Hot on the trail of yesterday's spoofed Craigslist malicious emails comes another variant, spotted today. This one spoofs a Xanga blog notification about a comment on your blog. So far we have seen about 140,000 of these in our Cloud Email Security portal.
Websense Email Security and Websense Web Security protect against this kind of blended threat with ACE, our Advanced Classification Engine.
Let’s look at a sample.
Subject: New Weblog comment on your post!
As we can see, the "Click here to reply" link goes to this URL:
Those are the sites that host the exploit kit.
Basically, the lure has changed, but the URLs suggest this is all part of the same malicious campaign. We can probably expect a few more themes in the coming weeks, as the cybercriminals try to broaden their victim base.
A little peek behind the curtain here shows how the Websense® Security Labs™ ThreatSeeker™ Network categorizes the URLs in real time, similar to the way our products do real-time categorization for customers:
More detailed analysis of the URL behavior can be found here.
To summarize, the number of emails and varying themes suggest this is not targeted against specific users (Xanga today, Craigslist yesterday), but rather a more typical attempt to cast a broad net. We will be on the lookout for more developments; we anticipate other variants will surface soon.