You don’t really have a secret admirer, honest… don’t try this at home unless you have a sandboxed VM that you can trash at will.
Check it out at the bottom of this post. Interestingly, several different URLs are used in the spam email, scattered around several countries – somebody’s put a nice bit of effort into this one…
All credit to http://thedailywtf.com/Articles/Element-of-Violence.aspx
Cite: http://www.google.com/safebrowsing/diagnostic?site=metacafe.com “Of the 15199 pages we tested on the site over the past 90 days, 5944 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-05-18, and the last time suspicious content was found on this site was on 2012-05-17.” […]
Subject: “FWD: ALERT: You have an E-Card from your Secret Admirer. Clicking on the URL leads you here – just so we’re all clear, nobody actually has a crush on you (sorry): Click on “My Profile and Pics” and you end up at adultfriendfinders.com: The Privacy Policy hyperlink and Terms of Use […]
This, I would have to say, is a pretty basic, and bad, screwup. “a quality assurance mistake can cause OS X users’ FileVault encryption passwords to be exposed” Cite: http://nakedsecurity.sophos.com/2012/05/06/apple-update-to-os-x-lion-exposes-encryption-passwords/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security “It appears that a debug option was accidentally left enabled in FileVault, resulting in the user’s password being saved in plain text in a log […]
checkingserve.com ICANN Registrar: Register.com Inc Created 24 April 2012 IP: 216.21.239.197 Registrant: Tom Baker (medows_time@yahoo.com) ***** trackingserviced.com ICANN Registrar: Register.com Inc Created 26 April 2012 IP: 216.21.239.197 Registrant: Tom Baker (medows_time@yahoo.com) ***** directionmedian.com ICANN Registrar: Register.com Inc Created 20 April 2012 IP: 216.21.239.197 Registrant: Hidden behind Domain Discreet Privacy Service ***** adalphatrack.com ICANN Registrar: Todaynic.com, […]
http://blog.openx.org/05/security-update-for-openx-28-users/ “A recent security issue with OpenX versions 2.8.0 – 2.8.8 means users of these versions of the platform should take the following steps: 1. Secure their servers by removing the files being exploited: www/admin/account-settings-debug.php www/admin/plugin-index.php www/admin/plugin-settings.php www/admin/admin-user.php 2. Removing these scripts will impact some of the user/plugin management systems, but will not affect […]
Again, it’s not real – and again, hovering over a hyperlink in the email is a dead giveaway…
The pictured emails are not real Facebook emails – look at the URLs that are exposed when you hover your mouse cursor over the “sign in” and “reactivate” links.