The Latest in IT Security

Malicious URLs in Fake Craigslist Emails

07
Jun
2012

Today, Websense® Security Labs™ ThreatSeeker™ Network has seen a barrage of malicious emails pretending to be automated notifications from Craigslist. These emails instruct the recipient to click a link to complete a Craigslist request. The URLs in these emails redirect the user to malicious web sites hosting Blackhole Exploit Kit. So far we have seen over 150,000 of these emails in our Cloud Email Security portal. Websense Email Security and Websense Web Security protect against this kind of blended threat with ACE, our Advanced Classification Engine.

The emails have subject lines like:

POST/EDIT/DELETE : "Models for fine" (systems / network)

POST/EDIT/DELETE : "Studio4PaintWorkCatskills" (education)

POST/EDIT/DELETE : "Show Your Art" (cars+trucks)

The malicious emails are similar in appearance to legitimate Craigslist automated email notifications, including a legitimate looking sender address and name:

 

 Here we can see the headers and SMTP transaction, showing Craigslist sender address and mail server:

Clicking on the link takes the victim to a compromised WordPress page containing obfuscated Java Script:

After deobfuscation, we can see an iFrame redirection to a malicious web site:

The malicious website tries to exploit the victim's computer using vulnerabilities such as:

CVE-2010-0188

CVE-2010-1885

More details can be found  here.

The original links in the emails were detected by ACE in real-time using our Real-Time Security Scanner. In addition, we have increased the proactive detection of similar campaigns to our email security customers.

Leave a reply


Categories

FRIDAY, NOVEMBER 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments