Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Today at the Ol' Phishing Hole... | Main | Adobe License Malware Lure »

November 09, 2011

Wire Transfer Malware Lure

The same folks who brought you the main.php malware lure (and many others before) are today using a phony wire money transfer notice as a way to induce you to click on their malware-laden links. Here's a sample:

From: Frederick MCNEILL <support@federalreserve.gov>
Subject: Wire Transfer Confirmation (FED 4478LH086)

Welcome,

Your Account # Business Account ***
Wire Debit Amount: $38,836.61
Transfer Report: View

Make sure that everything is as you requested. The wire transfer will be processed within 2 hours.


Frederick MCNEILL,
Federal Reserve Wire Network

The links are to hijacked web sites, but the fraudulently-inserted pages are named funct.html and others. Those pages are blank except for an iframe that loads...ta-da!...a main.php page from a recently-minted Russian domain. It's the same type of script-kiddy obfuscated JavaScript as reported here recently.

Silly little games.

Posted on November 09, 2011 at 10:58 AM