Blog

OK – so there is a “Facebook Social Reader” for Digg – but “Facebook Social” is a neatly confusing invention of pharmacy spammers. The description of the new service seems to have been lifted more or less from the description of the Reader. The email welcomes users to the new

Classmates.com has become the latest in a series of well-known brands to be abused by a particular gang of malware distributors. The similarities to other outbreaks include:  Linking to multiple compromised sites which then redirect to the malware hosting sites Favoring WordPress sites (that can be exploited) Hosting the malware

Some Amazon order confirmation emails have been reported as fakes.  Every link leads to malware. Every link (there are 8 in this example – similar to this attack) leads to a different compromised WordPress site. And they all seem to be using one of the most common WordPress theme directory

Using phony Facebook emails to draw recipients to pharmacy websites is not a new trick. But this is no ordinary Viagra shop – it’s the WikiPharmacy! The phony Facebook emails and the pharmacy destination are shown below:   Not surprisingly, the links in the emails above lead to compromised websites.

Yahoo users have been targeted in a phishing attack that starts with an “avoid account deactivation” email. Mousing over the link shows the non-Yahoo link – an easy way to know that something is amiss.   The phishing pages are very authentic looking. Once users have entered their login details

A series of emails with malware attachments have been widely distributed in the last few days. The emails alert the recipient about a picture of themselves (or an ex-girlfriend) that has been circulated online. The text from three of the messages is shown below: Sorry to disturb you , –

Phony LinkedIn invitations are not a new phenomenon. What tends to change is the underlying delivery method used for the malware distribution – In this case compromised websites that unknowingly host malicious scripts. The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and

Less than 2 weeks ago we reported the use of perfectly formatted AT&T Wireless emails that included multiple links to malware infested sites. These have now been followed up with similar emails – but the “carrier” has switched to Verizon Wireless.  The Verizon emails also lead to sites hosting malware

Airlines are the current darlings of malware and phishing gangs, with several campaigns using airline-related themes. The most recent attack attempts to extract the username/password combinations of Brazilian airline TAM frequent flyers. The email promises free miles upon entry of a promotional code. Email and translation follow:  Email text TAM