http://www.websense.com/securitylabs/blog/blog.php?BlogID=114 Not only is the lure subject: "Viral Video" but the function name in their javascript is 'function makemelaugh". :)
This is a follow up post on our alert we added earlier today (see: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=751 <http://www.websense.com/securitylabs/alerts/alert.php?AlertID=751> ). We have since discovered a different SPAM run that is using the same sites but with a different lure on a different compromised site. This version's lure is written in English, not German, and poses as website that hosts video on the web. In particular it lures users to view something called the "Redneck Slingshot". One piece of irony is the subject of the SPAM lure is "must see viral video". Assuming users click on the link they are redirected to a site which is hosted in the United States, and was up at the time of this entry. The site appears to also have been compromised and is pointing to the same site that our previous alert outlined (see: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=751 <http://www.websense.com/securitylabs/alerts/alert.php?AlertID=751> ))
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
