Malware as twitter password reset

Wow.  This caught me by surprise this morning.  The message below (forwarded to Google Mail) looks legit, but if you hover over the link, you see it points to a binary (password.exe) hosted on gameroomhaven.com.

Most of the message is legit.  The links at the bottom of the post are legit, pointing back to twitter.com.  However, the e-mail address in the SPAM is one I only use for a high school alumni site.  Based on that, I started to look at the message more carefully and noted the malware link posing as the password reset URL.

Lesson here, don’t click on links in your e-mail without verifying the source.

Using the Google Mail ‘Show original’ feature (drop down in upper right corner of each message) showed the source code for the message where the malicious URL is obvious. A snippet from the original below:

Hey there.

Can't remember your password, huh?
It happens to the best of us.

Please open this link in your browser:

http://www.gameroomhaven.com/password.exe

This will reset your password.
You can then login and change it to something you'll remember.
image
Technorati Tags: ,