FryUp under phishing attack… or not quite
Got a somewhat baffling email this morning, in HTML, asking me to reset the password for fryup@computerworld.co.nz.
It was flagged as spam (obviously) and seemed at first like a "phish" to capture usernames and passwords but . . . what would be the point of that? There's no account as such for the fryup email address but even if there was one, a phisher couldn't do much apart from subscribe to and unsubscribe from various newsletters.
Turns out the message is "phish spam" or maybe even "spam phish" because the Korean site referenced to in the HTML (don't go there, likely to be unsafe) hawks the usual Intarweb make big penis fast pills and bogus meds.
There's been an upsurge in old-fashioned spam of the above type, and it's sad to see it's still around. Guess there are enough idiots around buying buying dodgy pills laced with human faeces and e-coli still to make it worthwhile.
Thanks guys, you're really making it better for everybody.
Return-Path: <ethicalp@roycon-dubai.com>
X-Virus-Scanned: amavisd-new X-Spam-Flag: YES
X-Spam-Score: 16.009
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.009 tagged_above=4 required=6.8
tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RDNS_NONE=0.1,
SARE_RECV_PORTHELO_2=2, URIBL_AB_SURBL=1.86, URIBL_BLACK=6,
URIBL_WS_SURBL=1.5]
X-Greylist: delayed 00:18:31.060287 by SQLgrey-1.6.7
Received: from 75-149-84-236-Illinois.hfc.comcastbusiness.net ([75.149.84.236])
by machine.fairfaxbm.co.nz (Lotus Domino Release 7.0.2)
with ESMTP id 2010063010053986-2830 ;
Wed, 30 Jun 2010 10:05:39 +1200
Received: from 75.149.84.236 (port=6768 helo=[Supervisor2])
by roycon-dubai.com with asmtp
id 1423E7-000531-79
for fryup@computerworld.co.nz; Tue, 29 Jun 2010 17:02:44 -0600
Message-ID: <5BEF39C4.9141278@roycon-dubai.com>
Date: Tue, 29 Jun 2010 17:02:44 -0600
From: "computerworld.co.nz support" <support@computerworld.co.nz>
MIME-Version: 1.0
To: fryup@computerworld.co.nz
Subject: ***SPAM*** Reset your computerworld.co.nz password
X-Spam: Not detected
X-Mras: OK
X-MIMETrack: Itemize by SMTP Server on Machine/NZWeb(Release 7.0.2|September 26, 2006) at
30/06/2010 10:05:40 AM,
Serialize by Router on Machine/NZWeb(Release 7.0.2|September 26, 2006) at
30/06/2010 10:24:12 AM
Content-Type: text/html; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<title>Reset your computerworld.co.nz password</title>
</head>
Hello, fryup@computerworld.co.nz.<br> <br>
We received your request to reset your computerworld.co.nz password. To con
firm your request and reset your password, follow the instructions below. C
onfirming your request helps prevent unauthorized access to your account.<b
r> <br>
If you didn't request that your password be reset, please follow the instru
ctions below to cancel your request.<br><br>
CONFIRM REQUEST AND RESET PASSWORD<br><br>
Click on the following web address:<br><br>
<a href=3D"http://sonda.co.kr/index2.html">https://computerworld.co.nz/conf
irm.srf?lc=3D1033=3Dfryup@computerworld.co.nz=3D1</a> <br> <br>
CANCEL PASSWORD RESET<br><br>
Click on the following web address:<br><br>
<a href=3D"http://sonda.co.kr/index2.html">https://computerworld.co.nz/CANC
EL.srf?lc=3D1033=3Dfryup@computerworld.co.nz=3D1</a> <br><br>
Thank you,<br><br>
computerworld.co.nz Team
</body>
</html>
Other related posts:
Google Docs a phishing site
This is how ridiculous the whole Intellectual Property Rights situation is
What SOPA means for business and innovation
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Comment by Jason Hong, on 1-Jul-2010 01:56
The phishers might not care about the content on your site. However, keep in mind that since many people reuse the same password for many sites, so breaking into one site means breaking into many sites.