“You have won [RANDOM_AMOUNT] USD. Annual e-mail lottery.”

Haven’t seen one of these in a while, but this one appeared recently in my spam folder:

Congratulations!

You have won money in our annual e-mail lottery!

You may find the gift check in attachment to this e-mail.
Please print the check, to get your money prize.

E-mail lottery.
USA Mega Millions.
[URL removed]

The attachment is Bank_check_XXXXXXXX.zip (the Xs are a presumably-random hexadecimal number), containing a 64KB executable by the same name. These days, it almost certainly installs a back-door Trojan, to open the systems of anyone foolish enough to run it to further exploitation.

Maybe in a recession more people succumb to greed (desperation?) and stupidity, so this kind of thing gets better results. Or maybe the scammers are doing as badly as everyone else, and they’re getting desperate and trying all the moldy oldies to see if anything will sucker people these days.

Now that I think about it, I like that mental image. 😉

2 Comments

  1. You don’t know that it’s a moldy oldie, maybe the back-door program does something innovative, like leaving unnecessary and annoying comments on all your friend’s blogs.

  2. I suppose anything’s possible. 🙂 But when I said “moldy oldie,” I was referring to the social-engineering method, not the payload — the payload is almost certainly something new.

Comments are closed.