Sponsored by..

Monday 19 August 2013

Facebook spam / hubbywifewines.com

This fake Facebook spam leads to malware on hubbywifewines.com:

Date:      Mon, 19 Aug 2013 16:20:06 +0200 [10:20:06 EDT]
From:      Facebook [update+hiehdzge@facebookmail.com]
Subject:      You requested a new Facebook password


You recently asked to reset your Facebook password.
Click here to change your password.
Didn't request this change?
If you didn't request a new password, let us know immediately.
Change Password
This message was sent to [redacted].net at your request.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303
The link in the email goes to a legitimate hacked site and then loads one or more of these three scripts:

The victim is then forwarded to a malware landing page using a hijacked GoDaddy domain at [donotclick]hubbywifewines.com/topic/able_disturb_planning.php hosted on (Nuclear Fallout Enterprises, US) along with another hijacked domain of hubbywifefoods.com.

Recommended blocklist:

No comments: