Source code review of the web page served included I assessed radiothat****.com and was redirected to 209.x.y.14 which is running the very latest Blackhole evil as described on 28 AUG by Websense in this post**. (Obfuscated to protect the innocent): The phishing mail will instead include a hyperlink to the likes of allseasons****.us, radiothat****.com, and likely a plethora of others. The legitimate email will include a hyperlink for, which points to the above mentioned services agreement. (evil) email including the following header snippet: The evil version of this email will subject victim to a hyperlink that will send them to a Blackhole-compromised website, which will in turn deliver a fresh Zeus variant. The legitimate version of this email is specific to a services agreement seen here*, per a change to Microsoft services as of 27 AUG. We're receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences. Last Updated: - "Thanks to Susan Bradley for reporting this to ISC. Fake MS email phish delivers Zeus via Java vuln.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |