Sponsored by..

Friday, 9 August 2013

"This video has been recognized as the most popular videos on the internet!" porn spam

This fake porn spam leads to malware on hubbynwifewines.com:

Date:      Fri, 9 Aug 2013 11:54:00 -0600 [13:54:00 EDT]
From:      "Youtobe.com" [Subscribe@Youtobe.com]
Subject:      Youtobe.com: "This video has been recognized as the most popular videos on the internet!"

Only now free TOP HD video watch now

This video has been recognized as the most popular videos on the internet! Watch now

The email has a fairly explicit picture featuring a plasticky woman with fake breasts, designed to arouse the attention of the victim, edited here for decency:

Spam, fried eggs and a side order of malware


The link in the email goes to one of three scripts:
[donotclick]1494ccc706155932.lolipop.jp/canard/lockup.js
[donotclick]ftp.adaware.net/earwax/philosophic.js
[donotclick]laramueting.com/upsurges/conversations.js

In turn this leads to a malware landing page at [donotclick]hubbynwifewines.com/topic/able_disturb_planning.php which is hijacked GoDaddy domain, hosted on 72.249.76.197 (the same server used here) along with several other hijacked domains from the same owner. There is also a Facebook-themed campaign pointing to hubbynwifedesigns.com on the same server.

Recommended blocklist:
72.249.76.197
1494ccc706155932.lolipop.jp
ftp.adaware.net
laramueting.com
hubbynwifewines.com
hubbynwifedesigns.com
hubby-wife.com
hubbynwife.com
hubbynwifecakes.com

No comments: