Date: Wed, 21 Feb 2012 11:21:48 +0100The link in the email goes to a legitimate hacked site and then via some obfuscated javascript to energirans.net/main.php?page=598991e7306ac07e where it attempts to infect the machine with the Blackhole Exploit kit.
From: "BBB"
Subject: Better Business Bureau complaint
Attachments: betterbb_logo.jpg
Good afternoon,
Here with the Better Business Bureau would like to inform you that we have received a complaint (ID 15343433) from a customer of yours in regard to their dealership with you.
Please open the COMPLAINT REPORT below to view the details on this issue and suggest us about your position as soon as possible.
We hope to hear from you shortly.
Regards,
Rebecca Wilcox
Dispute Counselor
Better Business Bureau
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
energirans.net is hosted on 41.64.21.71 (Dynamic ADSL, Egypt), 115.249.190.46 (Reliance Communication, India) which are the same IPs as found in this spam run. Blocking them is probably a very good idea.
No comments:
Post a Comment