Sponsored by..

Thursday 8 December 2011

BBB Spam / combijump.com / combimyself.com / combigave.com

A new version of yesterday's spam, this current crop of "BBB Complaint" emails lead to a malicious payload on combijump.com on 46.45.137.206. combimyself.com and combigave.com is on the same server and can also be assumed to be malicious.

VirusTotal detection on the target page is poor. 46.45.137.206 is on a Turkish network called Safya Net, I cannot vouch for its reputation however and it might be worth blocking the /24.

5 comments:

kw said...

Valuable - had this come as an email on automatic payment from bank not being processed. It was veryconvincing but not specific so I copied the text of link and it redirected as you warn. I googled the domain and found your post. Thank you for your alerts.

Unknown said...

just had the exact same thing and out of curiosity checked out the details. The offending page has been pulled so at least people won't be affected by it.

Mike said...

I just reveived the same email. I tried opening it with my iphone and then on my personal macbook pro. Does this affect macs or just windows based PCs?

Conrad Longmore said...

@Mike PCs, not Macs.

If everything is patched on the PC then it will probably not become infected, the Secunia OSI scanner can help make sure things are up-to-date.

Mike said...

@Conrad thanks for the reply.