Do you have gas?

Then Aker Kvaerner may have some kind of work for you.
I may judge it wrong.
Not sure if only having gas qualifies, but you never now.
You could be the right person for the job.

It’s of course a scam.
It seems to origin from 41.206.15.2, in Africa. Maybe a hacked UebiMiau installation.
Went via 200.152.205.3, in Brazil before ending up in one of “my” email boxes.

I would not contact the email address info.akrecruitment01@yahoo.co.uk.
But I fart in the scammers general direction.

The spam:

--
Aker kvaerner oil and Gas Company 
Human Resource Department
1 East End Square 
Warrington, SW1Y 4PD
TEL: +447031871469
Fax:  086 601 8442
Ref: 01/007/HRD/AKCOM
Date: 09/03/2010
                        
 
                           JOB ALERT!!!
Could you be the right person for this job offer? What if our judgement 
was wrong? You might want to try your hands on it but unfortunately we are
only looking for professionals with exceptional expertise, highly spirited
individuals who are ready to take up a rewarding challenges in 
the oil and gas industry.
 
Aker kvaerner,a well established and reputable oil/gas company with rapidly
growing wide network of outlets around the world, seeks to attract
resourceful individuals craving for a refreshing opportunity yet
characteristically possesses the skill and uprightness to excellently
deliver amidst limited assistance.
 
JOB LOCATION
-Europe
-Africa  
-Australia
METHOD OF APPLICATION
- All interested candidates should reply via mail with updated
  Resumes (CV).
- Interested applicants must specify job location.
- Only applicants who possess the required qualifications will be
  short-listed whence consequently contacted.
 
All Resumes should be fowarded to:
info.akrecruitment01@yahoo.co.uk
For further recruiting procedures to be taking on your appointment with Aker
Kvaerner Company.

Best Regards,
Mr. Kurt Anderson
HR Department,
Recruitmet section 
Aker Kvaerner Company.
Advertisements
Posted in 419. Comments Off on Do you have gas?

Referrer spam ends up in malware – stars-vs-stars. com

Beware of referrer spam in your weblogs.

At the moment stars-vs-stars. com (hosted on ecatel btw) redirects to http:||olympionik.limewebs. com/xplaymovie.html,
which again redirects to various malware/domains at 69.10.38.27 (trouble-free.net – Michael Lavrik), an infamous IP for hosting malware.
During the last two days, the following domain names have been used:
greatmultimediaservices. com, multimediautilites. com, digitalbluemultimedia. com.
digitalbluemultimedia.com is the active one as I write this.

Poor detection at virustotal.com, 4-8 vendors recognize the malware.
It seems it is being constantly changed.

A screenshot from http:||olympionik.limewebs. com/xplaymovie.html :

Screenshot from olympionik.limewebs.com

If you click on that one, a file named “video-plugin.[varies].exe” will be downloaded.
As mentioned, not many AV vendors recognize those at this moment.

Maybe more later.

Posted in malware, bots. Comments Off on Referrer spam ends up in malware – stars-vs-stars. com