Date: Fri, 4 Oct 2013 16:24:30 +0330 [08:54:30 EDT]
From: Dropbox [no-reply@dropboxmail.com]
Subject: Please update your Expired Dropbox Password
Hi [redacted].
We noticed that you recently tried to login in to Dropbox with a password that you haven't changed more than 90 days. Your old password has expired and you'll need to create a new one to log in.
Please visit the page to update your password
Reset Password
Thanks!
- The Dropbox Team
The link in the email goes through a legitimate hacked site and then on to a set of three scripts:
[donotclick]12.158.190.75/molls/smudgier.js
[donotclick]freetraffic2yourweb.com/palermo/uneconomic.js
[donotclick]www.bathroomchoice.com/huntsmen/bestsellers.js
From there the victim is delivered to a malware landing page at [donotclick]adelect.com/topic/latest-blog-news.php which follows a predictable pattern of being a hijacked GoDaddy domain hosted on 66.150.155.210 (Nuclear Fallout Enterprises, US). There are some other hijacked domains on this same server listed below in italics.
Recommended blocklist:
66.150.155.210
wrightleasing.com
renewalbyandersendayton.com
adelect.com
12.158.190.75
freetraffic2yourweb.com
www.bathroomchoice.com
No comments:
Post a Comment