Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Xanga Malware Lure | Main | Fake GoDaddy Emails »

August 03, 2012

Fake Reuters.com Malware Lure

Today it's the Reuters.com brand that attracted the malware delivery jerks. The message disguises itself as a confirmation of having signed up for online news delivery. Here is the full text:

Subject: Welcome to Reuters.com

Dear Reuters.com Member,

Welcome to Reuters.com!

Please click here to activate your account.

Your User ID is [removed]@dannyg.com.

Be the first to know the latest business , financial and world news headlines as they happen. Reuters.com is continuously adding new and innovative tools and products to help our users access the latest news and information -- anytime, anywhere .

Start enjoying the benefits of being a reuters.com subscriber now:

Download analyst research reports from a number of respected sources
Create research watchlists and portfolios to track stocks and other investments
Use screeners to search for stocks and funds that meet your needs
Set up alerts to track market activity , companies and portfolios
Sign up for daily newsletters to get the latest financial and world news
Access Reuters award-winning pictures and videos
Reuters.com delivers professional-grade news, opinion and analysis, providing key decision makers their "inside edge."

Sincerely,

Stanley Macias

Global Editor, Reuters.com

This email is automatically generated and was sent to you to complete your registration on reuters.com.
To unsubscribe or to change your preferences, please click here. If you did not recently register on reuters.com, please contact us at http://reuters-en.custhelp.com/cgi-bin/reuters_en.cfg/php/enduser/home.php.

The message body is designed to look like a text-only version, but it's HTML and loaded with links. A few of the links actually go to reuters.com, but the majority of them—including the one for unsubscribing—goes to a hijacked web site that serves up a JavaScript redirector to the real bad stuff.

When you first get this kind of email, you might believe that the alleged sender is spamming you. When it comes from a brand name you know, you might get enraged: "So Reuters is spamming me now?" Thus riled up, you head for the unsubscribe link to tell reuters.com to which Hell to go. And that's when the malware trouble begins, without reuters.com ever having been involved.

Posted on August 03, 2012 at 09:11 AM