June 22, 2010

Malicious Notification Spam: Account Verification

Shiyu Bai

Websense Security Labs™ ThreatSeeker™ Network has detected a malicious spam outbreak with the Subject line "Account Verification". As of June 22, we have counted more than 100,000 of these messages. The attack message is disguised as coming from Digg.com. It asks the recipient to verify their Digg.com account. Clicking the "Password  change" link in the email body redirects the user to malicious websites (see the screenshot below).


Malicous email body screenshot : 


The malicious payload :


There are two malicious links in the payload. The first link redirects the user to a site that prompts the user to download a Trojan file (29% detection). The second link (in an iframe) redirects the user to a site laden with exploits.


Websense Messaging and Websense Web Security customers are protected against these attacks.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.