Security Corner

Jan 26 2014   4:57PM GMT

Bogus funeral announcement points to malware



Posted by: Ken Harthun
Tags:
Security
Source: FortBendNow.com

Source: FortBendNow.com

One of the latest tricks in the cyber-criminals’ bags is an email with the subject (it varies), “Death and Funeral Announcement.” Now, what normal person would see that and NOT open it? I know I did. What I DIDN’T do, of course was click the link which pointed to a site <domain name>.be. Here’s the text:

For this unprecedented event, we offer our deepest prayers of condolence and invite
to you to be present at the celebration of your friends [sic] life service on
Thursday, January 22, 2014 that will take place at Eubank Funeral Home at 11:00 a.m.

Please find invitation and more detailed information about the farewell ceremony  here .

Best wishes and prayers,

Funeral home receptionist,
William Mccarty

After a few seconds of oh-my-god-who-died, I re-read the email and spotted the obvious bad grammar and realized this was a scan. Researching led me to discover that the link target delivers a Trojan. I also looked at the headers and found the originator was at IP address 89.108.70.217 (lookup tool) which has these attributes:

IP : 89.108.70.217     Neighborhood
Host : vm1351.vps.agava.net    OK
Country : Russian Federation  

And that is enough to confirm that I certainly don’t want whatever they have!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: