Date: Thu, 26 Apr 2012 09:33:46 -0700
From: "Facebook" [notification+xxxxxxxxxxx@facebookemail.com]
Subject: Welcome back to Facebook
Hello,
The Facebook account associated with xxxxxxxxxxx was recently reactivated.
If you were not the one who reactivated this account, please visit our Help Center to cancel the request.
http://www.facebook.com/help/?topic=security
Thanks,
The Facebook Team
The payload is a pharma site at bioldrugstore.com hosted on 61.132.200.24 and 111.123.180.9 in China (two IPs that are full of fake pharma stores) and 213.162.209.177 in Spain.
This type of spam run can easily be adapted for malware, so keep an eye out for unexpected Facebook notifications.
No comments:
Post a Comment