Silent noise - about spam, trojans and other nasty stuff

Then Aker Kvaerner may have some kind of work for you.
I may judge it wrong.
Not sure if only having gas qualifies, but you never now.
You could be the right person for the job.

It's of course a scam.
It seems to origin from 41.206.15.2, in Africa. Maybe a hacked UebiMiau installation.
Went via 200.152.205.3, in Brazil before ending up in one of "my" email boxes.

I would not contact the email address info.akrecruitment01@yahoo.co.uk.
But I fart in the scammers general direction.

The spam:

--
Aker kvaerner oil and Gas Company 
Human Resource Department

Spam with subject line: "IMPORTANT: Your VISA VbV Password Has Expired!".
Contains links to botnet hosted domain herwsx.com, or more correct, subdomains.

The botnet has earlier (a few days ago) been used in connection with phished/hacked/"social engineered" MSN-accounts which ulitmately led to subdomains of
woooh-i-got-your-pics.com, eg http://zikay.woooh-i-got-your-pics.com/ (now dead).

Maybe more later, but here are some of the IPs, there are of course a lot more.

herwsx.com	 A 	24.7.18.28
herwsx.com	 A 	24.8.113.160
herwsx.com	 A 	24.11.157.140

Just in case I forget.

inetnum:        213.155.22.192 - 213.155.22.199
netname:        singhajeet3
descr:          singhajeet3 - Singh Ajeet
country:        UA
admin-c:        SA5766-RIPE
tech-c:         SA5766-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-HOSTINGUA
source:         RIPE # Filtered

person:         Singh Ajeet
address:        34203, Florida, United States, Bradenton, 1901 60th Place E. Suite L4257
abuse-mailbox:  abuse@hosting.ua
phone:          +380487281518
nic-hdl:        SA5766-RIPE
source:         RIPE # Filtered

A fresh posting today about Ecatel's crimeware friendly hosting:
http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-ecatel-as29073.html

There is probably a lot of people wondering why Ecatel is still up and running.
I've been wondering about it for a long time. (internal link).

Asprox has awaken again.
I have not tried to follow it this time.

But a quick look gave me this one (from bfk.de):

The domain thingre.com lived happily side by side with other domains "attributed" to the newly wakened Asprox botnet.
(bannerdriven.ru, adsyndication.ru, adtcp.ru, adbnr.ru, siteanalitycs.ru, htmlads.ru, ads-t.ru, bannert.ru).

But if you do a quick search for thingre. com, this domain has been tied to Waledac.

What do a stock spammer and fraudster do when things go to hell?
Puts his faith in God.

Here is the visible part of the spam:

Here's another one to end the losses? GEVI yesterday's Anncement, means
high-rise in revnue - "We are thrilled to have come to an agreement to
acquire SCWW and are eager to work with them to achieve their goal of
becoming the premier independent non-hazardous wastewater management
company..."

This high-riser, GEVI is not going to be kept quiet for long, GEVI, Read This

To end future emails go here:
http://www.dampieraaw.com/help.htm