Thursday, August 26, 2010

E-mail Malware Attempt

I've a friend that I got an e-mail from.  It had an empty subject line and one URL in the body.  Twenty others were sent the same e-mail.

I notified the sender that they had an issue.  I then decided to use Web-Sniffer to attempt to visit the link and do a quick investigation.

When visiting via the web proxy, I observed the following:

 The web server was up and running, serving content but threw a code 302.  It also may have attempted to redirect to hxxp:// (I obfuscated the link).  Clicking that URL takes me to an ED page (erectile dysfunction):

Googling that domain, I got at least one good hit:

So, my friend more than likely got phished and her e-mail account is now throwing out spam for penile meds.  :(
Post a Comment