Interesting malware/phishing technique I haven't seen before Over at http://j.mp/16ziDjT (Google+) is a screen capture of a somewhat interesting apparent malware/phishing attempt I haven't seen before. A bunch of copies, all from different addresses, arrived during the night to various addresses within my server cluster. As you can see, it claims to be essentially a "blacklist reconsideration" request. Because I do run a quite robust anti-spam system including blacklists, I do deal with these, but this one had a bunch of red flags (we'll ignore the spelling errors). As noted, it came from various addresses to various addresses (most of the latter being inappropriate). Inspection of headers showed typical spam/phish obfuscations. Presumably the main malware payload is at the "dynamoo" URL. So, there was no chance of my falling for it, but it is an interesting approach that I thought appropriate to note publicly here.
--Lauren-- Lauren Weinstein ([email protected]): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad
