Sponsored by..

Tuesday 19 March 2013

Malware spam: "Opinion: Cyprus banks shut extended to Monday - CNN.com" / salespeoplerelaunch.org

This topically themed (but fake) CNN spam leads to malware on salespeoplerelaunch.org:

Date:      Tue, 19 Mar 2013 10:40:22 -0600
From:      "CNN Breaking News" [BreakingNews@mail.cnn.com]
Subject:      Opinion: Cyprus banks shut extended to Monday - CNN.com

Powered by    
* Please note, the sender's email address has not been verified.
You have received the following link from BreakingNews@mail.cnn.com:    
Click the following to access the sent link:
Cyprus banks shut extended to Monday - CNN.com*
Get your EMAIL THIS Browser Button and use it to email content from any Web site. Click here for more information.
*This article can also be accessed if you copy and paste the entire address below into your web browser.
by clicking here
The malicious payload is at [donotclick]salespeoplerelaunch.org/close/printed_throwing-interpreting-dedicated.php (report here) hosted on (WholeSale Internet, US).

Nameservers are NS1.DNSLVLUP.COM (, Hetzner / Dolorem Ipsum Management Ltd, Germany) and NS2.DNSLVLUP.COM (, Secured Servers LLC / Phoenix NAP, US)

Recommended blocklist:

No comments: