Today an unsolicited email began appearing that stated it was from Facebook. The email comes with the subject line "Your account has been disabled by an administrator".
Hovering over the links in the email shows that we will visit paflape.smyslzivota.cz instead of Facebook. It’s worth mentioning that the spammers forgot a dot (.) in one of the URL’s rendering the URL irresolvable (paflapesmyslzivota.cz instead of paflape.smyslzivota.cz).
From there we are redirected to viagralevitratestosterone.com, registered on the 13th October 2011 via NETLYNX, INC.
The website viagralevitratestosterone.com sells fake versions of well known prescription drugs such as Viagra, Cialis, Vicodin etc ... in other words the Canadian Pharmacy which is a frontend for GlavMed, a rogue affiliate program run by a Russian cybercrime group.
The domain viagralevitratestosterone.com was also used in a mass spamming campaign two days ago. Reference: AOL Administration Center Notification leads to Canadian Pharmacy.
It is yet unclear if paflape.smyslzivota.cz has been hacked / compromised or not. Visiting the front page directly results in a similar redirect via soft.msk0.ru. The request does not complete at the time of the write-up as PHP errors halt the execution of the redirect script.
If you are a member of Facebook you can learn more and stay up tp date with ongoing spam issues at http://www.facebook.com/pages/Report-Online-Scams/120468575683.
No comments:
Post a Comment