MX Lab, http://www.mxlab.eu, started to intercept a new spam campaign, since yesterday, by email with the subject “Welcome to Facebook Goods”. These messages are sent from the spoofed email addresses in the format that Facebook is using on the domain facebookmail.com. Some examples:
update+bscts2qxhedj@facebookmail.com
update+6i8mlfxn1svw@facebookmail.com
update+6i8mlfxn1svw@facebookmail.com
…
This is the body of the email:
Notice that the Facebook looks are used to disguise the real purpose of the message.
4 different URLs are used in each message with the format: http://www.domainhere.tld/s/h/o/p/ that will redirect you to the Canadian Pharmacy at hxxp://midiclxic.ru/.
Related Posts
- Spam from Canadian pharmacy masked as “Delivery Notification”
MX Lab, http://www.mxlab.eu, started to intercept a new spam campaign by email with the subject ”Delivery Notification”. What appears at first as a simple email notification is in fact a s... - New Oficla trojan in emails with subject “Your facebook password has been changed”
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your facebook password has been changed″
The email is send from the spoofed address “You... - Zbot and Black Hole Exploit Kit “all in one” fake Facebook notification Emails
Websense® Security Labs™ Threatseeker® network has detected a new malicious email campaign that masquerades as originating from Facebook. The campaign appears to ... - Large spam campaign “Unread messages” from Twitter leads to pharmacy sites
MX Lab, http://www.mxlab.eu, started to intercept a large spam campaign with the subject “Twitter – You have X unread message(s)”, where the X is a number from 1 to 3, that leads to... - Facebook notification emails spreads malware
People have started getting the following email claiming that “Facebook Copyrights Department” has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow ... - Hacker steals 400 billion virtual poker chips from Facebook game
An English hacker has admitted he stole 400 billion virtual poker chips worth somewhere between $ 285,000 and $ 12 million in actual dollars from a popular online game, then sold some of them for ca... - Thank you from Google, and Facebook personal messages lead to malware
Take a look at a couple of email messages Sophos intercepted earlier today.
Firstly, the great guys at Google have been in touch. Their message, entitled "Thank you from Google!", says that they hav... - Warning About Spam Fake, Not from Facebook
Facebook is undoubtedly the highest-profile social networking site around with more than 500 million active users, half of whom log in on any given day. It shouldn’t be a surprise therefore that its ... - Emails with subject “So now you’re on LinkedIn: What’s next?″ lead to malware
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “So now you’re on LinkedIn: What’s next?”. This campaign is a fol... - Emails with subject “LinkedIn Messages, 9/30/2010″ lead to malware
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “LinkedIn Messages, 9/30/2010″.
The email is send from the spoofed address &#...
Posted on 04 April 2011. Tags: “Welcome, Canadian, emails, Facebook, from, Goods”, Pharmacy, pops, subject
The above information is reprinted from and copyrighted © by MX Lab.
