FYI...Fake NATO jobs SPAM
May 21, 2013 - "Want to join the North Atlantic Treaty Organization (NATO)?... you’d be involuntarily sharing your information with what looks like an intelligence gathering operation...Sample screenshot of the -fake- NATO Employment Application Form
A copy of the -fake- NATO Employment Application Form
A copy of the -fake- NATO Interview Form
... NATO impersonating domain name reconnaissance:
nspa-nato.int.tf – 22.214.171.124; 126.96.36.199; 188.8.131.52
Name server: ns1.idnscan .net
Name server: ns2.idnscan .net
usnato-hr.org – 184.108.40.206
Name Server: DNS1.SPIRITDOMAINS .COM
Name Server: DNS2.SPIRITDOMAINS .COM
... We know that on 2013-05-10 07:01:46 CET, responding to the same IP (220.127.116.11
) was also the following Black Hole Exploit Kit
Always watch where you apply and be aware of offers which sound too good to be true."(More detail at the webroot URL above.)
21 May 2013 - "The file Delivery_Information_ID-000512430489234.zip is being promoted by a spam run (perhaps aimed at Italian users, although all the hosts are German)... best guess is that it is a fake package delivery report
. So far I have identified three download locations for the malicious ZIP file:
The ZIP file decompresses to Delivery_Information_ID-000512453420234.Pdf_______________________________________________________________.exe (note all those underscores!) which has a VirusTotal detection rate of 23/47* and has the following checksums:
The Anubis report is pretty inconclusive but ThreatTrack reports** [pdf] some peer-to-peer traffic and also some rummaging around the Window Address Book (WAB)."
File name: Delivery_Information_ID-000512453420234.Pdf______________________...
Detection ratio: 23/47
Analysis date: 2013-05-21
___Malicious eFax Corporate Spam
21 May 2013 - "Subjects Seen: Corporate eFax message from [removed]
Typical e-mail details: You have received a 3 fax at 2013-05-07 10:24:18 CST.
* The reference number for this fax is [removed].
Please visit efaxcorporate.com/corp/twa/page/customerSupport if you have any questions regarding this message or your service. You may also e-mail our corporate support department at corporatesupport @mail.efax.com.
Thank you for using the eFax Corporate service! Malicious URLs
___Oklahoma tornado charitable organization scams, malware, and phishing
Last Updated: 2013-05-21 17:09:55 UTC - "... Be very wary of any charity that is raising funds for victims of any disaster, particularly one that has -not- been around for very long. There are many legit charities, I would recommend sticking to ones you are already familiar with. The American Red Cross for example has been around for a long time, does amazing work, and is always in need of funding. They are just one example of a well established charity that does good work and is already involved in helping out in Moore, Oklahoma. Routine monitoring of newly registered domain names shows a number of brand new ones that have words like Oklahoma, Moore, tornado, recovery, help, assistance, and similar. I am certain that a number are registered by well meaning people, however I am equally sure that many are fake or scams
. It does not take long for any recent newsworthy topic to be the subject line of phishing, malware, and scammers
___prospectdirect .org SPAM
21 May 2013 - "Everything that this spammer says is a lie: From: Emily Norton [emily.norton @prospectdirect .org]
Date: 21 May 2013 16:33
Subject: Cater to your email marketing needs
Signed by: prospectdirect .org
I hope you don’t mind but I just wanted to contact you to discuss your email marketing strategy. If you don’t currently have one that is working for you then our client can help.
The company I am contacting you on behalf of have the dedicated knowledge and services to cater to your email marketing needs.
If you would like a quote please complete this form: http ://prospectdirect .org/email-marketing-strategy
Leave your details at the link above or reply with any requirements.
75 Glandovey Terrace, Newquay, Cornwall TR8 4QD
Tel: 0843 289 4698
This email (including any attachments) is intended only for the recipient(s) named above. It may contain confidential or privileged information and should not be read, copied or otherwise used by any other person. If you are not the named recipient please contact the sender and delete the email from your system. If you would no longer like to receive emails from us please unsubscribe here http ://www.prospectdirect .org/landing/page.php?jq=[snip]
Firstly, the email was sent to a scraped address from the website of the Slimeware Corporation and isn't any sort of opted-in address at all. The address of "75 Glandovey Terrace, Newquay, Cornwall TR8 4QD" simply does -not- exist, and the telephone number of 0843 289 4698 appears to belong to a completely -unrelated- company. I very much doubt there is anybody called "Emily Norton" involved, and there is no company in the UK with the name "Prospect Direct". The website prospectdirect .org itself carefully hides any contact details, the WHOIS details are anonymous, the domain was created on 2012-07-19 and is hosted on 18.104.22.168
(Netrouting / Xeneurope , Netherlands). There are no contact details on the website and there is no identifying information at all.. it hasn't just been omitted by accident, the whole thing has been left meticulously clean by a professional spamming outfit.
I would recommend giving these spammers a wide berth given their catalogue of lies