FYI...

- http://isc.sans.org/diary.html?storyid=4927
Last Updated: 2008-08-24 18:15:34 UTC - "I received an email today from a reader (thank you) who reported that they received a piece of spam today that came from the address: monitoring @isp.com. (Notice the domain name.) Now, we have seen this type of spam before, you know, perpetrating like it comes from your ISP while just having a malicious link in it, etc. Except this time the spam was signed "ISC monitoring team" (Notice the first three letters, and how they differ from the domain name). So I am guessing that someone is trying to imitate us. And while we recognize that imitation is the most sincerest form of flattery, this kind could be actually damaging. Rest assured our faithful readers, this is not from us. First of all our email addresses are not "isp.com", nor "monitoring". We don't sign our emails "ISC monitoring team". Nor do we spell the word "Consortium" -- "Consorcium" (misspelling from the email)..."

- http://www.f-secure.com/weblog/archives/00001488.html
August 26, 2008 - "This morning we saw several spam runs in the country of Denmark. The messages are in Danish and they are sent to Danish e-mail addresses. The e-mail claims to be from us. It's not. Here's what the email looks like:
From: supportupdate@f-secure.com
Date: 26. August 2008 08:31
Subject: Data er tillagt og sendt med denne meddelelse.
Käre kunder!
Regning
Data er tillagt og sendt med denne meddelelse.
Jeg bruger gratis F-secure antispamversion, som allerede har fjernet 338 spambreve.
Antispam er helt gratis for private brugere.
Attachment: f-secure.rar
The attachment contains a file called update26.08.2008.exe, which, when run, drops a file called dcbcg.exe (Unker-related trojan) that connects to a server in Ukraine. We detect this trojan as Trojan:W32/Agent.FVO... The spam run must have been fairly large, as we've received more than 13,000 bounces to supportupdate @f-secure.com from non-existant email addresses alone..."