`m Adam Nelson, director Dexter Union Inc.

Dexter Union Investment Company is an asset management firm focused on the singular strategy of attempting to maximize realized gains through the implementation of the Dexter Union Strategy®. Based in Canada  Dexter UnionInvestment Company is an independently owned, licensed general securities broker/dealer and registered investment advisor.

Here is more detailed description of what you will need to do.As there’s a transaction going your way we will notify you of that byemail or, sometimes, by phone. You need to be able to check your email boxfrequently once we accept your application.  Notification will be usuallysent to you one day before you’re scheduled to receive funds in youraccount. As the money arrives you will have to withdraw it from the bank(or via ATM machine if your daily withdrawal limit allows it) and thenforward it to our customers by means of express money transfer services(MoneyGram) according to instructions provided.

Commissions charged by those services are to be paid from the total amountreceived by you, you don’t need to spend your own money on that.Your starting commission will be 8 from the total amounts received byyou. Your earnings will be paid after completed transaction. You will be paid every day!

Work day example:

You will wake up in the morning and turn on your computer, receive email about completed transfer to your bank account, then you willhear your mobile phone sound and hang up, we will inform you aboutthis transfer and you will tell me that you did receive my email.Than you will visit bank branch and ask bank manager to withdraw this payment! ( for example : 5000 USD) you will receive this money and go to the nearest Money Gram department, your salary in this example is 8 USD, 4600 USD you will transfer via Money Gram to our head office. Since this moment the task of our company completed, we will send orders to both parts , sender and receiver.

After 2 weeks period we review your performance and if it meets ourrequirements you will be paid monthly salary of $4400 plus your commissionwill increase to 10.

Please note that to qualify for this position you need to be able toperform your tasks promptly and without any delays. Although this job onlyrequires 4-5 hours a week  it’s important that you do everything on timeand email reports/updates swiftly.

Please fill in the application form and sign the contract attached!

Once we receive it and verify the information provided a personal manager willbe assigned to you and you will start working.

Best regards,Adam Nelson,Dexter Union Inc.http://www.dexterunion.com (now site on reconstruction, will work in next few days)

Then again, maybe I’ll stick with my current job. Money laundering is just not my thing.

Signing off,
Mikko

On 12/03/08 At 10:00 AM

Microsoft just released the March 2008 updates. This time there are four critical updates that all fix vulnerabilities in different Office components and at least one of them have been used in targeted attacks lately. We advise everyone to install these updates as soon as possible.

On 11/03/08 At 11:12 PM

Alex Dragulescu’s Malwarez “is a series of visualization of worms, viruses, trojans and spyware code.”

Readers Feher and Dalibor recently sent us the link to MessageLabs’ gallery. They’re the ones that commissioned the series from Dragulescu.

Check ‘em out.

On 11/03/08 At 04:09 PM

A year or two ago, the malware author’s preferred way of spreading their wares was via e-mail attachments. We all remember mass outbreaks like Bagle, Mydoom and Warezov.

Well, sending EXE attachments in e-mail doesn’t work anymore. Almost every organization is now dropping such risky attachments from their e-mail traffic.

So virus writers have made a clear shift away from e-mail attachments to the Web: drive-by-downloads. This attack often still starts with an e-mail spam run; there’s just no attachments in the e-mail anymore as it has been replaced by a web link.

Some of these malicious web sites use exploits to infect you just by visiting a web page, others use compelling stories to fool you into downloading and running a program from the page.

Many have missed this shift of attacks from e-mail to the web. There’s a lot of companies measuring their risk of getting infected by looking at the amount of stopped attachments at their e-mail gateway. Those numbers are definitely going down, but the actual risk of getting infected probably isn’t.

Those organizations that are not scanning their web traffic for malware should seriously consider starting to do it, right now.

However, virus writers are moving again. We’re now seeing more and more malicious e-mails that link to malware — not via HTTP but via FTP links.

Case in point, a fake Hallmark greeting card spam we saw today:

As you can see, the link takes you to an owned computer which has an FTP site setup on it.

And when the executable is downloaded, it turns out to be a Zapchast mIRC-bot variant.

Better make sure your gateway scanner is configured to scan FTP traffic as well. Our F-Secure Internet Gatekeeper does this by default.

On 07/03/08 At 10:03 AM