Fake NatWest SPAM - uses goo.gl links to spread malware
1 Aug 2014 - "This fake NatWest bank message uses the Goo.gl URL shortener to spread malware:
The link in the email goes to goo .gl/dGDi7l and the downloads a ZIP file from berkleyequine .com/wp-includes/images/Documents-43632.zip, containing a malicious executable Documents-43632.scr which has a VirusTotal detection rate of just 1/54*. The CAMAS** report shows that the malware calls out to the following URLs;
The characteristics of this malware are very similar to this one seen yesterday***, and you can be assured that there are other goo .gl URLs and download locations in addition to the one listed here... Google don't make it easy to report spammy links and they are awfully slow to respond to reports, but their reporting form is at goo.gl/spam-report if you want to try it...
berkleyequine .com "
Fake NYC Homicide Suspect SPAM - using goo .gl shortener to spread malware
1 Aug 2014 - "... This spam is slightly unusual..
From: ALERT @nyc .gov [ALERT@ static-23-106-230-77.ipcom.comunitel .net]
Date: 1 August 2014 10:43
Subject: Homicide Suspect
Bulletin Headline: HOMICIDE SUSPECT
Sending Agency: New York City Police
Sending Location: NY - New York - New York City Police
Bulletin Case#: 14-10078
Bulletin Author: BARILLAS #9075
Sending User #: 94265
APBnet Version: 287320
The bulletin is a pdf file. To download please follow the link below (Google Disk Drive service):
https ://goo .gl/RwNKEA ...
The link in the email is goo .gl/RwNKEA which goes to unionlawgroup .com/wp-content/images/Documents-43632.zip which is exactly the same payload as used in this spam*...
Blocking unionlawgroup .com is probably a good idea."
Fake Googlebots increasingly used to launch DDoS Attacks
31 Jul 2014 - "Spoofed Googlebots, Google's search bot software, are increasingly being used to launch application-layer DDoS attacks.
Analysis: The fake Googlebots have also been observed scraping sites, sending spam, and hacking as well. These bots could prove an effective tool, as even well-protected companies with appropriate blocking rules still allow for Google. However, the fake Googlebots are easily identified, as legitimate Googlebots come from a predetermined IP address range. [ http://threatpost.com/phony-googlebots-becoming-a-real-ddos-attack-tool/107317 ] "