Scary Spam - or is it??

Hippiechickgirl

HEEEEEEELP!


Just seen this in my spam box and whilst initially freaking out - have resisted the urge to open it... what does anyone know about it? Are there more people getting this? who should I/we report it to? will they actually get in to my account/s?

Really concerned... see following cut and paste from said e-mail...:(





Your Order No 76481 | Puremobile Inc.

Monday, 4 April, 2011 2:53

From:
"PuremobileInc" (followed by an e-mail link and a PDF file icon))



To:


Message contains attachments

1 File (74KB)



order 04041165.pdf (posted as a link on my original e-mail)

Thank you for ordering from Puremobile Inc.

This message is to inform you that your order has been received
and is currently being processed.

Your order reference is 773023. You will need this in all
correspondence.

This receipt is NOT proof of purchase. We will send a printed
invoice by mail to your billing address.

You have chosen to pay by credit card.
Your card will be charged for the amount
of 825.00 USD and "Puremobile Inc."
will appear next to the charge on your statement.


Your purchase information appears below in the file.
______________________________________________________

Puremobile Inc.

rmg1

I would say don't open the attachments and keep an eye on your credit card statement(s).
Have you purchased anything using your credit card(s) recently?

aerostar

This has been doing the rounds for some time in various guises. Delete.

put into google

Thank you for ordering from Puremobile Inc

Kingsd316

Open it on an iphone/mobile,

kwikbreaks

There's one sitting in my spam folder right now. I don't know why it's been directed to spam and I don't care - I just know it wasn't anything I recognised so I ignored it. As I get few false positives in spam I only check very occasionally so I may have had dozens before and never even seen then.

Delete / ignore and forget.

jayme1

Kingsd316 wrote: »

Open it on an iphone/mobile,

no don't, the pdf is a link, not an attachment and rule no.1 of spam is never click any link in spam email.

you are correct that if you recieve a dodgy attachment it is much safer opening it on an iphone, android, OSX or linux OS, but generally speaking it is much better to just plain ignore the spam and delete it, don't risk accidently confirming your email is real or becoming infected with a virus.

edit: upon further reading it is an attachment but personally I would still not risk opening it on any device (iOS has security holes aswell), just leave the spam alone

kwikbreaks

It's spam so why would anybody want to read it anyway??

Delete the thing and be done with it.

paulstar

I have had similar ones about order received. I just delete them. But I am not sure what the con is - do they try and get you to give your credit card details?

Kingsd316

Wrong info, deleted

jayme1

paulstar wrote: »

I have had similar ones about order received. I just delete them. But I am not sure what the con is - do they try and get you to give your credit card details?

it varies but what normally happenes is that 'PDF' is actually an .exe file, which gets installed onto your computer, normally in the form of a rootkit (therefore it is practically impossible to remove short of a full clean OS reinstalation).

then after the rootkit has been installed it will sit completely invisible to the user and then either carry out it's orders or wait for orders, in either case the attack vector could be anything, most likely ones are:

1. keylogging, it will record every keystroke and send it off to the hacker therefore exposing passwords.
2. upload all your files to the hacker.
3. or it will encrypt all your personal files on your computer, therefore making them completely unaccessable to you (as you dont know the encryption key) at which point you will be contacted for ransom for the encryption keys, which could be anywhere from £20 to £20,000, if you dont pay you loose your files, and remember there is nothing stopping them taking the money and then not giving you the key.
4. or it could just use your computer as a proxy for illegal purposes be it to send spam email or view hideous images

this is why it is very important to always keep a backup of all your important files, and always give spam email a wide birth

jayme1

Kingsd316 wrote: »

Just so people know, unless you have the full Adobe package (which costs hundreds) you cannot get a virus from a PDF, only the full version lets you run embeded images and programmes, if it is opened with just adobe reader it will be fine.

NB not that im saying open it im just statiing that if it was opened by mistake with adobe reader, which is what most people have you wouldnt get a virus if that was the aim of the PDF in the first place

really?! adobe reader the program, has been found to have many exploits loads of times, which are normally taken advantage of a booby trapped PDF file, it may be that running of embeded images and programmes in free reader is disabled but afaik most modern pdf exploits dont use that as an attack vector, and instead rely on the victim not having a patched version (if adobe has even bothered to patch it when the exploit is making the rounds) of reader yet.

read here (this is an example from last year but we all know that there will be many other holes in the software both secretly discovered by the hackers and yet to be discovered):
http://www.zdnet.com/blog/security/adobe-pdf-exploits-using-signed-certificates-bypasses-aslrdep/7303