Peacomm samples - the so-called Storm worm- started sending unusual spam yesterday. For once, the mail did notcontain a hard-coded IP address linking to fake videos, pseudo Torclients or NFL "tracker programs". The spam advertises a website,http://www.vs-amounts.net:
From: xxx@yyy.com
To: victim@domain.com
Subject: Cold Hard Cash!Seeking highly motivated individuals interested in a unique opportunity in financial services.
Building an exciting career where you determine your own hours and compensations.
http://www.vs-amounts.net/
Hmm. Already this looksvery suspicious, but let's check that link anyway. The site hostsphpbb, a popular open-source PHP-based Bulletin Board, and opensdirectly to the following announcement message:
OK! I'll getright to the point. I have large amount of funds on numerous bankaccounts which needs to be laundered. I need your help to do that.You'll get 10% of each transaction coming into your bank account.
I can provide transaction of up to $5000.
You receive transfer into your bank account -> withdraw cash ->take your 10% -> send the rest to me (by western union)
It's a good and legal way of making money.
Earning: It's recommended not to transfer more than $5,000 to each account.
Let's say You have received $5000, to your account.
10% of $5,000 = $500 goes to your pocket.Beginners for their first transfer will not receive more than $1000.After they've received $1000 and send 90% of that money to reviewedsupplier, they'll be granted a status of reviewed receiver and will betrusted with transfers of $5000 at once.
Requirements: You need to have at least one account in one of the banks in Canada, Australia, New Zealand or the United States.
To start, register and send me an email to [removed].
You can also view our forum for more information.
icq: xxxxxxxxx
Soin the end, it seems to be a good old-fashion scam. No need for complexpump-and-dump stock schemes, when it seems so easy to get some "ColdHard Cash"! Its author, a so-called "supplier" didn't even bother tomake it look somehow legitimate. To give you an idea of the traffic thesite can receive, the first time I visited the page, the hit counterwas around 4800 views. Three hours later, it reached 5446 views. Fiveminutes later, and we have 40 more hits on the page.
And that's not all; people on the bulletin board are askingquestions, such as one user wondering what the highest amount one canreceive at once is, and how long she/he would have to wait to get thefunds transferred. Totally surreal!
The DNS is registered in China, and the associated IPs are mostlikely compromised machines located around the globe (currently, someIPs from France, Japan, Spain and Sweden).