Cool spammed malware trail

I got a spam today saying the Beijing Olympics had been cancelled, so I was all "O hai, Botnet, I can has spamtrail?" (Because I hear the Russians are using fake news headlines to induce people to open the mail now. And part of this trail goes through Russia, as we'll see.)

The whole story (well, as much as I've followed and written down so far) is over here because it is really detailed. But it's fun so far, because not only is the main injection page obfuscated, it appears to be encrypted and the decryption code is itself obfuscated and located on a different server. In Russia.

So far, it's been instructive, as always when one unravels these threads. More later.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.