March 31, 2008April Fools!...You're Hosed!
Following the same pattern as numerous holiday-related spam messages luring recipients to malware-loading sites, I just saw one for April Fool's Day. It's a simple, all-text message, which might slip through spam filters when sent from a newly-added botnet computer (whose IP address isn't on a blocklist yet):
Subject: Happy April Fools!
Happy April Fool's Day. http://83.85.[removed].[removed]
Fortunately, the destination of the one I received has already been cut off at the knees, so I haven't yet seen what this campaign serves up, whether it's an elaborate graphic (as in Halloween 2007) or just a simple text page disguising the background malware loading to unpatched PCs.
Naked IP address links in spam are the most dangerous ones to click. Don't do it!Posted on March 31, 2008 at 02:07 PM