Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Phishy Spam InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Phishy Spam

Published: 2011-06-27
Last Updated: 2011-06-27 04:19:02 UTC
by Kevin Shortt (Version: 1)
6 comment(s)

Lately there has been an increased surge in spam.  This past week I've received four messages that impersonate a message from Facebook.   The messages are actually a Phishing attempt to sell you some drugs.  They are very "facebook" like and to an unsuspecting email recipient they would likely capture a click thru.  I followed through the links to find  dead pharmacy links.  It appears there is spam campaign to sell med's through phishing emails.

A snapshot of one of the emails is below and all of the emails had a consistent link inside the email.  The links were as follows.  The ultimate destinations never loaded and appear to be removed as of this writing. The pharm url's were all on the same IP block.  So someone has caught up to this batch.  Be vigilant and on the look out for more.

hxxp://hajayanee.com/directories.html                      -> hxxp://controlpills.net
hxxp://carrosserieaerni.ch/ascension.html               -> hxxp://medicarerxdrugstore.com
hxxp://mallorcaso.com/postprocessor.html              -> hxxp://pillpillspharmacy.net
hxxp://firstclassmotorsports.com/screeching.html   -> <no response received>

Phishy Spam

Feel free to tell us about any of your phishing spam email.

--
Kevin Shortt
ISC Handler on Duty

Keywords: facebook phish Spam
6 comment(s)
Diary Archives