Please be aware of bogus emails from legitimate domain registrars quoting that your domain name has been suspended due to a violation of your terms and conditions. We received the following email, some of our details have been redacted for security reasons.
Dear Sir/Madam, The following domain names have been suspended for violation of the WEBFUSION LIMITED Abuse Policy: Domain Name: DOMAIN.COM Registrar: WEBFUSION LIMITED Registrant Name: John Smith Multiple warnings were sent by WEBFUSION LIMITED Spam and Abuse Department to give you an opportunity to address the complaints we have received. We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone. We had no choice but to suspend your domain name when you did not respond to our attempts to contact you. Click here and download a copy of complaints we have received. Please contact us for additional information regarding this notification. Sincerely, WEBFUSION LIMITED Spam and Abuse Department Abuse Department Hotline: 480-902-4799
The email body contains a link to download the report of the violation which is typically pointing to a ‘hacked’ website which is hosting the PHP script which then will download the Malware infected file onto your computer using a basic .SCR (screensaver) execution method.
We ran the infected file through a online file scanner to confirm the type of threat we had just downloaded.
Out of 46 scan engines only 1 detected this file to be Malware (F-Secure), potentially if you were running any other type of software it would of failed to protect your computer and you would now be at risk of being hacked.
To see the results please (copy and paste) this URL.
Phishing attacks are now becoming more sophisticated and targeted which is a growing online threat. Most users who are infected with this type of Malware attack will not be aware they are now communicating confidential information such as passwords, banking information and emails directly to the attacker even if they are using the latest Anti/Virus software.
If you have received a notice from a domain or hosting company please forward it onto us at
firstname.lastname@example.org and we will investigate.