(click for larger image)
Now doesn't this beat all. I got virus-injection spam purporting to be from a funeral home. All that I had to do was click a link. Here is the text of the spam (pictured above):
Funeral Home & Cremation Services
For this unprecedented event, we offer our deepest prayers of condolence and invite to you to be present at the
celebration of your friends life service on Sunday, February 9, 2014 that will take place at Eubank
Funeral Home at 11:00 a.m.
Please find invitation and more detailed information about the farewell ceremony here .
Best wishes and prayers,
Funeral home receptionist,
Copyright 2014 Funeral Home Website Design By: Frazer Consultants LLC
Notice the nice little touched like the copyright and designed by footer. It has the characteristics of regular spam. The mail domain is from one domain. When you hover over the link, it is another domain, and none of the names are the same as who the sender is supposed to be (Eubank Funeral Home in this case).
Speaking of the link, it goes to the domain DanielCespedes.com. It turns out that Daniel Cespedes is a guy who died while escaping police custody in Florida for statutory rape. He linked up with a minor MySpace celebrity called Kiki Kanibal who was a minor and apparently raped her. The domain is parked and under construction, but the spammers hacked the account and put their virus in a hidden page in that domain where the link takes you. Half the spam that comes is from hacked legitimate accounts. If you have dormant accounts, websites, email addresses etc, it helps to change the passwords regularly and make them really hard to guess with a good combo of letters, numbers and characters.
All this to say, never click out of curiosity. Remember, curiosity killed the cat.