Malicious emails sent in German on behalf of the Post

German users are receiving a lot of such spams these days: It is about a package which allegedly it has its transport costs not paid. (2 €). The user is invited to visit a page where he can be pay this. Verfolgen Sie Ihr Paket: DE3428632-19 STATUS: BEARBEITUNG – VERTEILERZENTRUM BERLIN – Transportkosten VON 2,00 € wurden nicht bezahlt LIEFERUNG ERFOLGT NACH BEZAHLUNG LIEFERKOSTEN BEZAHLEN Useless to say, this is not the usual way to deal with packages, so those which sent the spam have no idea how things work. The link goes to a page delivering a malicious payload.   This is how the email looks like:   Observe the blue marked items. The spammers are either lacking skills, or they think that the users are idiots, or are themselves idiots. The body of the email is one single line of Base64 encoded text. It appears to be sent from an AWS account.     Received: from domain.com (ec2-52-193-124-80.us-west-1.compute.amazonaws.com []) by mx.google.com with ESMTP id d8si40042704pgv.61.2019. for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from smtp.J51G83V9.org (enr2-mrelay-01.ad4123fb38497b9631680eea23dbd0b2.org. ) by mx.google.com with ESMTP id t6si5997511qvm.25.2019. for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from pdr8-services-05v.prod.J51G83V9.org (HELO…

No Image

How Spaces.Live.com encourages spamming

We analyzed the spam presented in the post called Colorful Spam twist for bypassing Spamfilters and ended the post with the information that the target page is hosted on the spaces.live.com. Of course, as we always do in such cases, we wanted to report several URLs to the Abuse team at live.com. We searched on the page and In the footer of each page hosted there, there are some options and one of them is “Report abuse” – http://support.live.com/default.aspx?productKey=wlspacesabuse . However, once we tried to report the URLs hosting the meds advertisements, we started to feel that Live.com tries to do everything as complicated as possible for the reporter. So, the first thing which hit us that we had to provide full identification information and a valid email address. I can’t understand why would Live.com need this information, since I only want to report something. The most frustrating thing on this part of the page is the fact that I have to write the email address or the member ID associated with the blog I want to report. Hello, Microsoft, are you kidding ? How could I possibly know this? I think that only the spammer knows it. The next…

%d bloggers like this: