Beware of fake emails purportedly from Craigslist
Contributed by: Email on 06/07/2012 10:32 AM
[
Comments
]
Another wave of fake emails are making the rounds. This new version is purportedly from Craigslist and contains links to websites hosting the Black Hole exploit kit. This coming a day after the web was already filled with the drama concerning the LinkedIn password dump.
The fake emails, 150,000 of which were caught by Websense Security Lab's Cloud Email Security portal yesterday, tries to convince the users that "FURTHER ACTION IS REQUIRED TO COMPLETE [THEIR] REQUEST!!!” They go on to claim that users must follow the ( malicious ) link in order to publish, edit or delete their ad or verify their email address. At the bottom of the email is a bold and capped piece of text that helpfully advises that users “KEEP THIS EMAIL.”
It is not known if this is just a blanket attempt with random emails or exclusively targeting individuals who are currently running ads on Craigslist. Websense officials haven't responded to a request for clarification on that point.
The list of email subjects include "Models for fine" (systems / network), "Studio4PaintWorkCatskills" (education), and "Show Your Art" (cars+trucks). Websense also reports that the malicious emails have seemingly legitimate sender addresses and are convincingly similar in appearance to real automated Craigslist notifications.
The malicious links in the emails are leading users to a compromised WordPress page containing obfuscated Java Script in the form of an iframe. According to Websense, the attackers are exploiting CVE-2010-0188 and CVE-2010-1885.
The fake emails, 150,000 of which were caught by Websense Security Lab's Cloud Email Security portal yesterday, tries to convince the users that "FURTHER ACTION IS REQUIRED TO COMPLETE [THEIR] REQUEST!!!” They go on to claim that users must follow the ( malicious ) link in order to publish, edit or delete their ad or verify their email address. At the bottom of the email is a bold and capped piece of text that helpfully advises that users “KEEP THIS EMAIL.”
It is not known if this is just a blanket attempt with random emails or exclusively targeting individuals who are currently running ads on Craigslist. Websense officials haven't responded to a request for clarification on that point.
The list of email subjects include "Models for fine" (systems / network), "Studio4PaintWorkCatskills" (education), and "Show Your Art" (cars+trucks). Websense also reports that the malicious emails have seemingly legitimate sender addresses and are convincingly similar in appearance to real automated Craigslist notifications.
The malicious links in the emails are leading users to a compromised WordPress page containing obfuscated Java Script in the form of an iframe. According to Websense, the attackers are exploiting CVE-2010-0188 and CVE-2010-1885.
Comments
