This unusual spam leads to a fake pharma site on pillshighest.com via vagh.ru and an intermediate hacked site.
Date: Fri, 22 Mar 2013 13:52:08 -0700
From: Support Team [[email protected]]
Subject: An important notice about security
We recently learned that the vendor we use to answer support requests and other emails (Zendesk) experienced a security breach.
We’re sending you this email because we received or answered a message from you using Zendesk. Unfortunately your name, email address and subject line of your message were improperly accessed during their security breach. To help keep your account secure, please:
Don’t share your password. We will never send you an email asking for your password. If you get an email like this, please let us know right away.
Beware of suspicious emails. If you get any emails that look like they’re from our Support Team but don’t feel right, please let us know – especially if they include details about your support request.
Use a strong password. If your password is weak, you can create a new one.
We’re really sorry this happened, and we’ll keep working with law enforcement and our vendors to ensure your information is protected.
Questions? See our FAQ.
This email was sent to [redacted].
�2013 Zendesk, Inc. | All Rights Reserved
There appears to be no malware involved in this attack. After the user has clicked through to the hacked site (in this case [donotclick]www.2001hockey.com/promo/page/ – report here) the victim is bounced to [donotclick]vagh.ru on 18.104.22.168 (FOP Budko Dmutro Pavlovuch, Ukraine) and then on to [donotclick]pillshighest.com on 22.214.171.124 (Fanjcom, Czech Republic).
Some IPs and domains you might want to block:
Leave a reply