« Today at the Ol' Phishing Hole... | Main | Adobe License Malware Lure »
| Home | The Book | Training | Events | Tools | Stats |
Web log archive.
A Dispatch
November 09, 2011
Wire Transfer Malware LureThe same folks who brought you the main.php malware lure (and many others before) are today using a phony wire money transfer notice as a way to induce you to click on their malware-laden links. Here's a sample:
From: Frederick MCNEILL <support@federalreserve.gov>
Subject: Wire Transfer Confirmation (FED 4478LH086)
Welcome,
Your Account # Business Account ***
Wire Debit Amount: $38,836.61
Transfer Report: ViewMake sure that everything is as you requested. The wire transfer will be processed within 2 hours.
Frederick MCNEILL,
Federal Reserve Wire Network
The links are to hijacked web sites, but the fraudulently-inserted pages are named funct.html and others. Those pages are blank except for an iframe that loads...ta-da!...a main.php page from a recently-minted Russian domain. It's the same type of script-kiddy obfuscated JavaScript as reported here recently.
Silly little games.
