Sign in / up

back to article Murder suspect alert? Nah: Scammers fling cop-style malware

A new email scam attempts to trick marks into opening a dodgy email attachment by posing as a murder suspect bulletin from “London City Police”.* The fake email alert is designed to appear important, but also somewhat ambiguous, in a deliberate attempt to trick users into opening the zip attachment. The arresting scam is more …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Camilla Smythe

    Numpties

    These, and/along with other variants, appear to arrive in batches of 10-20 all to the same address dated some time in the future. Nothing suspicious there then. The IP addresses, generally open proxies, get stuffed up IPTables.

    0 0 Reply
    1. chivo243 Silver badge
      Reply Icon

      Re: Numpties

      That old trick... set your computer time ahead so all of your e-mails end up at the top of people's inboxes, that's an old school prank.

      2 0 Reply
      1. Allan George Dyer
        Reply Icon
        Terminator

        Re: Numpties

        Unless the message says, "wanted for the murder of recipient's name", and it's a genuine warning message from the newly-established Time Travel Division.

        1 0 Reply
        1. tony2heads
          Reply Icon

          Re: Numpties

          Is the Precrime division now active?

          0 0 Reply
  2. Allan George Dyer
    Headmaster

    Relevant to what?

    "The relevant policing organisation is actually called the City of London Police." which is not to be confused with the Metropolitan Police Service. Did the fake message actually specify the crime was within the Square Mile?

    3 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Relevant to what?

      You can tell it wasn't actually from the City of London Police anyway- it had nothing to do with piracy, intellectual property (#) or any other crime that would have a financial impact on their undemocratically-elected corporate paymasters.

      (#) Seriously, have you noticed that when there's a (UK-based) story about the "police" investigating this sort of thing, it's almost always the City of London Police behind it? It's not at all dubious that a police force covering 1 out of 90,000 square miles has an apparently disproportionate interest in this, is it?

      5 0 Reply
  3. Pen-y-gors

    "Boys in Blue? More like the Lads from Lagos"

    Morally, how can you tell the difference?

    5 0 Reply
  4. Elmer Phud

    Why the F would the cops be sending out zip files?

    I'd expect a full page knocked up on Word and exported as HTM.

    5 0 Reply
  5. Ivan Headache

    And the non-stop emails from Transport For London

    And the new one 'from' PayPal - We Need You To Help Us.

    0 0 Reply
    1. Peter Simpson 1
      Reply Icon
      Thumb Down

      Re: And the non-stop emails from Transport For London

      And the new one 'from' PayPal - We Need You To Help Us.

      "F" PayPal, and the horse they rode in on.

      // not a chance of me ever "helping" them

      /// except over a cliff edge.

      3 1 Reply
  6. Camilla Smythe

    BT 'The New Batch'...

    UK2Fax <fax2@fax1.uk2fax.co.uk>

    These numpties regularly send me.... guess what... zipped fax messages. Engrampa 1.8.1 tells me the content is a .scr file. I assume it has nothing to do with Guinness.

    WTF.. are .scr files still used to fuck over Windows Machines? Upgrade to Windows 10 now. They may have fixed that one.

    Postfix

    Received: from host81-136-167-116.in-addr.btopenworld.com (host81-136-167-116.in-addr.btopenworld.com [81.136.167.116])

    Open Proxies R Us.

    SpamCop

    Received: from apache by fax1.uk2fax.co.uk with local (Exim 4.63) (envelope-from <fax2@fax1.uk2fax.co.uk>) id LM6C8T-B50T92-KN for <x>; Tue, 15 Sep 2015 10:43:30 +0000

    Ignored

    81.136.167.116 listed in cbl.abuseat.org ( 1 )

    Open proxies untrusted as relays

    Tracking message source: 81.136.167.116:

    Routing details for 81.136.167.116

    Report routing for 81.136.167.116: abuse@btinternet.com

    abuse@btinternet.com redirects to bt@admin.spamcop.net

    Yum, this spam is fresh!

    Message is 1 hours old

    81.136.167.116 listed in cbl.abuseat.org ( 1 )

    81.136.167.116 is an open proxy

    81.136.167.116 not listed in accredit.habeas.com

    81.136.167.116 not listed in plus.bondedsender.org

    81.136.167.116 not listed in iadb.isipp.com

    No Shit. Elsewhere via their Twitter feed BT regularly tell the unwashed masses about 'security stuff'.. but they cannot be bothered to subscribe to cbl.abuseat.org to find out which of their 'idiot customers' is running an 'open proxy' on their network which is being used to deliver infected .scr files to the unsuspecting and take it out or at least send them a warning? Buh Duh.

    Pfft. Nothing appears to happen as a result of reporting them via SpamCop. Guess we have to go WebTwit2Orhea..

    https://twitter.com/BTOpenProxies/status/643757884547796992

    0 0 Reply
    1. Camilla Smythe
      Reply Icon
      Devil

      Re: BT 'The New Batch'...

      https://twitter.com/BTCare/status/643785255359418369

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like