On the list of things made obsolete by the Internet, signatures are right up there with paperback books and the postal service, but the Microsoft Malware Protection Center decided to dig deeper into the signature of Carl A. (unreadable last name) anyway and see why it keeps turning up in malware samples.
What they found is that an inordinate amount of fraudsters sign off on their phishing attempts with a single sort of stock signature. This Carl A., with his unreadable last name, has been signing off on phishing attempts since as far back as 2006.
The funny thing is that the signature, in as many cases as Microsoft’s Michael Johnson examined, never matched the person it purported to represent, which included various (fake) reverends, doctors, professors, misters, misses, and misseses.
At least fifteen of the scams that Johnson uncovered contained the title, ‘Coca Cola Games/Lottery Coordinator,’ whatever that means. Every document promises its recipients the chance of cashing in on some large sum of English prize-money, from, in addition to Coca-Cola, the BBC, the British High Commission, British Telecom, ESPN, Fifa World Cup, Golf International, Microsoft, Nokia, Toyota, the UK Lottery, and Yahoo.
Each scam follows roughly the same, rather low-budget format, which you can find examples of here.
Johnson claims that as far as he can tell the signature first showed up on a shipping site in 2003, leading him to believe that the image was some sort of open-source logo that scammers eventually got their hands on.