|
Just got another interesting phishing e-mail. This time around it is security company Trustwave that is being phished. I am not a customer, so I am not sure how well these e-mails reflect the real thing, but they confused me for a while. The give away that this is a fake is the from e-mail address as well as the link leading to a different site then advertised. Click on the image for a full size example.
[Update:] An analysis of this phish by Trustwave's own Spiderlabs can be found here: http://blog.spiderlabs.com/2013/02/more-on-the-trustkeeper-phish.html
------ |
Johannes 4312 Posts ISC Handler Feb 25th 2013 |
| Thread locked Subscribe |
Feb 25th 2013 8 years ago |
|
Our Barracuda appliance shows a LOT of incoming "scan warning" spam starting at about 2/21 1100 EST.
Thankfully all either blocked or quarantined. |
CBob 23 Posts |
| Quote |
Feb 25th 2013 8 years ago |
|
- http://blog.dynamoo.com/2013/02/trustkeeper-vulnerabilities-scan.html 25 Feb 2013 - "... this "TrustKeeper Vulnerabilities Scan Information" -spam- leads to an exploit kit on saberdelvino .net...The malicious payload is at [donotclick]saberdelvino .net/detects/random-ship-members-daily.php (report here*) hosted on the following IPs: 118.97.77.122 (PT Telekon, Indonesia) 176.120.38.238 (Langate, Ukraine)..." * http://www.urlquery.net/report.php?id=1120754 ... Blackhole 2 . |
Jack 160 Posts |
| Quote |
Feb 25th 2013 8 years ago |
|
One of these madeit thruclamav and spamassassin and into my INBOX today.
 |
Moriah 133 Posts |
| Quote |
Feb 25th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
