« Facebook is Now 419-Worthy | Main | Malware Lures Today: Xanga and Kindle »

June 06, 2012

The message claims to originate from craigslist.org...but it doesn't really. It's just another variation of the malware lure that's intended to raise your adrenalin level to the point of automatic clicking on the link. Here's the message (Subject: line details vary with each message):

From: craiglist - automated message, do not reply <robot@craiglist.org>
Subject: POST/EDIT/DELETE : "Great poker action" (antiques)

IMPORTANT - FURTHER ACTION IS REQUIRED TO COMPLETE YOUR REQUEST !!!

FOLLOW THE WEB ADDRESS BELOW TO:

• PUBLISH YOUR AD


• EDIT (OR CONFIRM AN EDIT TO) YOUR AD


• VERIFY YOUR EMAIL ADDRESS


• DELETE YOUR AD

If not clickable, please copy and paste the address to your browser:

Click here

PLEASE KEEP THIS EMAIL - you may need it to manage your posting!

Your posting will expire off the site 7 days after it was created.

Thanks for using craigslist!

The link is to a hijacked web site, where the user sees the "Loading... Please wait..." message referenced many times in this blog. Behind the scenes, the page is running some obfuscated JavaScript that sends your browser on its way to malware hell. Although these lures typically affect only unpatched Windows machines, the social engineering is good enough to lure anybody to potentially zero-day Windows and/or Mac infections. In other words: Don't Go There!

Always verify the actual link addresses (roll your mouse pointer atop the link, or, for touch screens, touch and hold on the link) of any unusual or unexpected email message.