Subject lines of the emails vary, but include:

• 2 Explosions at Boston Marathon
• Aftermath to explosion at Boston Marathon
• Boston Explosion Caught on Video
• Video of Explosion at the Boston Marathon 2013

According to Sophos’s blog, nakedsecurity:

If installed, the malware makes changes to the Registry and installs the following files, allowing hackers to gain remote access to infected computers:

<System>\drivers\npf.sys
<System>\Packet.dll
<System>\wpcap.dll

The file NPF.sys is registered as a new service named “NPF”, with a display name of “WinPcap Packet Driver (NPF)”.

Never accept “news” from other than legitimate news sources, especially not from unsolicited emails.

• Emails with the subject “Happy Easter.” Make sure they are actually from someone you know and don’t click any links or open any attachments until you have verified that the send is who they say they are.
• Fake ads for animals such as bunny rabbits and ducklings. Buy them live from a local dealer. Don’t have them shipped.
• Solicitations by “charities” using the Easter holiday as the motivator. One such scam I have seen tugs your heartstrings by showing hungry children and tying it to Easter’s resurrection theme. Don’t fall for it.
• Cheap “clearance” sales of Easter candy. Some of it has been known to be five years old and rancid. It could make you or your children sick.
• Cheap Easter toys and baubles that come from countries that still use lead-based paints.

And, for those of you who celebrate the holiday, Happy Easter!

My analysis showed that approximately three percent of my spam messages contained malware during the period of February 2 to date. That tracks with Kaspersky’s Securelist’s figures for January 2013:

January in figures

• The percentage of spam in email traffic was down 7.7 percentage points compared with December and averaged 58.3%
• The percentage of phishing emails halved compared with December, falling to 0.003%
• In January, malicious files were found in 3% of all emails, a decrease of 0.15 percentage points

The biggest source of malware in my spam filter was the fake FedEx Tracking Service message, but I’ve seen a variety along the way.

Subject: FW: 2010 and 2011 Tax Documents; Accountant's Letter

Message body:
I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2010 and 2011, plus an accountant's letter.

This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.

Attached to it is a ZIP file, whose filename will vary depending on the recipient. For instance, if the email is sent to chris@example.com, the zip file will be called chris.zip.

Inside the ZIP file, is an executable file: “Individual Income Tax Returns.exe”

The executable file is a Trojan horse backdoor that will allow hackers to take over your computer for their own nefarious purposes.

Keep in mind that this is only one example and there are usually many variations out there. There is one thing you can be certain of: They are all designed to steal your money and/or your identity.

Internet users are receiving emails claiming to contain a changelog – but the files attached are really designed to infect computers.

Here’s what a typical email looks like, although the precise wording can vary.

Subject: Re: Your Changelog

Message body:
Good day,
as promised chnglog attached (Open with Internet Explorer)

The subject lines and attachment names can also be different from email to email – here’s a small selection.

Make sure your anti-malware software is up to date and you should be OK. Just don’t click the link (but you already knew that, eh?)

Source: FortBendNow.com

I have been getting a deluge of spam comments to my various posts on this blog from a one Glory Johnson who goes by various nicknames. The most common nickname is “Glory39,” but the number is a moving target; “she” has posted as Glory342, Glory50, Glory34, and Glory38 among others. Well over 50 comments just today and they are still coming in. This is obviously a come-on for a scam, I’m just not sure what kind. I doubt that “Glory Johnson” is actually a female, nor does she have amorous intentions.
See what you think about the text of the comments. They are all identical, regardless of which version of “Glory” is posting them:

Hello
My name is glory johnson
i saw your profile today techtarget.com) and
became intrested in you,i will also like to know you the more,and i
want you to send an email to my email address so i can give you my picture for you to know whom i am.Here is my email address ( gloryjohnson001 at yahoo.com)
I believe we can move from here!I am waiting for your mail to my email address above.
glory.
(Remeber the distance or colour does not matter but love matters alot in life)
please contact me here ( gloryjohnson001 at yahoo.com)

I decided to play along and use one of my anonymous email addresses to appear to take the bait. Here’s what I sent to “her” email address:

Subject: I will like to know you the more
From:xxxxxxx
8:09 PM (16 minutes ago)
To: gloryjohnson001@yahoo.com
Hello,

You sent me this. I am wanting picture.

Hello
My name is glory johnson
i saw your profile today(techtarget.com) and
became intrested in you,i will also like to know you the more,and i
want you to send an email to my email address so i can give you my picture for you to know whom i am.Here is my email address (gloryjohnson001@yahoo.com)
I believe we can move from here!I am waiting for your mail to my email address above.
glory.
(Remeber the distance or colour does not matter but love matters alot in life)
please contact me here (gloryjohnson001@yahoo.com)

Unless this post has just tipped off the scammers, I’ll keep you posted on what transpires.

Enter the aforementioned titans who along with PayPal, LinkedIn, Bank Of America and others are getting lots of press about a proposed new internet standard called DMARC, or Domain-based Message Authentication, Reporting & Conformance. Some of the headlines noted by Sophos in a recent blog post:

Google, Microsoft Say DMARC Spec Stops Phishing (Information Week)
Google, Facebook, Microsoft in PHISH-FIGHTING smackdown (Channel Register)
[DMARC] could dramatically slash the amount of spam received by hundreds of millions of people (Financial Review)

If you’re responsible for the mail infrastructure in your organisation, you might be a little sceptical at this point. You’re probably asking yourself, “What happened to SPF and DKIM, which themselves were going to be the scourge of spammers?”

The answer to your sceptical [sic] question about DMARC is that it doesn’t replace SPF or DKIM, and it doesn’t replace your current email security and control solution. In fact, it is predicated upon them, to the point that DMARC’s official first step in its implementation guidelines is:

* Deploy DKIM & SPF. You have to cover the basics first.

So, will it work? We can only hope.

Source: FortBendNow.com

With the kickoff to holiday shopping the day after US Thanksgiving–”Black Friday” as it is commonly known–come the spammers, scammers and thieves. There will undoubtedly be waves of fake gift card deals and other “click candy” full of scams and malware. A big one floating around right now is a fake iTunes gift certificate. It arrives with the subject line “iTunes Gift Certificate” and contains an attachment that is supposedly the gift code. The attachment is a ZIP file containing malware. (Sophos detects this file as Mal/BredoZp-B.)

This is nothing new; we always see such things around the big holidays. But there are a few things you can do to avoid getting fooled. Here’s a list from Sophos’s Naked Security Blog:

Here are some other things to watch out for, adapted from a list posted by USA Today:

* Beware bogus forms. Beware emails and pop-up messages that ask you to type your account username and password, credit card number or personal information such as Social Security number and date of birth. Legitimate organizations don’t solicit sensitive information via email.

* Don’t blindly believe urgent, personalized warnings. Phishers often claim that you need to take urgent action with official organisations such as IRS (taxation), Social Security or the Department of Motor Vehicles.

* Don’t fall for that cute-baby photo. Even if you recognise the sender’s name, don’t open attachments. Distrust all email until and unless you’ve verified that the sender actually intended you to get the message and can vouch for its content.

Have a Happy Thanksgiving and stay safe out there!

Unfortunately, using a disposable or temporary email address doesn’t help when you’re already being spammed in volume. Before I took some corrective measures and blacklisted some domains and addresses, I was getting upwards of 100 pieces of spam every day. My mail provider’s spam filtering was somewhat effective, but some spam still got through while there were quite a few false-positives. I quickly realized that wasn’t the solution.

As an avid listener of the podcast “Security Now!,” I have heard Leo Laporte speak very highly of MailRoute.net. I decided to give it a try and signed up for their 15-day free trial last week. As required by the service, I changed my MX record to point to mailroute.net’s servers. I then turned off my host’s spam filtering. Within minutes, the spam started trailing off and there were no false positives. I’m definitely going to spring for the yearly subscription when the trial ends.

Just today, I noticed one false positive–an email from a client’s backup software–but that was easy to fix. I just selected the message and told MailRoute to “Recover and whitelist sender.” The message appeared in my mailbox instantly.

Check it out.