Phish Hooks

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
Post Reply
User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Phish Hooks

Post by Foggyone » Thu May 05, 2011 7:54 pm

An odd one in this morning.


From: Webmail Support Team <suppot@webmailupdate.vnn.ms>
To: undisclosed-recipients:
Date: Thu May  5 14:16:59 2011
Subject: Dear Account User !!!
 
Dear Subscriber,

This is to inform you that We have noticed some unusual activities in  
your account. As a result, access to account has been limited in
accordance with the Webmail Terms And Condition User Agreement. To  
re-validate your mailbox mail, click the link to update your account
form: You must follow this link to the complete this upgrade process:

http://www.webmailupdate.vnn.ms" onclick="window.open(this.href);return false; (<<-- Don't Click)

Thanks
Webmail Support Team.
© 2011 All rights reserved.




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

The email itself is unremarkable. Sent from a US computer (probably a botnet)

The website is also unremarkable. It's a form to input webmail info. This goes to a server elsewhere, but the form does not appear to be directed to any particular webmail provider. Just a wide net.

The sting in the tail of this site however, and the reason you are discouraged from clicking the above link, is the invisible iframe on the page. This links to other sites and this is a common mechanism to deliver drive by downloads of malware. Nothing shown on my computer, but then Linux just laughs (ha ha) at these things. However, if anyone has a sacrificial windows box .............

iframes connect to various Vietnam sites. I haven't bothered to try and track down the ultimate source of any malicious payload.
Google, the answer to so many questions!
-----------------------------------------------------

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest