'Adultfriendfinder new messages' spam campaign hits hard

Filed Under: Spam

All week I've been blogging about spam campaigns that arrive with a variety of subjects, no message in the main body of the email, but an HTML attachment.

Opening the attachment (which Sophos detects as Troj/JSRedir-BO) redirects your browser to a third-party site. In our testing that has been a website selling online medications - one of the infamous Candian Pharmacy websites.

But as you're redirected to that online drugs store, you can also be hit by an exploit which attempts to load a booby-trapped PDF and slap you with an infected EXE file via some Java exploits.

The latest disguise being used in this spam campaign is a subject line of "adultfriendfinder new messages" with a file attached called adultfriendfinder.html. We are seeing many of these messages in our global network of spam traps right now.

Adultfriendfinder spam messages and subject lines

As you can see in the snapshot above, we're also seeing more romantically-themed variants of the campaign (well, it's hard not to be more romantic than AdultFriendFinder, right?) with an attachment called loveletter.html.

It's been more than ten years since we warned you to be careful of unsolicited loveletters arriving in your inbox. The rules remain the same - be careful about what files you open on your computer, especially when they look as suspicious as this.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley