What's the deal with this one

How not to buy a brick in a box off the back of a truck.
Nyarlathotep
Posts: 49283
Joined: Fri Jun 04, 2004 2:50 pm

What's the deal with this one

Post by Nyarlathotep »

I have started to get spam messages at work whose headline is some piece of news that would make huge headlines were it real, i.e. "Markets Plunge as U.S. declares war on Iran" or "Coca-Cola sues Pepsi for $892 Billion Dollars". Inide the e-mail is just a link, purportedly to some sort of video. I have never clicked the link, of course, I am not stupid and am pretty sure that if (for instance) the U.S. declared war on Iran that I would have heard about it on the radio on the way into work or at least it would be mentioned by one of the 17 news feeds I subscribe to LONG before some total stranger e-mailed me a video link.

But I am curious as to what the scam is here. Is it an attempt to get me to download a virus onto my system, or will it take me to a site trying to sell me fake Rolexes/Viagra/Russian Brides/whatthefuckever?

Anyone know.

NightG1
Posts: 5208
Joined: Sun Jun 13, 2004 8:12 pm

Post by NightG1 »

Might be a Rick roll.

Nyarlathotep
Posts: 49283
Joined: Fri Jun 04, 2004 2:50 pm

Post by Nyarlathotep »

NightG1 wrote:Might be a Rick roll.
Must be a pretty determined Rick Roller since I get one or two a day, usually sandwiched somewhere in between the "Get a huge Love Tool!" and "Invest in this Penny Stock before it skyrockets" spams

ck
Posts: 1906
Joined: Thu Aug 31, 2006 11:29 pm

Post by ck »

It's botnet spam.
But I am curious as to what the scam is here. Is it an attempt to get me to download a virus onto my system.
Yes. Do this and your computer will become a zombie in some botnet army. Example, using the recent Chinese quakes:
Storm worm version uses China earthquake to lure victims

If you want information about the earthquake in China get it from a news site and not from a link to a video that arrives in your e-mail inbox.

That's the message from the US-CERT (Computer Emergency Readiness Team) on Thursday.

The group has received reports of a new variant of the Storm worm that targets people interested in the May 12 earthquake that killed nearly 70,000 people and left 5 million homeless. Some of the e-mails also have subject lines that deal with the Olympic Games that China is hosting.

In the e-mail is a link that sends a recipient to a malicious Web site, US-CERT says. Opening the purported video link on the site runs executable code that infects the computer with malicious code that can be used to turn the machine into a zombie on a spam botnet.

Previous versions have used April Fools' Day and Valentine's Day themes, as well as masqueraded as a fix for another worm to lure victims to sites.

As always, computer owners and administrators are urged to install and update antivirus software and to not follow unsolicited Web links received in e-mail messages.
http://news.cnet.com/8301-10784_3-9972672-7.html

User avatar
Geni
Posts: 5883
Joined: Thu Jun 03, 2004 9:02 am
Location: UK

Post by Geni »

Yup storm or a storm clone.

Tactic has been around for what two years now plays off either actual current headlines or things that could plausibly been current headlines of significance (old person dies earthquake in earthquake prone area). The computing power (beyond many super computers) and bandwith availible (beyond quite a few countries) to the botnet is considerable.

http://en.wikipedia.org/wiki/Storm_botnet

Nyarlathotep
Posts: 49283
Joined: Fri Jun 04, 2004 2:50 pm

Post by Nyarlathotep »

Got one yesterday whose headline was "UFO lands in New York!".

Its like they stopped trying.

User avatar
hammegk
Posts: 15134
Joined: Sun Jun 06, 2004 1:16 pm
Title: Curmudgeon
Location: Hither, sometimes Yon

Post by hammegk »

Geni wrote:Yup storm or a storm clone.

Tactic has been around for what two years now plays off either actual current headlines or things that could plausibly been current headlines of significance (old person dies earthquake in earthquake prone area). The computing power (beyond many super computers) and bandwith availible (beyond quite a few countries) to the botnet is considerable.

http://en.wikipedia.org/wiki/Storm_botnet
Why would common crooks want the capability to disable the internet, which seems like one possibility. At gov't/military level it might be of high interest.

Do the usual run of antivirus antispyware freebies catch this stuff?

Does the comment on cybercrime imply once you have a bot, your system becomes more vulnerable to other nasty software?
The most important things in life–beauty, grace, redemption, compassion, loyalty, love–are beyond the reach of reason. Which doesn’t make them any less real. Stay far back: I'm allergic to Stupid.

The simple rule, the greatest plan, that he should keep who has the power, and he should take who can.

The only enemies of guns: rust ... and politicians.

Philanthropist (n.) - Someone who spends his own money to advance his version of Utopia. Socialist (n.) - Someone who spends your money to advance his version of Utopia.

“Jesus loves the little cheeses, all the cheeses of the world. Swiss and Cheddar, stinky, too. If He loved them, so should you. Jesus loves the little cheeses of the world.”

I'm right 98% of the time; who cares about the other 3%?

User avatar
Pyrrho
Posts: 29375
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6

Post by Pyrrho »

Got spam? Do not open. Delete.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

User avatar
Pyrrho
Posts: 29375
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6

Post by Pyrrho »

hammegk wrote:
Geni wrote:Yup storm or a storm clone.

Tactic has been around for what two years now plays off either actual current headlines or things that could plausibly been current headlines of significance (old person dies earthquake in earthquake prone area). The computing power (beyond many super computers) and bandwith availible (beyond quite a few countries) to the botnet is considerable.

http://en.wikipedia.org/wiki/Storm_botnet
Why would common crooks want the capability to disable the internet, which seems like one possibility. At gov't/military level it might be of high interest.
Could be test runs for more serious efforts, such as the military as you mentioned.
Do the usual run of antivirus antispyware freebies catch this stuff?
Gmail seems to filter pretty well. I use MailWasher to preview subject lines and senders and to delete that which I don't want before I run my email program.
Does the comment on cybercrime imply once you have a bot, your system becomes more vulnerable to other nasty software?
Possibly. Once they find a way to shove whatever they want up your computer's backside, who knows what they'll insert when they really mean business.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

User avatar
DrMatt
BANNED
Posts: 29811
Joined: Fri Jul 16, 2004 4:00 pm
Location: Location: Location!

Post by DrMatt »

Pyrrho wrote:Got spam? Do not open. Delete.
I always submit it to the Bayeseian filter before deleting it. But the filter is gradually becoming independently intelligent. Next year it means to win Wimbolton.
Grayman wrote:If masturbation led to homosexuality you'd think by now I'd at least have better fashion sense.

CHARLEY_BIGTIME

Post by CHARLEY_BIGTIME »

Nyarlathotep wrote:Got one yesterday whose headline was "UFO lands in New York!".

Its like they stopped trying.
I had one that said "Jerome da Gnome gets sex without paying for it."


I found that just as unbelievable.

Nyarlathotep
Posts: 49283
Joined: Fri Jun 04, 2004 2:50 pm

Post by Nyarlathotep »

CHARLEY_BIGTIME wrote:
Nyarlathotep wrote:Got one yesterday whose headline was "UFO lands in New York!".

Its like they stopped trying.
I had one that said "Jerome da Gnome gets sex without paying for it."


I found that just as unbelievable.
To be fair, it could have been referring to Suzy Palm and her five sisters.

CHARLEY_BIGTIME

Post by CHARLEY_BIGTIME »

Nyarlathotep wrote:
CHARLEY_BIGTIME wrote:
Nyarlathotep wrote:Got one yesterday whose headline was "UFO lands in New York!".

Its like they stopped trying.
I had one that said "Jerome da Gnome gets sex without paying for it."


I found that just as unbelievable.
To be fair, it could have been referring to Suzy Palm and her five sisters.

...or a cuddly toy.

User avatar
Doctor X
Posts: 72330
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Location: Your Mom

Post by Doctor X »

http://www.castlecops.com/sirt

For those of you Unbless'd by Mac, "copy" the link and paste in the area. They will take care of the rest.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out." – Don
DocX: FTW. – sparks
"Doctor X wins again." – Pyrrho
"Never sorry to make a racist Fucktard cry." – His Humble MagNIfIcence
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone." – clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far." – Grammatron
"Indeed you are a river to your people.
Shit. That's going to end up in your sig." – Pyrrho
"Try a twelve step program and accept Doctor X as your High Power." – asthmatic camel
"just like Doc X said." – gnome

ImageWS CHAMPIONS X4!!!! ImageNBA CHAMPIONS!! Stanley Cup!Image SB CHAMPIONS X6!!!!!! Image

Nyarlathotep
Posts: 49283
Joined: Fri Jun 04, 2004 2:50 pm

Post by Nyarlathotep »

Doctor X wrote:http://www.castlecops.com/sirt

For those of you Unbless'd by Mac, "copy" the link and paste in the area. They will take care of the rest.

--J.D.

Hmmm. I just reported my whole daily batch.

Good site.

ck
Posts: 1906
Joined: Thu Aug 31, 2006 11:29 pm

Post by ck »

Nyarlathotep wrote:
Doctor X wrote:http://www.castlecops.com/sirt

For those of you Unbless'd by Mac, "copy" the link and paste in the area. They will take care of the rest.

--J.D.

Hmmm. I just reported my whole daily batch.

Good site.
Yeah, though with the ones that have malware links in them (such as the one you mentioned in your OP), go to http://www.castlecops.com/mirt

You can even report the phishing emails you get over at http://www.castlecops.com/pirt