Security Corner

Jan 26 2014   4:57PM GMT

Bogus funeral announcement points to malware

Ken Harthun Ken Harthun Profile: Ken Harthun

Source: FortBendNow.com

Source: FortBendNow.com

One of the latest tricks in the cyber-criminals’ bags is an email with the subject (it varies), “Death and Funeral Announcement.” Now, what normal person would see that and NOT open it? I know I did. What I DIDN’T do, of course was click the link which pointed to a site <domain name>.be. Here’s the text:

For this unprecedented event, we offer our deepest prayers of condolence and invite
to you to be present at the celebration of your friends [sic] life service on
Thursday, January 22, 2014 that will take place at Eubank Funeral Home at 11:00 a.m.

Please find invitation and more detailed information about the farewell ceremony  here .

Best wishes and prayers,

Funeral home receptionist,
William Mccarty

After a few seconds of oh-my-god-who-died, I re-read the email and spotted the obvious bad grammar and realized this was a scan. Researching led me to discover that the link target delivers a Trojan. I also looked at the headers and found the originator was at IP address 89.108.70.217 (lookup tool) which has these attributes:

IP : 89.108.70.217     Neighborhood
Host : vm1351.vps.agava.net    OK
Country : Russian Federation  

And that is enough to confirm that I certainly don’t want whatever they have!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: