Another Fifth Third Bank Phising Email

I just received another Fifth Third Bank phising email. The subject line was Dear Fifth Third Bank Cusotmer. This email contained an image that showed a message supposedly from Fifth Third Bank. The entire image is a link to the site that would perform the phishing. When I tried to access the link that the image points to, I recieved the following error.

Server Error
The following error occurred:
[code=SERVER_RESPONSE_RESET] The server response could not be read because of an error. Contact your system administrator.

--------------------------------------------------------------------------------
Please contact the administrator

The text of the email is:

Dear Fifth Third bank business/commercial customer,

Fifth Third Protection Department requests you start the client details confirmation procedure. By clicking on the link at the bottom of this letter you will get all necessary instructions how to start and complete the confirmation procedure. The following steps are to be taken by all business and commercial customers of the Fifth Third bank.

Fifth Third Protection Department apologizes for the inconveninces caused to you, and is very grateful for your cooperation.

To start the confirmation procedure, click the following link:

[a picture of a valid link is shown here]

Here is what the actual message looks like:

Read more! »

I just received another Win32.Warezov.dc virus email.

This time the spoofed from address was:

secur@scholzes.com

There is no website, that I could find, for scholzes.com. The email I received originated from a block of addresses that used by an internet provider in another part of the country, so it is unlikely that this message was actually sent from anyone at this domain.

The body of this message is:

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

Any way if you see anything like this, don't open it, just DELETE IT.

Here is the header information from this message (my info has been changed slightly, but the rest remains the same).

Return-path: <secur@scholzes.com>
Envelope-to: someaddy@davemoats.com
Delivery-date: Wed, 06 Dec 2006 09:25:29 -0700
Received: from unknown (HELO gcopghgraia) (70.182.174.151)
by 70.182.174.65 with SMTP; Wed, 6 Dec 2006 10:24:23 -0000
Date: Wed, 6 Dec 2006 10:16:23 -0600
From: secur@scholzes.com
Mime-Version: 1.0
To: someaddy@davemoats.com
Subject: Mail server report.
Content-Type: multipart/mixed;
boundary="-----------20CC820E3832E623"

-------------20CC820E3832E623
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

-------------20CC820E3832E623
Content-Type: APPLICATION/OCTET-STREAM; name="Update-KB6062-x86.zip"
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="Update-KB6062-x86.zip"

I received an email today supposedly from Fifth Third Bank addressed to an account I use for notification of issues on the web site. The email was about "my account" with this bank, and since I know I don't do business with this bank and that I would never use this address to set up an online banking account or as a primary notification account, I knew something was "Phishy".

The text of the email is contained in an image file, a gif file. Here is the textual content of that images. (I modified the links so they would not work from here).

Dear Fifth Third bank business or commercial customer,

Customer Service Department of the Fifth Third bank is in a position to let you know that it is necessary to pass the procedure of acknowledgement of your client data. In order to pick up all the necessary instructions and to start the procedure, you should click the the link at the end of the letter. This procedure is obligatory for performance for all business and commercial clients of the Fifth Third bank.
This instruction has been sent to all the business and commercial clients of Fifth Third bank and is obligatory to be followed up.
To start the procedure of acknowledgement of your personal client data please use this link:

www .53.com/businessandcorporate/isapidll/cutomerdata

We appreciate your cooperation with us and apologize for the inconvenience brought.

This message is then repeated again at the very bottom of the email.

Here is a picture of the actual message.

Read more! »

I just received the following email from someone I don't know and it had a file attachment. So needless to say all the alarm bells went off and I had to check it out.

The email was received from this spoofed address.

From: secur@heatwave.com - the IP Address that it was sent from translates to a range of most likely home addresses in the Atlanta area. This IP address is not from heatwave.com.

With the following body:

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

Containing the folowing zip file:

Update-KB8812-x86.zip

After a quick search for KB8812-x86, I decided that I was looking at a variant of the Email-Worm.Win32.Warezov.dc.

Here is some more info about it.
FSECURE
VIRUS LIST
SECUNIA
ALADDIN

So if you see an email like this, do not be fooled, just DELETE it and do not open the email or the attachment.

So I received a couple of suspicious emails this morning.

Both had attachments, one attachment was named text.zip, the other attachment was named document.zip.

The messages were about the same size and had the same message content (displayed below).

The message cannot be represented in 7-bit ASCII encoding
and has been sent as a binary attachment

After a quick search, it appears that these messages are from TROJ_STRAT.GN

Looks like this guy has been pretty busy virus-radar.

So if you see any messages like this, don't open them, just DELETE them.

Well I just received this and it looks suspiciously like the "Foreign payment receiving officer scam" that I posted on the 6th of November. I did some checking and the website, ntssystems.com, that is used by the email address has no content. In fact if you translate the Russian text on this page it comes back as

This is your test page index.htm. You will replace with its necessary to you contents.

Here is where this email came from, based on the header information.

Return-path: <stocknews@touraust.com.au>
Received: from dyndsl-085-016-176-068.ewe-ip-backbone.de ([85.16.176.68] helo=dyndsl-085-016-109-084.ewe-ip-backbone.de)
From: Net Transaction Systems <stocknews@touraust.com.au>

I am not sure if this is just a an email harvesting scam or if it is more involved, but I would make sure this message just went away.

Here is the actual message content.

Hello

Net Transaction Systems (NTS ,inc) is a Lithuanian company,
dealing with the software elaboration, web-design and Internet
commercials.
NTS ,inc began to work in 2000 and now it is considered to be the one
of the leaders among IT- service providers in Internet.
Large selection of service, high quality of our work, professionalism
of our employees and affordable prices attract new clients every day.

The fact is that despite the US market is new for us we already have
regular clients also speaks for itself.

WHAT YOU NEED TO
DO FOR US?
The international money transfer tax for legal entities
(companies) in Lithuanian is
25%, whereas for the individual it is only 7%.
There is no sense for us to work this way, while tax for international
money transfer made by a private individual is 7% .That's why we need
you! We need agents to receive payment for products in money orders,
cheque or bank wire transfers) and to resend the
money to us via Wire
Transfer or Western Union Money Transfer.This way we will save money
because of tax decreasing.

JOB DESCRIPTION?
1. Recieve
payment from Clients
2. Cash Payments at your Bank
3. Deduct 10% which
will be your percentage/pay on Payment processed.
4. Forward balance
afer deduction of percentage/pay to any of the offices you will be
contacted to send payment to(Payment is to forwarded either by Wire
transfer or Western Union Money Transfer).

HOW MUCH WILL YOU
EARN?
10% from each operation! For instance: you receive 7000 USD via
cheques or
money orders on our behalf. You will cash the money and keep
$700 (10% from $7000) for yourself!
At the beginning your commission
will equal 10%, thoughlater it will increase up to 12%!

ADVANTAGES
You do not have to go out as you will work as an independent
contractor right from your home office. Your job is absolutely legal.
You can earn up to $3000-4000 monthly depending on time you will spend
for this job.
You do not need any capital to start.You can do the
Work easily without leaving or affecting your present Job.The employees
who make efforts and work hard have a strong possibility to become
managers. Anyway our employees never leave us.

MAIN
REQUIREMENTS
18 years or older legally capable responsible ready to
work 2-4 hours per week. with PC knowledge e-mail and internet
experience (minimal)

And please know that Everything is
absolutely legal,that's why You have to fill a contract!
If you are
interested in our offer, please reply to the following email address:
manager@ntssystems.com ,Thanks for your anticipated action.
And we hope to hear back from you.
Regards,
Mr Matthew Booth

Another scam email, I received this one twice in about 15 minutes today. If you get something like this, just delete it, don't even reply to it.

More Scams - search this page for "Chung" to see this email message listed.

From: mrtsaichung2@aol.com
To: undisclosed-recipients:
Sent: Monday, November 06, 2006 9:41 AM
Subject: Work As Our Payment Receiving Agent(Douyuan Chemical Company Ltd)

Douyuan Chemical Co Ltd .
No .57 to 59, Lane 101
North District Tai Nan
Taiwan 704

We are exporters based in the Taiwan . We export raw materials into Asia and into Europe, America and Australia . Our company, Douyuan Chemical Co. Ltd was established in 1987. We are interested in employing your services, to work with us as our foreign payment receiving officer, who can help us eastablish a medium of receiving payment on our behalf for Goods and raw materials we supply to our clients in Europe, America or Australia .

No expertise or financial obligation is required of you in this contract.

The rationale for this is not far-fetched; Most of our overseas customers prefer to pay us in cheques for goods supplied. And here in Taiwan, we have a very slow process in clearing foreign cheques and drafts.

When you are successfully accredited as our foreign payment receiving officer. you shall have the responsibilty of clearing all cheques and drafts sent in from America.

You shall get 10% of any payment that is made to us through you. Which you shall deduct immediately after clearance before transfering our balance to our account.

Subject to your satisfaction with this proposal, you will be made our foreign payment receiving officer in your region. If you decide to work for us forward the information below to us .

1.FULL NAMES: 2.RESIDENTIAL ADDRESS:
3.SEX: 4.AGE:
5.PHONE NUMBER: 6.FAX NUMBER(IF ANY):
7.OCCUPATION: 8.COMPANY NAME:
9.COMPANY ADDRESS: 10.NATIONALITY:
11.PRESENT COUNTRY: 12.STATE/PROVINCE:
13.Zip Code:
To this ; info_douyuanchemicallimited@yahoo.com.hk

Note that no form of payment will be requested upfront in this endeavor.
On our receipt of the above details we shall forward to our customer/clients to immediately contact you with the mode of payment

We anxiously await your response.
Sincerely,

Mr. Tsai Chung,
General Manager;
Douyuan Chemical Co Ltd.

Taiwan

--------------------------------------------------------------------------------
Check out the new AOL. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AOL Mail and more.

The following message is not true, please don't forward this to anyone.

Please remember, that no one is going to track an email to make sure you forwarded it to, in this case, 9 people. If no one is tracking the email how in the world are you going to get your gift, in this message it is a $50 gift certificate.

Subject: Fw: Applebee's - enjoy! or Applebee's - enjoy! ($50.00!!)

My name is Bill Palmer, founder of Applebee's. In an attempt to get our
name out to more people in the rural communities where we are not
currently located, we are offering a! $50 gift certificate to anyone who
forwards this email to 9 of their friends. Just send this email to them
and you will receive an email back with a confirmation number to claim
your gift certificate.

Sincerely
Bill Palmer
Founder of Applebee's Visit us at: www.applebees.com

Some more info on this hoax:
Urban Legends

Hoax Slayer

Sophos

Well, this is a new one to me. It is known as the next of kin scam.

You can check this and other scams.

If anyone out there sees something like this in their email, make sure you really know the people involved.

This may be helpful, scam checker.

Here is the email I received:

From: Alfred Shombo
Sent: Monday, October 23, 2006 12:17 PM
Subject: Please respond / Next of kin to Moats

Dear Moats,

I am sorry for the embarrassment this mail might cause you, as we have not met before. I am Barrister Alfred Shombo, a solicitor at law; I was the personal attorney to Engineer Philip Moats, who used to work with the biggest oil companies here in South Africa. On the 21st of April 2003, my client, his wife and their two kids were involved in a car accident on their way from Durban from Easter Holiday.

All occupants of the vehicle unfortunately lost their lives, since then I have made several inquiries to locate any of my clients extended relatives; this has proved unsuccessful. I came across your name and contact while in search of Philip's relations and decided to ask for your assistance for the realization of this project. Before his demise, my client had lodged the sum of US$13,300,000.00 with a security outfit here in Johannesburg South Africa, with the hope of transferring the money to his account overseas in bits.

After his death and nobody has come forward to claim the money as his next of kin, the Security Company last year gave me 12 months notice to provide this next of Kin or have the money confiscated; this ultimatum will expire in a few months time. Since I have been unsuccessful in locating the relatives for over two years now, I seek your consent to present you as the Next of Kin of the deceased since you both share the same last name so that the ownership of this $USD13.3 Million Dollars can be transferred to you to enable you and I share it on the following percentage: 50% for me 45% for you, and the remaining 5% will be used for expenses and tax.

Please, find attached, picture of the funds as was taken by my client before it was deposited with the Security company, and it is worthy for you to know that he got this money from one of the Oil deals he had with the then Oil Minister. Also attached is the picture of the entire family that perished in the accident. This is just to proof to you that my proposal is genuine.

I will also procure all necessary legal documents that can be used to back up any claim we may make. All I require is your honest co-operation to enable us see this business through. I guarantee that this will be executed under a legitimate arrangement that will protect you from any breach of the law.

Get in touch with me through my email address so that we can proceed.

Sincerely yours,
Alfred Shombo ESq.

--------------------------------------------------------------------------------
Want to see who's on the other side? Chat via video on Windows Live Messenger!

So I received an email about Mars' orbit bringing it close to the earth, so close in fact that it would be as large as the moon to the naked eye. Since I hadn't seen anything about it in the papers or heard about this on the news, I thought I would check it out. It is a hoax and has been around for a while.

Here is the main body of the message:

The Red Planet is about to be spectacular!

This month and next, Earth is catching up with Mars in an encounter that
will culminate in the closest approach between the two planets in
recorded history. The next time Mars may come this close is
in 2287. Due to the way Jupiter's gravity tugs on
Mars and perturbs its orbit, astronomers can only be
certain that Mars has not come this close to Earth
in the Last 5,000 years, but it may be as long as
60,000 years before it happens again.

The encounter will culminate on August 27th when
Mars comes to within 34,649,589 miles of Earth and
will be (next to the moon) the brightest object in
the night sky. It will attain a magnitude of -2.9
and will appear 25.11 arc seconds wide. At a modest
75-power magnification

Mars will look as large as the full moon to the naked eye.
Mars will be easy to spot. At the
beginning of August it will rise in the east at 10p.m.
and reach its azimuth at about 3 a.m.

By the end of August when the two planets are
closest, Mars will rise at nightfall and reach its
highest point in the sky at 12:30a.m. That's pretty
convenient to see something that no human being has
seen in recorded history. So, mark your calendar at
the beginning of August to see Mars grow progressively
brighter and brighter throughout the month. Share this
with your children and grandchildren. NO ONE ALIVE TODAY WILL EVER SEE THIS AGAIN

NASA's thoughts on this hoax.

It is an Urban Legend as well.

I received an email today from a well meaning family member......contents of the email is posted below. The basic signs of this being a hoax were very apparent...the capitalization of PLEASE FORWARD and SEND THIS E-MAIL TO EVERYONE YOU KNOW.

I did a quick a check and found that this is just a rehashing of an old hoax...Virtual Card for You.

Here is the main body of the message:

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS:

You should be alert during the next days:

Do not open any message with an attached filed called "Invitation"
regardless of who sent it. It is a virus that opens an Olympic Torch
that "burns" the whole hard disc C of your computer.

This virus will be received from someone who has your e-mail address in
his/her contact list. That is why you should send this e-mail to all
your contacts. It is better to receive this message 25 times than to
receive the virus and open it.

If you receive a mail called "Invitation", though sent by a friend, do
not open it and shut down your computer immediately.

This is the worst virus announced by CNN. It has been classified by
Microsoft as the most destructive virus ever. This virus was discovered
by McAfee yesterday, and there is no repair yet for this kind of virus.

This virus simply destroys the Zero Sector of the hard disc, where the
vital information is kept.

SEND THIS E-MAIL TO EVERYONE YOU KNOW. COPY THIS E-MAIL AND SEND IT TO
YOUR FRIENDS. IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.

So if you receive an email like this, Please just delete it don't forward it on to anyone.

I am a veteran, so this hits close to home. Most likely, my information, along with every other veteran that separated after 1975, has now been exposed to possible exploit.

This is a very good example of poor policies or poor policy enforcement when it comes to guarding sensitive data. Does the VA require that sensitive data be encrypted while at rest....probably not or we would of heard about that right away. How does an employee bring storage media into in a government facility and then walk out with 25 million rows of data? Is there no policy about connecting non-government devices to the government network?

Just 1 quick addition....I was reading some different news articles today and thought this article fit in nicely.

VA data loss could prompt federal privacy law