The Latest in IT Security

Spoofed Xanga malicious emails, similar to Craigslist campaign

08
Jun
2012

Hot on the trail of yesterday's spoofed Craigslist malicious emails comes another variant, spotted today. This one spoofs a Xanga blog notification about a comment on your blog. So far we have seen about 140,000 of these in our Cloud Email Security portal.

Websense Email Security and Websense Web Security protect against this kind of blended threat with ACE, our Advanced Classification Engine.

Let’s look at a sample.

Subject: New Weblog comment on your post!

As we can see, the "Click here to reply" link goes to this URL:

hxxp://www.1000sovetov.kiev.ua/wp-content/themes/esp/wp-local.htm

The target site contains obfuscated JavaScript that redirects to URLs like:

hxxp://pushkidamki.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c

Those are the sites that host the exploit kit.

Basically, the lure has changed, but the URLs suggest this is all part of the same malicious campaign. We can probably expect a few more themes in the coming weeks, as the cybercriminals try to broaden their victim base.

A little peek behind the curtain here shows how the Websense® Security Labs™ ThreatSeeker™ Network categorizes the URLs in real time, similar to the way our products do real-time categorization for customers:

More detailed analysis of the URL behavior can be found here.

To summarize, the number of emails and varying themes suggest this is not targeted against specific users (Xanga today, Craigslist yesterday), but rather a more typical attempt to cast a broad net. We will be on the lookout for more developments; we anticipate other variants will surface soon.

Leave a reply


Categories

MONDAY, MAY 20, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks