Websense ThreatSeekerR Network has been monitoring an increase in malicious spam activity over the last 28 days, and a recent spike which seems to be spreading quickly and in large amounts begs the suspicion that a spam bot or a bot network is awake.
Some of the message subjects that we’ve seen include, but are not limited to:
- DELIVERY CONFIRMATION FROM FedEx [Reference Number]:
- FedEx DELIVERY CONFIRMATION [Reference Number]
- Your FEDEX id. [Reference Number]
- Wrong transaction from your credit card in The [Hotel Name]
- Changelog: [Reference Number]
- Re:Fw: Intercompany inv. from [Organization Name] Corp
- From USPS [Reference Number]
- DHL id. [Reference Number]
- DHL ATTENTION [Reference Number]
- Your credit card is blocked
Many of the varied subjects seem to be based around major courier service names such as DHL, UPS, and similar, and bear a resemblance to a receipt confirmation or delivery note. Others are recycled subject lines such as the ‘credit card blocked’ types mentioned in a previous blog.
Sample messages with attachment:
Websense customers are protected from these threats by ACE, our Advanced Classification Engine.
Leave a reply
