Another wave of spam messages trying to get users to click on an attached link has appeared. The text of the spam is similar to this: “Hi, someone ‘borrowed’ some of your pictures and put them with a pretty inappropriate commentary on their stupid blog: http://www.seznann.eu/xxxxxxxxxxxxxx/fotka.jpg Luckily, your name isn’t there, and there are photos of other people as well so it’s fairly lost in there, but I thought you should know :)”

The part of the URL replaced by xxxxxxxxxxxxxxx in this example always seems to be a unique combination of letters and numbers, and may be for example trying to verify that the e-mail address is active and used. It may, however, also be an attempt to attack the browser and operating system of the user with malware, turning their computer for example into a part of a botnet.

The used domain seznann.eu is an interesting feature, trying to confuse users with its similarity to the name of the well-known Czech search portal.

We will be analysing the incident further and will ask the appropriate institutions to disable the misused server. We strongly recommend not clicking on links in such e-mail messages and possibly also forwarding the message to us at abuse@csirt.cz so that we can request taking the server offline as soon as possible.