The Latest in IT Security

CNN “Angelina Jolie tops list of highest-paid actresses” spam / deltadazeresort.net

30
Jul
2013

This fake CNN spam leads to malware on deltadazeresort.net:

Date:      Tue, 30 Jul 2013 17:52:54 +0330 [10:22:54 EDT]
From:      CNN [[email protected]]
Subject:      CNN: Forbes: Angelina Jolie tops list of highest-paid actresses

Forbes: Angelina Jolie tops list of highest-paid actresses
By Sheridan Watson, EW.com
July 29, 2013 — Updated 2014 GMT (0414 HKT)
Angelina Jolie attends a June 2013 premiere of her fiance Brad Pitt’s movie,
Angelina Jolie attends a June 2013 premiere of her fiance Brad Pitt’s movie, “World War Z.”


(EW.com) — She might not get paid as much as “Iron Man,” but there’s no doubt that celestial beauty Angelina Jolie is smiling all the way to the bank.

This year, Jolie topped Forbes’ annual list of the highest-paid actresses in Hollywood with an incredibly robust $33 million.

The link in the email goes to a legitimate hacked site and then to one or more of three scripts:

[donotclick]00002nd.rcomhost.com/immanent/surfeit.js
[donotclick]theplaidfox.com/bulbs/falcon.js
[donotclick]sandbox.infotraxdevdocs.com/afforestation/provosts.js

From there the victim is sent to a landing page at [donotclick]deltadazeresort.net/topic/able_disturb_planning.php. At the time of writing this hijacked GoDaddy domain does not resolve, but it was recently hosted on the following IPs alongside these other hacked GoDaddy domains:

66.175.217.235 (Linode, US)
173.246.104.136 (Gandi, US)
deltaboatraces.net
deltaboatworks.net
deltadazeresort.net
deltarentalcenter.net
deltariverhouse.net
deltayachtclub.net

Leave a reply


Categories

WEDNESDAY, OCTOBER 18, 2017

Featured

Archives

Latest Comments

Social Networks