Search FraudFYI

Monday, February 20, 2017

MALWARE ALERT! MALWARE scam disguised as Mystery Shopper Employment email from Mystery Shopping Services postmaster@infinitemail.com

DO NOT CLICK ON THE LINK IN THIS EMAIL!  The link takes you to http://promic.cl/plugins/system/p3p/activate/active/application.html which has been flagged by MULTIPLE VIRUS ENGINES as containing MALWARE as of 3 months ago!  The site may have been moved to another host and engines may not be updated today, however, it is still a MALWARE threat!  Full detains of the Virus Scan are below.

If you have clicked this link, run a full virus scan as soon as possible.  You can download free versions from safe websites such as https://www.malwarebytes.org/ and http://free.avg.com/us-en/homepage

Originating IP: 12.44.84.194
Originating ISP: At&t Services, Inc.
City: n/a
Country of Origin: United States

from:    Mystery Shopper <postmaster@infinitemail.com>
to:   
date:    Sat, Feb 18, 2017 at 7:51 PM
subject:    Mystery Shopping Invitation

Mystery Shopper, Inc.
Mystery Shopper is accepting applications for qualified individuals to become mystery shoppers. It's fun and rewarding, and you choose when and where you want to shop. You are never obligated to accept an assignment. There is no charge to become a shopper and you do not need previous experience.
Mystery Shopper NEVER charge fees to become a shopper, mystery shoppers are paid a prearranged fee for a particular shop, We have available for immediate assignment an inspection of the customer service of some stores and businesses in your area. This fee will be paid upfront. During this shop you will visit the location and make several observations as regards the customer service. You will be required to interact with the shop clerk. You may conduct the shop alone or as a couple.

Please click here to read about the Job Description

Please note: If this message goes to your spam mail, you need to move it to your inbox for the link to redirect to our sign up page.

Regards,

Mystery Shopping Services

---------------------------------------------------------------------------------------------------------------
This message is auto-generated from our server and replies sent to this email can not be delivered. This email is meant for:

From the HTML of the email:
<A style="PADDING-BOTTOM: 0px; MARGIN: 0px; OUTLINE-STYLE: none; OUTLINE-COLOR: invert; PADDING-LEFT: 0px; OUTLINE-WIDTH: medium; PADDING-RIGHT: 0px; COLOR: rgb(25,106,212); TEXT-DECORATION: none; PADDING-TOP: 0px; -webkit-padding-start: 0px; background-size: initial; background-origin: initial; background-clip: initial" href="http://promic.cl/plugins/system/p3p/activate/active/application.html" shape=rect rel=nofollow target=_blank><SPAN style="FONT-FAMILY: calibri; COLOR: rgb(255,255,255); FONT-SIZE: small; -webkit-padding-start: 0px"><STRONG><SPAN lang=EN>Please click here to read about the Job Description</SPAN></STRONG></SPAN></A>

Virus Scan Information:

From VirusTotal.com:
https://www.virustotal.com/en/url/450b4db1114ee7cdeb749e739b468b3b5c0b30158f861f1d8c69b233c3ac/analysis/1487601413/
URL:     http://promic.cl/plugins/system/p3p/activate/active/application.html
Detection ratio:     7 / 64
Analysis date:     2017-02-20 14:36:53 UTC ( 0 minutes ago )
AutoShun     Malicious site
Dr.Web     Malicious site
Malware Domain Blocklist     Malicious site
BitDefender     Malware site
Fortinet     Malware site
G-Data     Phishing site
Malwarebytes hpHosts     Phishing site

Previous:
VirusTotal metadata
First submission 2016-11-17 16:56:57 UTC ( 3 months ago )
Last submission 2016-11-17 16:56:57 UTC ( 3 months ago )
ExifTool file metadata
MIMEType
text/html
ContentType
text/html; charset=iso-8859-1
Generator
MSHTML 8.00.6001.18975
Title
Mystery Shoppers, Inc.
FileType
HTML
FileTypeExtension
html
Keywords
mystery shopping, mysteryshopping, mystery shop, mysteryshop, mystery shopper, mysteryshopper, free shopping, shopper, shopping, secret shop, secret shopper, secret shopping, work at home, home based business, home based employment, work for yourself, consumer research, marketing, sales visibility, quality control, sales management, increase sales, improve service

From https://sitecheck.sucuri.net/results/promic.cl
Website:     promic.cl
Status:     Site Potentially Harmful. Immediate Action is Required.
Web Trust:     Blacklisted (10 Blacklists Checked): Indicates that a major security company (such as Google, McAfee, Norton, etc) is blocking access to your website for security reasons. Please see our recommendation below to fix this issue and restore your traffic.

Scan for: http://promic.cl
Hostname: promic.cl
IP address: 186.103.213.249

System Details:
Running on: Apache
Powered by: PHP/5.6.27

Web application details:
Application: Joomla! - Open Source Content Management - http://www.joomla.org

Web application version:
Joomla Version 3.4.5 found at: http://promic.cl/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 3.6.4
List of Links Found
/index.php
List of scripts included
/modules/mod_featured_youtube_slider/library/contentslider.js
/templates/ajt005_j30/js/bootstrap.min.js
/templates/ajt005_j30/js/scrolltopcontrol.js
/templates/ajt005_j30/js/hoverIntent.min.js
/templates/ajt005_j30/js/superfish.js
http://code.jquery.com/jquery-latest.pack.js
List of iframes included
https://www.youtube.com/embed/5fN-ryAEgLw?theme=dark&color=white&autohide=2&showinfo=0&autoplay=1
https://www.youtube.com/embed/eUvPCbQbc7A?theme=dark&color=white&autohide=2&showinfo=0&autoplay=0
https://www.youtube.com/embed/KTT_Wl4Pcxg?theme=dark&color=white&autohide=2&showinfo=0&autoplay=0
https://www.youtube.com/embed/4_9BW5VbPWs?theme=dark&color=white&autohide=2&showinfo=0&autoplay=0

From https://quttera.com/detailed_report/promic.cl
promic.cl blacklist status
Quttera Labs - domain is Malicious.
"The malware entry is cached and may not reflect the current status of the domain. You can request re-consideration by Quttera malware research team."

No comments:

Post a Comment

Thank you for commenting! Your comment will be reviewed and posted shortly!