Sponsored by..

Tuesday, 30 July 2013

Facebook spam / deltaoutriggercafe.com

These guys are busy. This fake Facebook spam leads to malware on deltaoutriggercafe.com:

Date:      Tue, 30 Jul 2013 15:05:25 -0500 [16:05:25 EDT]
From:      Facebook [no-reply@facebook.com]
Subject:      Issac Dyer wants to be friends with you on Facebook.

facebook
   
Issac Dyer wants to be friends with you on Facebook.
University of Houston, Victoria
342 friends - 28 photos
Confirm Request
       
See All Requests
This message was sent to [redacted]. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303
I don't know about you, but I think Isaac looks a bit like a girl.


Predicatably, clicking on the link in the email leads to a legitimate hacked site and then the same redirector scripts found in this spam run. However, in this case the target has now changed to [donotclick]deltaoutriggercafe.com/topic/able_disturb_planning.php which is hosted on 66.175.217.235 (Linode, US) along with a whole bunch of other similar domains that have been hijacked from GoDaddy.

Recommended blocklist:
66.175.217.235
deltaboatraces.net
deltaboatworks.net
deltadazeresort.net
deltamarineinspections.net
deltaoutriggercafe.com
deltarentalcenter.net
deltariverhouse.net
deltayachtclub.net

No comments: