The Latest in IT Security

MasterCard spam leads to Fake AV


We’re seeing a significant “spam attached malware” campaign in the past 48 hours with different attachment MD5s.


The username portion of the email sender is random, using a classic mis-spelling that has been consistent.Usernames are a single word, followed by a “.”, “_”, or “-“, followed by a two or three digit number. The most popular words (by far) are “manager”, and “support” , but we’ve also seen admin, adminnistration, alerts, cunsumer, delivery, e-file, finance, frboard-webannouncements, govdelivery, information, inspector, news, news-alerts, no-reply, protection, public, report, service, stats, subscriber, subscriptions, usttb, and webannouncements.

The attached file is actually named as a “.com”, using a random-seeming filename in the format “id” followed by a 5-7 digit number (such as

When the file is launched, it attempts to make connections to a long list of domains that are probably made by a “DGA” or “Domain Generation Algorithm”. It’s likely that at different times or days this list would be different. The purpose of the malware? Seems to be just another Fake Anti-virus product. Here’s the scan that kicked off:

After the scan, I was of course constantly reminded of the grave danger I was in:

By using Quick Heal Total security, such fraudulent Mails get tagged as Spam and users get protected.
Quick Heal also detects the Malicious attachments and the installed Rougeware files.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments