1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WOW... New email scam or virus.

Discussion in 'BlackHat Lounge' started by jdog37, Aug 23, 2011.

  1. jdog37

    jdog37 Power Member

    Joined:
    Apr 3, 2009
    Messages:
    510
    Likes Received:
    569
    Occupation:
    unemployed electrician
    Location:
    virginia
    I have an email address that all the scammers and spammers send their shit to and I am pretty used to it. In fact, when bored I sometimes read the dialog used by them just to see how they might convince someone to actually fall for their scam.

    The latest scam email is from Mr. Ben S. Bernanke himself.... (imagine that!) Its just the usual beneficiary bullshit about a 10 million dollar inheritance you see in all these emails.

    But tonight while sifting through all the crap I saw a new one (at least new to me)

    From: NYC Subject: Uniform Traffic Ticket

    Code:
    New York State ?  Department of Motor Vehicles
    UNIFORM TRAFFIC TICKET
    POLICE  AGENCY 
    
    
    
    
    
     NEW YORK STATE POLICE      
    
    
    THE PERSON DESCRIBED  ABOVE IS CHARGED AS FOLLOWS
    
    
    
    
    
    Time
    7:25 AM
    Date of Offense
    07/05/2011
    IN VIOLATION OF
     NYS V AND T LAW
    
    
    Description  of Violation
     SPEED OVER 55 ZONE
    TO PLEAD, PRINT OUT THE  ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM
    HALL., PO BOX 117
    It also has an attached file called ticket.zip that of course I am supposed to open.

    As an internet savvy guy I realize that running my tag number will not give you my email address to forward my ticket to. Not to mention the fact that I have never been to New York, or that I have not had a drivers license or driven a car in 5 years.

    All of that aside... Out of curiosity I am just dying to see what is in that attached file. So I turn to you my Black Hat friends.

    Of course I am not going to download the file to my computer, but is there some way that I can safely open the file just to see what the catch is?

    I am just curious to see if they are wanting my bank info or if they are trying to infect me with a virus.

    Any thoughts would be appreciated. BTW the file size is 13kb if that means anything.
     
  2. markfb

    markfb Newbie

    Joined:
    Oct 5, 2009
    Messages:
    5
    Likes Received:
    0
    I have had the same email and when you consider that I live in the UK and have not been to New York since 1999 it raised all the red flags. Still it make a change from all the usual scam mail.
     
  3. SyZygy

    SyZygy Senior Member

    Joined:
    Dec 29, 2009
    Messages:
    864
    Likes Received:
    1,080
    Location:
    Europe
    Home Page:
    Yup, had the same thing with USPS packages in .zip

    anyone has a Mac so we can see what's in the zip? :D
     
  4. Nakota757

    Nakota757 Junior Member

    Joined:
    Mar 24, 2008
    Messages:
    142
    Likes Received:
    51
    Location:
    Huntington Beach, CA
    Yeah, I'm on a Mac, PM it to me and I'll check it out.
     
  5. kaplan

    kaplan Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 11, 2010
    Messages:
    161
    Likes Received:
    34
    13kb zipped can be a nice egg, it can easily be a virus but more likly they will want a money transfer.
     
  6. purewealthinc

    purewealthinc Regular Member

    Joined:
    May 3, 2010
    Messages:
    427
    Likes Received:
    383
    Occupation:
    Web Fishing
    Location:
    World Wide Web City
    Mate, simple solution: Why you shouldn't upload the zip file first in Virustotal dot com before you open it? Virustotal can detect any kinds of virus inside the file..

    Do it immediately once you read my suggesstion
     
  7. Nakota757

    Nakota757 Junior Member

    Joined:
    Mar 24, 2008
    Messages:
    142
    Likes Received:
    51
    Location:
    Huntington Beach, CA
    Why risk it? The virus could be too new to detect, so I'm just gonna do it for them, not to mention they've gotten me intrigued now!
     
  8. softwareprogram

    softwareprogram Junior Member

    Joined:
    Jun 2, 2011
    Messages:
    154
    Likes Received:
    64
    Occupation:
    Business Owner
    Location:
    Hong Kong
    yup me too:x we are on mac and we do not care about virus .. In face viruses not works on Mac :)
     
  9. Nakota757

    Nakota757 Junior Member

    Joined:
    Mar 24, 2008
    Messages:
    142
    Likes Received:
    51
    Location:
    Huntington Beach, CA
    SyZyGy almost got it to me, but his e-mail provider blocked the e-mail due to the nature of the file.

    Go figure.
     
    Last edited: Aug 23, 2011
  10. havingadabble

    havingadabble Regular Member

    Joined:
    Jul 2, 2010
    Messages:
    215
    Likes Received:
    349
    I've had about 6 of these at work over the last week or so - fu<ker5!!!
     
  11. kPybus

    kPybus Regular Member

    Joined:
    May 29, 2011
    Messages:
    359
    Likes Received:
    158
    Location:
    127.0.0.1
    Home Page:
    Don't open it, you might get herpes. :D At least put a protective cover on your usb drive before you stick it in.
     
  12. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    I can have the file analysed and tell you what it is
    but 'll bet you $10 it's an irc bot.
    It'll install PPI software on your pc, use you as a proxy and a DDOS robot.

    Don't ask me how I know.
     
    Last edited: Aug 23, 2011
  13. kickapooh

    kickapooh Regular Member

    Joined:
    Apr 16, 2010
    Messages:
    431
    Likes Received:
    844
    Lol, can I be a part of your botnet too bro? Then all the shit I do that I could get into trouble for I can just be like, "wasn't me, I'm a IRC bot!" woop woop :D
     
  14. drax2009

    drax2009 Registered Member

    Joined:
    Oct 28, 2009
    Messages:
    84
    Likes Received:
    14
    lol I got 57 - fifty fuckin seven - of these this morning, all in a row. Avast picked them up as infected - someone is doing some big time spamming with this right now
     
  15. 6hundy

    6hundy Junior Member

    Joined:
    May 18, 2010
    Messages:
    190
    Likes Received:
    58
    ive got about 40 over the past week to my various accounts. blocked every time, but i was wondering the same thing....what is it? anyone open it up to take a look yet?
     
  16. ronegraT

    ronegraT Power Member

    Joined:
    Dec 29, 2010
    Messages:
    620
    Likes Received:
    101
    Occupation:
    sleeping
    Location:
    Sweden
    Most likley its some kind of trojan which will make your computer become a part of a botnet