Spam messages using the LinkedIn brand


MX Lab, http://www.mxlab.eu, started to intercept a spam campaign by email with the subject”check it out” or “mother days flowers” where the LinkedIn email template is being used.

The email is sent from the spoofed email address “Mark Johnson via LinkedIn <mark844@daukskosos.com>” and has the following body:

The message has a lay out that LinkedIn is using in communication with their members.

Notice that this spam has an embedded imageat the end with the instructions on how to unsubscribe. The URL behind points to hxxp://gy-qes.daukskosos.com/ followed by some numbers.

When following the URin the spam message we got the following messages in our browser:

A few seconds later we are redirected and get the following message in  our browser:

Domain registration details:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com
	
Domain name: DAUKSKOSOS.COM

Registrant Contact:
   NA
   Anna Shay ()
   
   Fax: 
   NAa
   Olympic Valley, CA 96146
   US

Administrative Contact:
   NA
   Anna Shay (shay.touchsound@gmail.com)
   +1.5305808370
   Fax: 
   NAa
   Olympic Valley, CA 96146
   US

Technical Contact:
   NA
   Anna Shay (shay.touchsound@gmail.com)
   +1.5305808370
   Fax: 
   NAa
   Olympic Valley, CA 96146
   US

Status: Locked

Name Servers:
   dns1.registrar-servers.com
   dns2.registrar-servers.com
   dns3.registrar-servers.com
   dns4.registrar-servers.com
   dns5.registrar-servers.com
   
Creation date: 05 May 2011 00:19:00
Expiration date: 04 May 2012 19:19:00

The domain was registered yesterday at a low cost domain registrar and is now in use for spam campaigns. This domain is obviously registered in a bulk domain registrations with the intention to send spam from it for a while and then change domain again.

From this domain we have intercepted some other spam campaigns as well. Check them out:

Bidooka

Apple products – It’s all at your fingertips

Be a part of the Hottest Online Shopping Craze since eBay

Bid Now
hxxp://gy-qes.daukskosos.com/576ade776569dcd6338911a7e58cafabfd7233

Watch as the site unloads the biggest brand name products for pennies on the dollar

——————–
To unsubscribe please go here:
hxxp://gy-qes.daukskosos.com/576ade776569dcd6338912a7e58cafabfd7233

or send mail to:
Unsubscribe
4759 Boles Ct
Fremont, CA 94538

Click this link to unsubscribe: hxxp://gy-qes.daukskosos.com/a7e58cafabfd72333576ade776569dcd6

One thought on “Spam messages using the LinkedIn brand

Comments are closed.