Thursday, August 26, 2010

E-mail Malware Attempt

I've a friend that I got an e-mail from.  It had an empty subject line and one URL in the body.  Twenty others were sent the same e-mail.

I notified the sender that they had an issue.  I then decided to use Web-Sniffer to attempt to visit the link and do a quick investigation.

When visiting via the web proxy, I observed the following:


 The web server was up and running, serving content but threw a code 302.  It also may have attempted to redirect to hxxp://uvuhjomuph.com (I obfuscated the link).  Clicking that URL takes me to an ED page (erectile dysfunction):



Googling that domain, I got at least one good hit:



So, my friend more than likely got phished and her e-mail account is now throwing out spam for penile meds.  :(

No comments: