Sponsored by..

Tuesday 17 February 2009

Weird spam #1: "Warning! Virus detected"

A couple of bits of weird spam today, number one:

Subject: Warning! Virus detected

A possible virus was found in this message.
The virus name is: W32/Netskyb@MM!zip

-----Original Message-----
Hello, check my postcard!
[skipped]
--------------------------

In all cases leading to what appears to be a page on a compromised PHP-powered site, but in each case the page is coming up with a 404. Is it related to this?

3 comments:

David Gimeno i Ayuso said...

Yes, I

David Gimeno i Ayuso said...

(sorry)

Yes, I have also received many fake warnings like that. I am searching for more info but those emails look to be a sort of spam test. Maybe a newbie spammer?

IKillSpammerz said...

The secret lies within the actual raw html of the email.

In that you see a link tag with no content, so the link never appears. (Because we appear to have another genius at the wheel.)

In the case of two messages I've been shown for this, the link was:

http://www.dmulk.com/xdegbbamiaaaojhfm.php

Which has already been removed.

This is a criminal who has hijacked several public websites in much the same way we've seen for Canadian Pharmacy spam, e.g.:

http://cdsantodomingo.cult.gva.es/eifmedirmn73j4kd.php?bdtdj

Which redirects to:

http://peacefulhard.com/

I assume of course that the link in these "possible virus" messages leads to a conficker infection.

SiL / IKS / concerned citizen
ikillspammers.blogspot.com