I am seeing a new kind of spam lately. The sender says that it is "Email Administrator" and the subject is "Notification Alert". The message tells me that I have exceeded my limit of my mailbox, and I need to click a link to fix it. Here is the text of the message:
Email Administrator <administrateur@rdp.com>
12:05 PM (2 hours ago)
Dear Account User,
Your mailbox has exceeded the limit of 30 GB, which is as set by your manager, you are currently at 30.9GB, very soon you will not be able to create new e-mail to send or receive again until you validate your mailbox.To re-validate your mailbox, click on the link below and follow the instruction for your upgrade.
Click Here To Upgrade
Regards,
Email Administrator Member Services
****************************** **************************
If you received this in Spam, please kindly move it to inbox.
You notice that the administrator is using the French spelling. That would suggest that the perpetrator is from a French speaking country in Africa, like Senegal, Algeria, Burkina Faso or any other former French colony.
The other thing to note, is that they are using an email address not from the same domain. That should raise red flags.
What I did do, is investigate the links where you have to click to load the malware. (Don't try this at home folks. I am a professional, and I have a machine that I can trash. I use it to trap viruses and have a look at them).
There are two domains in the various messages. Here are the domains:
www.ayotec.co.uk
www.kleine-bucher.de
These are legitimate domains. What these guys do, is hack websites that are not updated regularly or the source code for the web sites are checked infrequently. They simply add another landing page that isn't visible to the website with a link, but can be reached directly with a URL. They hide their malware there, and as a result, the originator is untraceable.
Just another day in the war on Malware and Spam.
