Date: Mon, 19 Aug 2013 16:20:06 +0200 [10:20:06 EDT]
From: Facebook [[email protected]]
Subject: You requested a new Facebook password
You recently asked to reset your Facebook password.
Click here to change your password.
Didn’t request this change?
If you didn’t request a new password, let us know immediately.
This message was sent to [redacted].net at your request.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303
The link in the email goes to a legitimate hacked site and then loads one or more of these three scripts:
The victim is then forwarded to a malware landing page using a hijacked GoDaddy domain at [donotclick]hubbywifewines.com/topic/able_disturb_planning.php hosted on 220.127.116.11 (Nuclear Fallout Enterprises, US) along with another hijacked domain of hubbywifefoods.com.
Leave a reply