“Your Site Has Been Hacked” ransomware email campaign in the wild

I was actually not expecting this kind of ransomware… I am used by now with “You’re hacked”, “You’re infected”… and others alike , but this one with the website is actually really interesting. What I find very disturbing is the fact that there are 5 transactions. A few were for tests, I think, but there is at least one who paid. They do use the a correct website of mine. PS: Of course that my site hasn’t been hacked :))   Here are some of the headers: Return-Path: <> Received: from ([]) by with ESMTP id ce7si16117485edb.534.2020. for <>; Fri, 17 Apr 2020 03:08:23 -0700 (PDT) Received-SPF: neutral ( is neither permitted nor denied by best guess record for domain of client-ip=; Authentication-Results:; spf=neutral ( is neither permitted nor denied by best guess record for domain of X-AntiVirus: Checked by Dr.Web [version:, engine:, virus records: 6152810, updated: 8.05.2017] Return-path: <> From: “Hacker” <> To:   For indexing better, this is the body of the email. PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS! We have hacked your website and extracted…

Quoted in ECommerceTimes: Gmail to Warn Users of Unencrypted Email

Gmail to Warn Users of Unencrypted Email Author: Richard Adhikari   Quotes: The warning “will help in cases where hackers try to perform DNS poisoning while trying to infect or phish users visiting well-established websites,” security consultant Sorin Mustaca said.   Going with TLS is not necessarily the answer because “many emails would not reach their destination if the destination servers don’t support TLS,” security consultant Mustaca told the E-Commerce Times. Emails continue to be delivered because of opportunistic encryption. “Servers first try to establish a TLS connection and, if they don’t succeed, they continue communicating on unencrypted connections,” he explained.

No Image

Good idea bad implemented:

From “about us” on the website: delivers notifications that interest you in near real time. It eliminates the need for you to constantly check on classified listings, blogs or social networking sites. Notifications are pushed to your destinations of choice such as instant messenger, mobile phone, email, desktop or web application. Check out our wiki for examples of how people are using the service.   Sounds good… I always wanted to have something like this to filter my pages. But it doesn’t really work… for some reasons. Send via IM doesn’t even authenticate. Adding an URL ends up in a disaster: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Apache/2.2.3 (CentOS) Server at Port 80 I sent them an email to webmaster (what a useless action) and to their forum. Let’s see if I get a response.

No Image

Email Spam Not the Problem it Once Was for the End-users

IT security expert Avira found during recent surveys of its customers that email spam is still an everyday occurrence, but not the nuisance it once was. Nearly half of all end-users are satisfied with the anti-spam filters on their PCs and laptops, plus many others rely upon their Internet Service Provider (ISPs) to filter messages. The vast majority of users receive fewer than 10 spam emails per day. “The Spam landscape has clearly changed in the last two years with the take down of a couple of major botnets,” said Sorin Mustaca, data security expert at Avira GmbH. “Considering the fact that almost all email providers have a form of spam filtering installed on their servers, end-users receive only what the anti-spam solutions on the servers don’t catch. What really surprised me was that 45% of the users answered that they have an anti-spam solution on their computers and that they are satisfied with it. Overall, there is clearly work to be done within the security industry to get rid of 100% of all spam emails, but progress is being made.” The larger security challenges today include fighting web-based Trojans and spyware that harvest credit card numbers and personal identity…

No Image

PayPal security warning email with malware

PayPal security warning email with malware There is a new wave of emails pretending to come from Paypal having a ZIP archive attached. The email says that your PayPal account have been accessed by a third party and, in order to protected your account, PayPal has been locked.The user is invited to review the report attached to the email, the zip archive, containing a single executable following the template account–report.exe There is no link inside the email, so everything was made “easy” the user : he should only extract the file and execute it. Please don’t because it contains a malware detected by all Avira products as the dropper DR/Delphi.Gen.

No Image

Facebook and Twitter Phishing (on first sight)

The source of the articles is in the Avira Techblog: Twitter Phishing (on first sight) Facebook Phishing (on first sight) Twitter Over the weekend our spam traps received a massive wave of emails looking like the one below: The emails seem to stem from “Twitter Support” ( and are addressed each to exactly one unique email address. The link in the email seems to be unique for each email sent, too. Quite an effort to make the email look more legitimate. The target link is always a compromised website holding an html page. Amazon: Bestsellers Electronics and Photo After clicking on the URL, a multiple stage redirection takes place. On some of these redirection websites, the intermediate page raises alerts because our engine detects encrypted content in JS. Finally comes the surprise: The target website at the end of the redirects is not a phishing website but a Canadian online pharmacy. For me personally this was a “Wow!” moment. Why did the spammers choose to send the emails as Twitter phishing? I think that the explanation is simple – they did it because nobody did it before. As usual, users of the Avira Premium Security Suite and the users of…

No Image

Avira goes into Managed Security Services by acquiring CleanPort Avira extends Managed Security Services portfolio to offer users security “in-the-cloud” Tue, 02 March 2010 Avira’s acquisition of CleanPort forms the basis for the new business unit Tettnang/ Doetinchem, 2 March 2010 – German IT security provider Avira has acquired CleanPort, an acquisition that extends Avira’s solutions for terminals and server products with a new business line. With Avira Managed Security Services (AMSS), the company immediately adds online security services to all activities for all user segments. These services will be provided through a separate data center infrastructure. This new business unit is the motivation for Avira’s strategic acquisition of the Dutch group CleanPort B.V./ ISP Services B.V./ NextIdentity B.V., effective March 1, 2010.

No Image

Email-(in)Security using GnuPG for Windows and Outlook

I usually do not start with a conclusion… But now I will. Simply stay away from this dreadful software… !!! It is simply buggy ! Outlook 2007 crashes almost at every signed email that this crappy software tries to display. STAY AWAY FROM at least until they fix these crashes !!!

No Image

When marketing doesn’t read what they send via email

I am subscribed to the TAROM (Romanian Airlines) Newsletter which is sent approximately once a month. Each month I receive the same corrupted email which looks like the one in the picture: Why is this happening ? Simply because they add some newlines in the wrong places. Actually, it is enough only the first one to ruin everything. See the red arrows ? Those newlines shouldn’t be there. I wrote to Tarom ( and they didn’t reply back. And they also didn’t fix the problem. This could’ve been avoided very easily if they just preview the newsletter before they mass mail it.

%d bloggers like this: