Date: Fri, 27 Sep 2013 16:22:58 +0300 [09:22:58 EDT]
From: Facebook [notification+W85BNFWX@facebookmail.com]
Subject: You have 21 friend suggestions, 11 friend requests and 14 photo tags
You have new notifications.
A lot has happened on Facebook since you last logged in. Here are some notifications
you've missed from your friends.
3 messages
11 friend requests
21 friend suggestions
14 photo tags
View Notifications
Go to Facebook
This message was sent to [redacted]. If you don't want to receive these emails
from Facebook in the future, please unsubscribe.Facebook, Inc., Attention: Department
415, PO Box 10005, Palo Alto, CA 94303
The link in the email goes through a legitimate (but hacked) site and then loads one of the following three scripts:
[donotclick]3dbrandscapes.com/starker/manipulator.js
[donotclick]dtwassociates.com/marry/sullies.js
[donotclick]repairtouch.co.za/lollypops/aquariuses.js
This leads to a malware landing page hosted on a hijacked GoDaddy domain at [donotclick]directgrid.org/topic/lairtg-nilles-slliks.php hosted on 50.116.10.71 (Linode, US) where there are a number of other hijacked domains (listed below in italics)
Recommended blocklist:
50.116.10.71
directgrid.biz
directgrid.com
directgrid.info
directgrid.net
directgrid.org
directgrid.us
gilkjones.com
integra-inspection.ca
taxipunjab.com
taxisamritsar.com
watttrack.com
3dbrandscapes.com
dtwassociates.com
repairtouch.co.za
1 comment:
Thanks!!
Post a Comment