A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus


Postby hellkyng » Tue Aug 03, 2010 2:40 pm

Is the below email a standard scam, or is anyone else seeing this? It contained a word doc with an embedded pdf which delivered the koobface virus. Detected by 16/42 on Virus Total. The reason I ask is that there is a possibility this was a spear phish, targeting high level executives. Made it right past spam filters without issue. Fortunately no one was fooled, but maybe something to be aware of. Full headers or virus sample can be provided if anyone is curious.

Dear Sir

It has come to our attention that your website contains a logo thatis identical/substantially similar to our copyrighted Work.
Permission was neither asked nor granted to reproduce our Work and your Work therefore constitutes infringement of our rights.
In terms of the Copyright Statutes, we are entitled to an injunction against your continued infringement,
as well as to recover damages from you for the loss we have suffered as a result of your infringing conduct.

In the circumstances, we demand that you immediately:
1. remove all infringing content and notify us in writing that you have done so;
2. credit all infringing content to ourselves.
3. immediately cease the use and distribution of copyrighted material;
4. undertake in writing to desist from using any of our copyrighted Work in future without prior written authority from us.

Attached is a list of the copyrighted material in question.

We await to hear from you.

This is written without prejudice to our rights, all of which are hereby expressly reserved.
Getting started
Posts: 18
Joined: Thu Jun 17, 2010 5:37 pm

Re: Koobface?

Postby AlphaCentauri » Tue Aug 03, 2010 4:58 pm

I haven't seen anything like that. Maybe not "spearphishing," since it's vague enough to be sent to a mailing list, but they're clearly aiming high. It's apparently taken from this free template:
http://www.free-legal-document.com/copy ... esist.html
which includes the same unusual capitalization (in the original it makes sense, because there is a space to define "The Work") and the use of "in future" instead of "in the future."
User avatar
You are kiillllling-a my bizinisss!
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Koobface?

Postby hellkyng » Tue Aug 03, 2010 6:15 pm

Thanks for passing along the link, the certainly is interesting to see they had use a semi-valid legal document as a template. The Word attachment in the spam was also 822010.doc which made it a bit more convincing to our exec that received it.

Came across this as well, the domain used in the spam messages email address referenced this law firm: http://www.douglasrosenthal.com/ They have a nice warning message plastered on their home page regarding the scam. Looks like more then just the email recipients are suffering on this one.
Getting started
Posts: 18
Joined: Thu Jun 17, 2010 5:37 pm

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest