August 09, 2012Fake GoDaddy Emails
This morning saw the arrival of a malware lure email I had not seen before. In the tradition of so many other emails abusing various brand names, this one puts on a GoDaddy mask, trying to get you to click on a link that loads malware on unprotected machines. Here's the email:
Subject: Domain Access Verification
Dear Secure Certificate Customer,
We have received a Certificate Signing Request for your domain.
Our query of the Whois database returned your name as the administrator for the domain in the certificate request.
In order to verify the validity of this request and that it was submitted by the entity to which the domain in the request is registered, please signify your final approval or disapproval of the certificate request by clicking the link below.
Approval of the request will enable us to continue processing your request. Failure to approve the certificate request will lead to denial of the request.
If the Verification Page requests it, please use the following Verification Key: 880754_57598
This part of our authentication process serves to ensure that only the entity/individual that controls the domain in the request can obtain a certificate for your domain.
If you encounter any problems or have any questions, our Customer Support Department is ready to help, around-the-clock, seven days a week.
For further information, log in to your account at https://certs.godaddy.com.
There is no customary GoDaddy garish artwork in the message—or even what I'd expect in the way of blaring the GoDaddy brand in the message body. Perhaps this is from a template that will show up with links that appear to go to other registrars. I say "appears," because the actual links are to a hijacked web site that start you down a redirection path ultimately leading to malware installation.
I knew this message was phony baloney without even opening it because I had moved whatever domains I once registered (or inherited) at GoDaddy to a different registrar. But if this message hits a genuine GoDaddy customer who normally maintains domain registration, it could be a computer that has access to some pretty sensitive corporate stuff—exactly the kind of stuff malware would love to snarf.
Be careful out there.