A few hours ago (22 July 2008, 03:41 a.m. PST), our EMEA threat analysts were able to catch the following UPS spam samples from our honeypots. Apparently, the spam run we saw last week (discussed in the blog entry Trojans Deliver) is just beginning to pick up. Here are fresh new UPS spam: Banking perhaps on a previous observation from the earlier UPS post: The B2C (business-to-consumer) parcel industry is set to be the next big thing in Europe, says market research ...

We've seen malicious URLs ending in r.html, main.html, news.html, and about.html being spammed over the past several days. Now it's changing to start.html and begin.html. Visiting these start.html and begin.html Web sites redirects the browser to a site where WATCH.EXE is downloaded. From what I've seen so far, these sites are pushing the same binary. Trend Micro now detects it as TROJ_AGENT.AYZO. What's worrying about these *.html spam runs over the past several days is the increasing incidence of compromised Web sites ...

Clever mnemonics aside, last week we have seen another large scale SQL injection attack (or YAMSIA, if you prefer), this time being orchestrated by a botnet that has become known as Asprox—but first, a history lesson. The code behind the Asprox botnet seems to have been around for quite some time now, but it was only in the last year that it has upgraded to a botnet where its main focus is to send phishing emails. This has changed in late ...

A new spam run captured by our honeypot features a "nude movie" of Angelina Jolie. If the "nude movie" bit is not enough to entice you, maybe the scorching hot picture attached to the email will. The spammed email message contains a supposed "direct link" to Angie's nude movie. Of course, the "Watch" link will lead you to an EXE file. The EXE file link will not be that obvious though, because the URL is actually pointing to a Doubleclick redirector, ...

Surprised, or excited perhaps, at the unexpected "package" sent to you by someone you do not really know? Don't get too carried away. A little caution wouldn’t hurt. Our analysts have been catching spam samples pretending to come from the United Parcel Service Inc. (UPS) to lure users since last week. UPS is one of the world's largest package delivery companies, so this spam run, which informs users that a package has been sent to them, has a lot going for ...