Have seen a bunch of spammy looking emails with subject line similar to
Incredible Formula Is Now Available For Everybody
All from random sender emails such as
With email bodies like this with a hyperlink on the last line
Tsss... Though this exclusive product is already out there for everybody on the web, the amount is very limited, so don't tell your friends about it until you get some first.
Advanced solution and redesigned formula has been created to help you get rid of excessive weight. Natural ingredients and secret components are exactly what you need to get back in a great shape and get your dream body.
Act now as next week it will already be too late. Get a beautiful and fit body like you deserve.
The hyperlink went to sites like this that appear to be probably outdated hacked wordpress sites with unpatched plugins
If the user clicks on any of those links the site simply redirects to this 1 single site, thus it's likely the attacker is the same for each site
The Page title on that page is
Gwen Stefani Shares Blake Shelton's Secret To Rapid Weight Loss (Pics Below)
No matter where you click on that page All links go to this follow-up url
If you decide you want to buy the product, clicking checkout goes to this page
Also found it interesting at any point on the fake sales pitch page if you remove the php file name it redirects you to a random sub-domain that contains the exact same content
Looks to me similar to past Pharma Hacks that I've seen where attacker is simply going around hacking weak wordpress sites in order to both bump up their search engine rankings and also simply generate traffic to their website to make money.
Let me know if I'm missing anything else important.
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2017, this post cannot be reproduced or retransmitted in any form without reference to the original post.