Facebook is kind of training its user base that it is OKto click on links in emails, as long as they look like pretty buttons. When there is a friend request, or a comment has been added, in the interest of making sure that you get the message it is emailed. It was probably only a matter of time before Facebook like SPAM/PHISHemail started arriving.
When Ireceived the following, I must confess Inearly clicked it automatically, before Inoticed the actual link.
When Idid click the link, Igot a second surprise. To be honest Iwas expecting a facebook login page, failing that Iwas expecting malware, but what Iended up with was this. Plain old SPAM
Not terribly exciting Iagree. What caught my eye however was that the SPAMemail looked darn close to the real thing, the emails Facebook users get every day.
If you have a user base that uses Facebook, you may wish to bring this to their attention. At the moment it is only SPAM, but it doesn't have to be.
If you are into blocking, this particular SPAM run ends up on 115.145.129.35 (South Korea), loads medicalaf.ru (In China) which redirects to cvecpills.com (In Romania). Not a bad method to get some distance between the emil and the eventual landing page. Allows them to switch targets easily.
Mark H -Shearwater
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Source: http://isc.sans.edu/diary.html?storyid=12607&rss
![]()
![]()
![]()
When Ireceived the following, I must confess Inearly clicked it automatically, before Inoticed the actual link.
When Idid click the link, Igot a second surprise. To be honest Iwas expecting a facebook login page, failing that Iwas expecting malware, but what Iended up with was this. Plain old SPAM
Not terribly exciting Iagree. What caught my eye however was that the SPAMemail looked darn close to the real thing, the emails Facebook users get every day.
If you have a user base that uses Facebook, you may wish to bring this to their attention. At the moment it is only SPAM, but it doesn't have to be.
If you are into blocking, this particular SPAM run ends up on 115.145.129.35 (South Korea), loads medicalaf.ru (In China) which redirects to cvecpills.com (In Romania). Not a bad method to get some distance between the emil and the eventual landing page. Allows them to switch targets easily.
Mark H -Shearwater
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Source: http://isc.sans.edu/diary.html?storyid=12607&rss