EBAY and AMAZON

Joel Esler jesler at sourcefire.com
Mon Jun 11 22:43:34 UTC 2012


These are exploit kit teasers. 

Black hole exploit kit specifically. I wouldn't click on any of the links in there. 

Anyone who would like to send me copies of these, I'll take.  

--
Joel Esler

On Jun 11, 2012, at 4:51 PM, Blake Pfankuch <blake at pfankuch.me> wrote:

> I have a spam pit email address which I monitor for trends to have a little bit of jump on the possible things users might touch at work.  I started seeing the amazon, ebay and paypal ones a few weeks back.  The other one I have started to see a lot of is the "Free or cheaper home phone service through magic jack" ones.  Again as expected they link to some .ru domain and look just like the normal sign up page.  Also my handy dandy virtual machine was instantly owned with malware just by loading the page.  The VM runs Windows 7 as a non administrative user, UAC cranked up and IE9.  Something like 10 installed apps showed up including "Adobe Flash Player Latest."
> 
> The other cool one I have been seeing is along the lines of "How to better utilize your office phone system" or "New Business Phone systems" with supposed links to "popular new phone system trends".  This one is rather crafty as it has an embedded image which is a nice weblink to an infected jpg.  So you click show picture in outlook, or in your browser and you get another installed piece of nastyware.
> 
> -----Original Message-----
> From: Kain, Rebecca (.) [mailto:bkain1 at ford.com] 
> Sent: Monday, June 11, 2012 12:40 PM
> To: nick at flhsi.com; Brandt, Ralph; nanog at nanog.org
> Subject: RE: EBAY and AMAZON
> 
> I have gotten them from "amazon" stating "order number X was cancelled and please click on the below file for more information".  Because I order so much on amazon, I almost thought it was real and clicked on it but then went to the amazon site and looked at "my open orders".  It always pays to goto the site, not believe email.
> 
> 
> -----Original Message-----
> From: Nick Olsen [mailto:nick at flhsi.com]
> Sent: Monday, June 11, 2012 2:06 PM
> To: Brandt, Ralph; nanog at nanog.org
> Subject: re: EBAY and AMAZON
> 
> I think it might just be coincidence. I've gotten about 10 of them and haven't been to ebay or amazon in months.
> Most of them have been for >60 dollar books.
> 
> Nick Olsen
> Network Operations (855) FLSPEED  x106
> 
> ----------------------------------------
> From: "Brandt, Ralph" <ralph.brandt at pateam.com>
> Sent: Monday, June 11, 2012 1:28 PM
> To: nanog at nanog.org
> Subject: EBAY and AMAZON
> 
> I have received bogus emails from both of the above on Friday. 
> 
> These look like I bought something that in both cases I did not buy.
> The EBAY was a golf club for $887 and the Amazon was a novel for $82, far more than I would have spent on either.
> 
> I think I looked at the novel on Amazon and I remember the golf club came up on a search with something else on Ebay.  
> 
> How this information could get to someone spoofing is a little disconcerting.  
> 
> I have changed EBAY and Paypal Passwords as instructed.  
> 
> Ralph Brandt
> Communications Engineer
> HP Enterprise Services
> Telephone +1 717.506.0802
> FAX +1 717.506.4358
> Email Ralph.Brandt at pateam.com
> 5095 Ritter Rd
> Mechanicsburg PA 17055
> 
> 
> 
> 




More information about the NANOG mailing list