Sponsored by..

Wednesday 22 February 2012

BBB Spam / energirans.net

Yet another malicious fake BBB spam run, this time with a malicious payload on the domain energirans.net.

Date:      Wed, 21 Feb 2012 11:21:48 +0100
From:      "BBB"
Subject:      Better Business Bureau complaint
Attachments:     betterbb_logo.jpg

Good afternoon,

Here with the Better Business Bureau would like to inform you that we have received a complaint (ID 15343433) from a customer of yours in regard to their dealership with you.

Please open the COMPLAINT REPORT below to view the details on this issue and suggest us about your position as soon as possible.

We hope to hear from you shortly.

Regards,

Rebecca Wilcox

Dispute Counselor
Better Business Bureau


Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
The link in the email goes to a legitimate hacked site and then via some obfuscated javascript to energirans.net/main.php?page=598991e7306ac07e where it attempts to infect the machine with the Blackhole Exploit kit.

energirans.net is hosted on 41.64.21.71 (Dynamic ADSL, Egypt), 115.249.190.46 (Reliance Communication, India) which are the same IPs as found in this spam run. Blocking them is probably a very good idea.

No comments: