Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - If you have received an e-mail message with the following subject line, you might be convinced to unpack the attached zip file. Simply, don’t. A suspicious message that we’ve received today is titled Returned mail: see transcript for details. It says that a number of messages have been sent with your e-mail address. (See Screenshot 01.)






We have found that your email account was used to send a huge amount of unsolicited email messages during the last week.
We suspect that your computer was infected by a recent virus and now contains a hidden proxy server.

Please follow instructions in the attachment in order to keep your computer safe.






It comes with a zip attachment, which appears to contain an executable program. This message is so convincing that I thought it was a true, kind notification. A big mistake they’ve made is use of a Japanese return address. The Japanese cannot write in English without making a lot of grammatical mistakes.   (more…)

TOKYO (MacHouse) - An organized cyber scum group circulated a spam message some half an hour ago to target Apple’s iTunes customers. This spam message is titled Thank you for buying iTunes Gift Certificate! (See Screenshot 01.) The message implies that the attached ZIP package contains information on how to receive a $50 gift certificate. But this ZIP archive appears to include an executable program. Chances are that this spam message is sent by the same group responsible for a series of messages involving UPS and DHL. This type of spam messages with a ZIP archive is known to contain a piece of malware.   (more…)

TOKYO (MacHouse) - An organized cyber criminal circulated a spam message a while ago. It’s similar to the one involving UPS that we reported first at the beginning of the month. This time, it involves DHL. The message is titled DHL Delivery Problem NR.76933. Sender is shown as help@dhl.com though that’s not the actual one. The body of the spam message goes






Dear customer!

DHL Services. (See Screenshot 01.)   (more…)

TOKYO (MacHouse) - A week ago, we first reported that an organized cyber criminal group circulated a suspicious spam message, pretending that it originated from United Parcel Service (UPS). It has turned out that the zip archive that comes as an attachment file contains a malicious executable program.

Just some 30 minutes ago, an organized cyber criminal group, perhaps the same one as before, circulated a similar suspicious message. This e-mail message is brief and titled UPS Delivery Problem NR.3867666. The sender’s name and address appear as






Postal Manager Dario Walden
support@ups.com






, respectively.   (more…)

TOKYO (MacHouse) - A few days ago, we introduced a spam message whose title was UPS Delivery Problem NR.2612749. It originated from a server in Greece though it’s likely that it was sent by someone somewhere else. In the meantime, the spam message comes with a suspicious attachment, which looks like containing an executable program. So we’ve asked Sophos to analyze the attachment. They say






The sample file you sent in for analysis does contain a malicious file. The file UPS_invoice_1238.exe was detected as Mal/EncPk-NS and as Mal/FakeAV-BW.






Related stories:

Got UPS Package from Greece? - Part 1
Sophos - Mal/EncPk-NS Malicious behavior

TOKYO (MacHouse) - If you have received an e-mail message titled UPS Delivery Problem NR.2612749, you probably want to trash it before even reading it. (See Screenshot 01.) Opening a Zip attachment won’t be a good idea if the message is sent by someone that you don’t know. What’s suspicious about this particular message whose sender appears as help@ups.com is that it comes from Greece. What, UPS is originally from Greece? Of course, that’s not exactly the true sender.

Screenshot 01 - Source: MacHouse

Screenshot 02 - Source: MacHouse

Taking a bit closer look at the attachment, it appears that it’s not just a simple Zip archive containing a document file. It looks like it contains an executable program. (See Screenshot 02.)

TOKYO (MacHouse) - Almost three hours ago, an organized cyber criminal group circulated a suspicious e-mail message involving Google’s Gmail. The message titled Inactive contains a hyperlink. By clicking on it, one will be directed to a scam website to harvest Gmail accounts.   (more…)

TOKYO (MacHouse) - If you have recently received an e-mail message titled Inactive, you’d better be careful. Especially, if the body of the message involves Google’s Gmail, chances are that it’s been sent by an organized cyber criminal group.

More than half an hour ago, a scam group sent a suspicious message. The body of the message goes






Hi

http://www.gmail.com/?id=23451qd53ed5g455t4sd5sgbu=us






(See Screenshot 01.)   (more…)

TOKYO (MacHouse) - Some 10 hours ago, we noticed that Internic’s Whois Server started showing odd results. If you use Mac OS, then launch Network Utility, switching the tab to Whois. If you run a search with a domain like google.com, you may get the result like the following.






GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
GOOGLE.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
GOOGLE.COM.ZNAET.PRODOMEN.COM
GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET
GOOGLE.COM.VN
GOOGLE.COM.UY
GOOGLE.COM.UA
GOOGLE.COM.TW
GOOGLE.COM.TR
GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
GOOGLE.COM.SPROSIUYANDEKSA.RU
GOOGLE.COM.SERVES.PR0N.FOR.ALLIYAH.NET
GOOGLE.COM.SA
GOOGLE.COM.MX
GOOGLE.COM.IS.SHIT.SQUAREBOARDS.COM
GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET
GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
GOOGLE.COM.DO
GOOGLE.COM.CO
GOOGLE.COM.CHIQUITASEXY.COM
GOOGLE.COM.BR
GOOGLE.COM.BEYONDWHOIS.COM
GOOGLE.COM.AU
GOOGLE.COM.AR
GOOGLE.COM   (more…)

TOKYO (MacHouse) - In reference to our report of January 12, 2009, a legal representative of Duebelbeis and Clever Agency opened a support ticket at our website to indicate their intention of suiting MacHouse. They write






This law firm represents Bobby Duebelbeis, and we have been asked to write this letter to you. Many of your statements about Bobby Duebelbeis in your blog postings are untrue and defamatory. You made them maliciously to injure Bobby Duebelbeis in his trade, office and profession. As such, they are defamatory per se. Under O.C.G.A. 51-5-11, this letter constitutes a demand for immediate retraction in writing of these false and libelous statements. In accordance with MO Statute 509.210, Bobby Duebelbeis deamnds that your retraction and correction be accompanied by an editorial in which you specifically repudiated your libelous statements. (See Screenshot 01.)   (more…)