Spammed YouTube Service Scam
I received (again) social engineered emails with these subjects
Every clickable link in the html crafted email points to a same specific site.
The links directs you to hxxp://secondhand.gatial.sk/holds.html with the use of a simple embedded javascript:
Well, at the time of this writing, holds.html redirects to hxxp://rxmental.com website.
With the same email subject, here's another one.
And hxxp://chartspensrecorders.com/impressed.html contains the following source.
<html><head><script type="text/javascript">window.location="http://dietphlimb.com";</script></head><body><a href="http://dietphlimb.com">Enter</a></body></html>
Both sites redirects to different online sales websites selling Men's Health Drugs such as Viagra and Cialis.
Here's what google has to says about hxxp://secondhand.gatial.sk/holds.html and hxxp://chartspensrecorders.com/impressed.html.
Here are the whois registration of the said sites:
Domain-name gatial.sk
Admin-id JOZE-0508
Admin-name Ing. Jozef Gatial
Admin-legal-form zivnost
Admin-org.-ID 33281131
Admin-address Orgovanova 10, Zvolen 960 01
Admin-telephone 0903807271
Admin-email @gmail.com
Tech-id PSLU-0001
Tech-name Pocitacove sluzby spol.s r.o.
Tech-org.-ID 31589600
Tech-address Tulska 6, Zvolen 960 06
Tech-telephone 045/5324100, 045/5324100
Tech-email @pos.sk
dns_name ns.wbsk.sk
dns_name ns1.wbsk.sk
dns_name ns2.wbsk.sk
Last-update 2010-01-11
Valid-date 2011-01-13
Domain-status DOM_OK
IP: 212.5.219.72
IP Location: Martin, Slovakia
Website Status: active
Server Type: Apache
Domain Name: chartspensrecorders.com
Registrar: TRUNKOZ TECHNOLOGIES PVT LTD. D/B/A OWNREGISTRAR.COM
Whois Server: whois.ownregistrar.com
Referral URL: http://www.ownregistrar.com
Status: OK
Name Servers:
ns1.web-mantra.com
ns2.web-mantra.com
IP: 216.185.43.230
IP Location: Columbus, United States
Website Status: active
Server Type: Microsoft-IIS/6.0
The sites are harmless but the redirection may change at any time. Better be aware of these Youtube spams and think before you click.
YouTube Service sent you a message: Your video has been approved
YouTube Service has sent you a message: Your video has been approved
Every clickable link in the html crafted email points to a same specific site.
The links directs you to hxxp://secondhand.gatial.sk/holds.html with the use of a simple embedded javascript:
<html><head><script type="text/javascript">window.location="http://rxmental.com";</script></head><body><a href="http://rxmental.com">Here</a></body></html>
Well, at the time of this writing, holds.html redirects to hxxp://rxmental.com website.
With the same email subject, here's another one.
And hxxp://chartspensrecorders.com/impressed.html contains the following source.
<html><head><script type="text/javascript">window.location="http://dietphlimb.com";</script></head><body><a href="http://dietphlimb.com">Enter</a></body></html>
Both sites redirects to different online sales websites selling Men's Health Drugs such as Viagra and Cialis.
Here's what google has to says about hxxp://secondhand.gatial.sk/holds.html and hxxp://chartspensrecorders.com/impressed.html.
Here are the whois registration of the said sites:
Domain-name gatial.sk
Admin-id JOZE-0508
Admin-name Ing. Jozef Gatial
Admin-legal-form zivnost
Admin-org.-ID 33281131
Admin-address Orgovanova 10, Zvolen 960 01
Admin-telephone 0903807271
Admin-email @gmail.com
Tech-id PSLU-0001
Tech-name Pocitacove sluzby spol.s r.o.
Tech-org.-ID 31589600
Tech-address Tulska 6, Zvolen 960 06
Tech-telephone 045/5324100, 045/5324100
Tech-email @pos.sk
dns_name ns.wbsk.sk
dns_name ns1.wbsk.sk
dns_name ns2.wbsk.sk
Last-update 2010-01-11
Valid-date 2011-01-13
Domain-status DOM_OK
IP: 212.5.219.72
IP Location: Martin, Slovakia
Website Status: active
Server Type: Apache
Domain Name: chartspensrecorders.com
Registrar: TRUNKOZ TECHNOLOGIES PVT LTD. D/B/A OWNREGISTRAR.COM
Whois Server: whois.ownregistrar.com
Referral URL: http://www.ownregistrar.com
Status: OK
Name Servers:
ns1.web-mantra.com
ns2.web-mantra.com
IP: 216.185.43.230
IP Location: Columbus, United States
Website Status: active
Server Type: Microsoft-IIS/6.0
The sites are harmless but the redirection may change at any time. Better be aware of these Youtube spams and think before you click.
