If, like me, you own a website then watch out for malicious emails like this.
From: ENOM, INC <firstname.lastname@example.org>
Subject: Domain EXAMPLE.COM Suspension Notice
The following domain names have been suspended for violation of the ENOM, INC. Abuse Policy:
Domain Name: EXAMPLE.COM
Registrar: ENOM, INC.
Registrant Name: JOHN DOE
Multiple warnings were sent by ENOM, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Please contact us for additional information regarding this notification.
I can easily imagine a spammed-out malware campaign like this fooling some people.
Because the email mentions your real name, your website domain name and (most importantly) says that your domain has been suspended you might rush to click on the link.
eNom, Inc. is a legitimate domain name registrar, and my site may be registered with them, but the link in the email doesn’t go to eNom’s website.
Instead it goes to a third party site – most probably hacked – hosting a file called example.com_copy_of_complaints.pdf.scr (the precise name will vary depending on your domain name).
Did you spot the .SCR at the end of the filename? That’s the extension that is normally used for executable Windows screensavers – so it doesn’t look like it’s a real Adobe PDF file. Not that I would trust it even if it were a PDF file to be honest, as there are so many Adobe vulnerabilities doing the rounds!
According to VirusTotal, a small number of anti-virus products are currently identifying the file as malicious.
If you were to open the file on your computer, your website would almost certainly not be suspended but you would have a whole host of other problems…
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.