malware_mailの日記

個人メールアドレスに届いたマルウェアメールを記録

◎4/7

英文詐欺メール

件名:Toアドレス has been hacked, change your password ASAP

From:Toアドレス (を偽装)

本文:

Hello,

As you may have noticed, I sent this email from your email account (if you didn't see, check the from email id). In other words, I have fullccess to your email account.

I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions.

The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphon and you won't even notice about it.

I also have access to all your contacts.

Why your antivirus did not detect malware?
It's simple. My malware updates its signature every 10 minutes, and there is nothing your antivirus can do about it.

I made a video showing both you (through your webcam) and the video
you were watching (on the screen) while satisfying yourself.
With one click, I can send this video to all your contacts (email, social network, and messengers you use).

You can prevent me from doing this.
To stop me, transfer $978 to my bitcoin address.
If you do not know how to do this, Google - "Buy Bitcoin".

My bitcoin address (BTC Wallet) is 17e4uVNtDgR6Qjew4efyNQSsqShMnKBzED

After receiving the payment, I will delete the video,
and you will never hear from me again.
You have 48 hours to pay. Since I already have access to your system
I now know that you have read this email, so your countdown has begun.

Filing a complaint will not do any good
because this email cannot be tracked.
I have not made any mistakes.

If I fifind that you have shared this message with someone else, I will immediately send the video to all of your contacts.

Take care

 

のように読めるHTMLメールですが、base64エンコードされたソースをデコードして調べると、冒頭のHelloも

H&#8203;e<!-- メールアドレスローカル部 -->l&#8203;l<!-- メールアドレスローカル部 -->o&#8203;,<!-- メールアドレスローカル部 -->

といったウンザリ記述で、テキストコピーすると空白だらけになります。(&#8203;はHTMLだとゼロ幅スペース)

ウォレットIDの報告状況は、

https://www.bitcoinabuse.com/reports/17e4uVNtDgR6Qjew4efyNQSsqShMnKBzED