Fake Classmates.com E-mails Link to Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

AppRiver security researchers recently uncovered a new malicious spam campaign that delivers e-mails posing as notifications from Classmates.com.

"AppRiver provided a fake Classmates.com sample e-mail and we must admit that it’s almost perfect as far as the design goes," writes Softpedia's Eduard Kovacs. "Most of the logos and the text are in the right place, thanking users for joining the Classmates community and urging them to click on a link to verify their email addresses."

Those links, though, don't lead to Classmates.com.

"They all lead to one of 202 different domains we're seeing (so far) that house some malicious, obfuscated JavaScript that lead to a Java exploit called 'set.jar' that's bent on taking over victim PCs," writes AppRiver senior security analyst Fred Touchette. "Currently we've seen over 12 million pieces of mail related to this campaign coming in at about 98 pieces per minute per domain. When you do the math that's just under 19,000 pieces per minute."

"The compromised domains are part of the Blackhole Exploit Kit, a piece of malware that allows cybercriminals to build their own botnet," writes SecurityNewsDaily's Matt Liebowitz. "The security firm Trend Micro spotted a host of other organizations currently being spoofed by Blackhole scammers, including Bank of America, Verizon, PayPal, AT&T, Citibank, Ticketmaster, and -- not surprising, given its recent password breach -- LinkedIn."

Submit a Comment

Loading Comments...