After a number of posts and announcements about compromised data in the Return Path network, phishing networks are taking on a new vector… this time with the hopes of scaring you into installing these malicious tools and viruses on your PCs… This weeks target the Spamhaus.

The Messages will appear similar to this (image provided for your safety), and will like to a site with the virus payload highlighted to catch your eye (Click for full size).

In an announcement on the Spamhaus blog a detailed report of these phishing messages and how to protect yourself from falling prey to them was recently published.

The key messages from the Spamhaus are:

  • The Spamhaus does not send notification of SBL listings, unless your registered to receive them (you’d know if you are)
  • The Spamhaus not send attachments in any automated messages, they will from time to time to individuals they are working with on a case or listing – these should be expected emails/attachments though.
  • The spamhaus does not offer installed desktop clients to view an SBL listing – find the link here to check your IPs
  • Messages are sent from Spamhaus White listed IPs, in plain text with a valid SPF authentication record.

Be very careful if you receive these notices, do not even click on the link – not even if your curious about the file it will download. Education is the best defense to these types of highly targeted spear phishing attacks.