The email shown below is a current example of “payment rejected” emails that have circulated in large numbers in the past 3 weeks. The links in the email lead to malware similar to that described a previous post .
In the example above the malicious JavaScript files were hidden within the folders of a legitimate site: http://www.dalgiocabondo.com/. In this case the offending files have been quickly removed.
The numerous examples of similar misuse of legitimate sites have promoted Commtouch to team with StopBadware to investigate this phenomenon more deeply. As a first step we are conducting a survey of website owners who have had (or are currently having) their sites hacked and misused. The survey aims to answer questions such as:
- How did the compromise happen?
- What did the cybercrimnals do with your stolen site?
- How were you made aware of the hack?
- What did you do to fix the problem?
The survey is available in the preceding blog post
About StopBadware
StopBadware focuses on giving website owners, web hosting providers, end users, and URL blacklist operators the tools they need to fulfill their respective responsibilities in making the Internet safer. From the StopBadware website:
Together with our partners we:
- model and advocate for policies and best practices that strengthen key links in the chain of trust.
- produce objective educational content to assist webmasters in preventing and removing badware.
- maintain the Badware Website Clearinghouse and conduct independent reviews of badware websites, ensuring data accuracy and transparency of blocklists.
- publish aggregated badware data, like our Top 50 Networks and Top 50 IP Addresses lists.
- operate an active community forum, BadwareBusters.org, which allows webmasters to learn from security professionals and each other about how to remove and prevent badware.
- provide insight into relevant issues via reports, public comments, our blog, and speaking engagements.
Learn more about what we do or how to get involved.