Malware alert, fake Google message

Discussion in 'Alerts!' started by Garreg Ddu, Mar 3, 2017.

  1. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    The link in this email leads to a "PHP" file on the infected site, which attempts to download a Trojan, "JS:Redirector-BZS"

    PLEASE DO NOT CLICK ON THE LINK

    ==========================================

    Authentication-Results: spf=none (sender IP is 81.169.201.219)Received: from mail.futuremedia-computer.de ([81.169.201.219]) by COL004-MC5F28.hotmail.com

    Origin IP Address = 81.169.201.219 = Strato Rechenzentrum, Germany, Berlin, Berlin


    To: ***************
    Date: Fri, 3 Mar 2017 23:03:44 +0000
    Subject: Returned email message ****************
    From: GoogleTeam <drmosinee@mail2persephone.com>
    Return-Path: drmosinee@mail2persephone.com
    CMM-sender-ip: 81.169.201.219
    CMM-sending-ip: 81.169.201.219
    CMM-Authentication-Results: hotmail.com; spf=none (sender IP is
    81.169.201.219) smtp.mailfrom=drmosinee@mail2persephone.com; dkim=none
    header.d=mail2persephone.com; x-hmca=none
    header.id=drmosinee@mail2persephone.com
    SenderIP:81.169.201.219;WIMS-SPF:mail2persephone%2ecom;WIMS-

    Anna Ali (Google Team) has sent you a message:

    3/03/2017
    Returned email message.

    Learn more ..... The link leads to a site "shanediesel.com" which has an infected file, serviceable.php


    Don't want occasional updates about Google activity? Change what email Google Team sends you.
     

Share This Page