This fake Facebook spam leads to malware on
Date: Mon, 29 Jul 2013 09:33:38 -0600 [11:33:38 EDT]
From: Facebook [[email protected]]
Subject: Betsy Wells wants to be friends with you on Facebook.
Interesting Pages on Facebook
Mark as favorite web pages that interest you to receive their updates in your News Feed.
Find more pages
Go to Facebook
The message was sent to [redacted]. If you do not want to receive these e-mail. letters from Facebook, please give up subscription.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303
Apparently all these people look alike:
This is a “ThreeScripts” attack, clicking the link goes to a legitimate hacked site which then tries to run one of the following:
from there, the victim is sent to a malware landing page on a hijacked GoDaddy domain at [donotclick]happykido.com/topic/able_disturb_planning.php hosted on 188.8.131.52 (ServerHub Phoenix, US). There are several other hacked GoDaddy domains on the same server, all of which should be considered to be malicious.
Leave a reply