Cybercriminals are masters of multi-tasking. For instance, whenever a web server gets compromised, they will not only use its clean IP reputation to host phishing, spam and malware samples on it, they will also sell access to the shell allowing other cybercriminals the opportunity to engage in related malicious activities such as, mass scanning of remotely exploitable web application vulnerabilities.
Today, I intercepted a currently active phishing campaign that’s a good example of a popular tactic used by cybercriminal known as ‘campaign optimization’.
The reason this campaign is well optimized it due to the fact that as it simultaneously targets Gmail, Yahoo, AOL and Windows Hotmail email users.
Sample screenshot of the spamvertised phishing email:
Spamvertised URL hosted on a compromised Web server: tanitechnology.com/fb/includes/examples/properties/index.htm -
the URL is currently not detected by any of the 28 phishing URL scanning services used by the VirusTotal service.