The spam emails contain no subject and the bodies of the message contain only a single url with no comment added.
"Less is more" and this is probably the tactic of the hacker (scammer) to involve fewer text to not arouse suspicious from receiver of the scam email. This is probably the reason why some victims have clicked the url indicated.
We cannot confirm if your email account will be hacked immediately once you open the URL or is it a phishing page that asks you to key in your password to login to your email account.
Below are some of the scam URLs we have gathered for the past few days:
PLEASE DO NOT OPEN ANY OF THEM.
http://www.blindenvy.com/wp-content/themes/fspring_widgets/googles.html?mcg=qsd.gio&ytr=wjog.sus&eec=zmsw
http://www.theh2solution.com/wordpress/wp-content/themes/theh2solution2ndgeneration/googles.html?cab=ef.hsm&rt=te.jheg&shc=lzgx
http://www.puluu.com/wp-content/themes/inove/googles.html?awe=vh.psml&ony=wjog.we&mhh=rksi
http://savingtoberich.com/wp-content/themes/headway-2013-1742/goodbody.html
http://robertcrew.net/wp-content/themes/twentyeleven/yahoolinksus.html
http://www.astro.com.py/wp-content/themes/astro/body.html
http://bijouxmarilou.com/wp-content/themes/Sabuy/googles.html?sdm=gwhj.sxfs&wm=er.wrhg&oeo=bmbq
http://tasteofkiwi.co.nz/wp-content/themes/k2/googles.html?awe=vbb.jieg&shn=te.jyg&ghb=puln
http://dallidata.da.funpic.de/actressearly/Richard_Morris97/
http://www.derinlikreklam.com/healthylife.html
We have noticed some similarities in the URLs, which may be linked to WordPress, which also includes a HTML file "googles.html" - of course, not for all. Therefore, we cannot confirm if all of them are the work of the same scammer. All, except for the last 2 URLs, are hosted by the webhost dreamhost.com.
Our analyzed results are (excluding the last 2 URLs):
1. The scammer may own all the domain names and has created the paths to mislead victims
2. The scammer may have hacked the webhost and uploaded the files
3. The scammer may have created a dummy plugin for WordPress blog owners to install
Whatever is the case, do make sure you let your friend know if he/she has sent you an email with similar URL. In fact, you should not open just any URL in email without checking with the sender. Victims should change their email accounts' password immediately and possibly, do a full system anti-virus scan.
I've been having this problem too, something using my yahoo email account to send all kind of links (with /wp-content/themes/ similarities) to people in my address book.
ReplyDeleteWhat I don't understand is whether my computer has been compromised by malware, or a website I visited injected a malware? or anything else?
I haven't find antivirus that address this problem, my free avast! doesn't detect anything.
Hi, please change your email's password immediately.
DeleteWe are not sure if this would cause problem in your system or not. You should do a full system virus scan in window's safe mode.
(sorry that we have approved your comment only now because it has somehow landed into the spam list automatically)