Subject: Warning! Virus detected
A possible virus was found in this message.
The virus name is: W32/Netskyb@MM!zip
-----Original Message-----
Hello, check my postcard!
[skipped]
--------------------------
In all cases leading to what appears to be a page on a compromised PHP-powered site, but in each case the page is coming up with a 404. Is it related to this?
Yes, I
ReplyDelete(sorry)
ReplyDeleteYes, I have also received many fake warnings like that. I am searching for more info but those emails look to be a sort of spam test. Maybe a newbie spammer?
The secret lies within the actual raw html of the email.
ReplyDeleteIn that you see a link tag with no content, so the link never appears. (Because we appear to have another genius at the wheel.)
In the case of two messages I've been shown for this, the link was:
http://www.dmulk.com/xdegbbamiaaaojhfm.php
Which has already been removed.
This is a criminal who has hijacked several public websites in much the same way we've seen for Canadian Pharmacy spam, e.g.:
http://cdsantodomingo.cult.gva.es/eifmedirmn73j4kd.php?bdtdj
Which redirects to:
http://peacefulhard.com/
I assume of course that the link in these "possible virus" messages leads to a conficker infection.
SiL / IKS / concerned citizen
ikillspammers.blogspot.com