Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Malicious Notification Spam: Account Verification

View all posts > 

Malicious Notification Spam: Account Verification

Posted: 22 Jun 2010 03:38 AM | Shiyu Bai | no comments


Websense Security Labs™ ThreatSeeker™ Network has detected a malicious spam outbreak with the Subject line "Account Verification". As of June 22, we have counted more than 100,000 of these messages. The attack message is disguised as coming from Digg.com. It asks the recipient to verify their Digg.com account. Clicking the "Password  change" link in the email body redirects the user to malicious websites (see the screenshot below).

 

Malicous email body screenshot :

 

 

 

The malicious payload :

 

 

There are two malicious links in the payload. The first link redirects the user to a site that prompts the user to download a Trojan file (29% detection). The second link (in an iframe) redirects the user to a site laden with exploits.

 

Websense Messaging and Websense Web Security customers are protected against these attacks.



Leave a Comment

(required)  

Email address: (required)