Thursday, August 26, 2010

Back to School Special on Fake AV

Emails were found circulating yesterday masquerading as school parking permit receipts. Below is an example:

Parking Permit and/or Benefit Card Order Receipt - 396521 Parking Permit and/or Benefit Card Receipt for Date:Wed, 25 Aug 2010 16:43:59 +0200
Grossmont-Cuyamaca Community College District

Your Credit Card has been charged $40.00.
"GROSSMONT-CUYA PARKING" will appear on your credit card statement.

A summary of the contents of your order are shown below.
Please note that each item will be mailed individually.

Order # Description Amount
0GU843621 Student Fall Permit - # 081821 40.00
TOTAL: 40.00

Please find attached invoice

Being timed so close to the start of the new school year in the US, a few people fell for this and tried to open up the HTML file attachment that accompanied the email. In this example, the attachment contained obfuscated Javascript that to pointed
http://enjoyyourhaircut (dot) com/5 (dot) html. That page redirected to http://conspalopi (dot) cz (dot) cc/scanner10/?afid=24, which in turn tried to sell you a copy of "My Windows Online Scanner".

According to this article, this was part of a much larger spam campaign.

email: david @

No comments:

Post a Comment