Wednesday, 30 March 2011

strange facebook emails

Received this interesting and very simple email today...








From the source code you can see, that the link doesn't go to facebook...



... It instead, takes you to a forum... which has been hacked (which you can see when you look into the source code)



The forum then re-directs you, via a 302 re-redirect... to another site (seen with httpfox)






The final site you end up with... is a fake anti-virus site, which are generally a pain to remove :(

Checking the actual fake anti-virus site (in bold) with urlvoid.com...



















You can see that out of 21 url checkers... they all come up clean....

It's not nice out there.... but Sanesecurity.Malware.15890 and Sanesecurity.Malware.15891 are currently blocking these emails.

Cheers,

Steve
Sanesecurity

No comments: