• SANS Site Network
    • Current Site
    •  Internet Storm Center
    • Choose a different site Help
    •  Training
    •  Certification
    •  Cyber Security Graduate School
    •  Security Awareness Training
    •  Computer Forensics
    •  Penetration Testing
    •  IT Audit
    •  Software Security
Threat Level:
  • Storm Center
    • Diary Page
    • Diary Archive
    • ISC Podcasts
    • Daily Stormcast!
    • Security News
    • ISC Handlers
    • ISC on Twitter
    • ISC Poll
    • ISC Search
  • Tools
    • Tools List
    • Feeds (XML/RSS)
    • Infocon Status
    • Link to ISC
    • Video/Audio
    • Presentations/Papers
    • Links
    • Download Our Sensor!
  • Data/Reports
    • Summary Page
    • ISC/DShield API
    • HTTP Headers
    • Submit Logs
    • Using DShield Data
    • Webhoneypot
  • My ISC
    • ISC Login
    • SANS Portal »
  • Contact
    • About ISC
    • Contact Form
    • Security Contact
    • Submit Site Bug
    • Submit Logs
    • Privacy Policy
Internet Storm Center

Latest Diaries:

  • Intersting Facebook SPAM
Handler on Duty:
Mark Baggett
Contact Us
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.

  • previous

ISC StormCast for Friday, February 17th 2012 isc.sans.edu/podcastdetail.html?id=2335

Intersting Facebook SPAM

Published: 2012-02-17,
Last Updated: 2012-02-17 01:27:57 UTC
by Mark Hofman (Version: 1)
Rate this diary:

2 comment(s)

Facebook is kind of training its user base that it is OK to click on links in emails, as long as they look like pretty buttons.  When there is a friend request, or a comment has been added, in the interest of making sure that you get the message it is emailed. It was probably only a matter of time before Facebook like SPAM/PHISH email started arriving. 

When I received the following, I must confess I nearly clicked it automatically, before I noticed the actual link.

When I did click the link, I got a second surprise.  To be honest I was expecting a facebook login page, failing that I was expecting malware, but what I ended up with was this. Plain old SPAM

Not terribly exciting I agree. What caught my eye however was that the SPAM email looked darn close to the real thing, the emails Facebook users get every day.  

If you have a user base that uses Facebook, you may wish to bring this to their attention.  At the moment it is only SPAM, but it doesn't have to be.

If you are into blocking, this particular SPAM run ends up on (South Korea), loads medicalaf.ru (In China) which redirects to cvecpills.com (In Romania). Not a bad method to get some distance between the emil and the eventual landing page.  Allows them to switch targets easily.

Mark H - Shearwater


Keywords: PHISH SPAM
2 comment(s)
Top of page

  • previous

If you have more information or corrections regarding our diary, please share.

Diary Archive

2012-02-17 Mark Hofman Intersting Facebook SPAM
2012-02-16 Johannes Ullrich Adobe Flash Player Update
2012-02-16 Tony Carothers Java Update for February
2012-02-15 Adam Swanger ISC Feature of the Week: XML Feeds
2012-02-14 Johannes Ullrich Adobe Shockwave Player and RoboHelp for Word Patches
2012-02-14 Johannes Ullrich February 2012 Microsoft Black Tuesday
2012-02-14 Manuel Humberto Santander Pelaez Problem with Microsoft Antivirus regarding malware from google website
2012-02-11 Mark Hofman KPN (Dutch Telecommunications company) Hack
2012-02-09 Richard Porter DNS Ghost Domains, How I loath you so!
2012-02-08 Jim Clausing Chrome to stop checking Certificate Revocation List (CRL)?
 Complete Archive
Search Diaries:

Diary Tags

  dnssec     badware     webserver     dns     obfuscation     scripting stderr     2012     ssl     firefox release     malware     patch     foca     packet analysis     data breach     aspnet     pcanywhere     stratfor     quarterly     microsoft patch tuesday     crl     oracle     policy     win32ksys     cisco     holiday greetings     mac os x     dns sinkhole     html5     printer     spam     windows 7     microsoft     tcpflow     workaround     maltego     holiday tips     email     anonymous     php     certificate     smime     phish     symantec     shockwave     wifi     microsoft msft patch tuesday patches prerelease     breach     ironport     cve     java     vulnerability     isc     chrome     whois info     netbios     firefox security advisories     ddos     0day     adobe black tuesday     password security     flashplayer     nmap     nbns spoofing     vmware patches     vmware advisory     book review     vulnerabilities     dos     webattacks     apple     wps     oracle patches     wireshark     robohelp     firefox     gtdl     opendlp     mac os x security update     type a     zappos     mailbag     adobe     windows     sophos     javascript     stratford     https     isc feature     osint  
site/port/ip search:

ISC Poll

What security issue concerns you the most this year?

see results

Latest RR Papers

The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare

Securing Windows 20003 with ADAM and MIIS Feature Packs

Quick and Effective Windows System Baselining and Comparative Analysis for Troubleshooting and Incident Response

What's in a Name: Uncover the Meaning behind Windows Files and Processes

Auditing Windows Environments PowerShell XML output, windows security, ossams

World Map


Security News Feeds

  • Adobe Flash Player Update, (Thu, Feb 16th)
SANS Newsbites
  • AT&T Throttling Heaviest Data Users (February 13, 2012)
SANS @Risk
  • (2) MEDIUM: Novell iPrint Server Buffer Overflow

Diary Archives

Intersting Facebook SPAM - by: Mark Hofman (2012-02-17)

Adobe Flash Player Update - by: Johannes Ullrich (2012-02-16)

Java Update for February - by: Tony Carothers (2012-02-16)

View Diary Archives

Search Diaries:

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute

gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.