Malicious Notification Spam: Account Verification
Websense Security Labs™ ThreatSeeker™ Network has detected a malicious spam outbreak with the Subject line "Account Verification". As of June 22, we have counted more than 100,000 of these messages. The attack message is disguised as coming from Digg.com. It asks the recipient to verify their Digg.com account. Clicking the "Password change" link in the email body redirects the user to malicious websites (see the screenshot below).
Malicous email body screenshot :
The malicious payload :
There are two malicious links in the payload. The first link redirects the user to a site that prompts the user to download a Trojan file (29% detection). The second link (in an iframe) redirects the user to a site laden with exploits.
Websense Messaging and Websense Web Security customers are protected against these attacks.