The labs are working on it – but this just arrived from a facebook friend – an invitation to an event on facebook – supposedly to win two tickets from SouthWest Airlines… well, following our own perennial advice, we looked carefully at the embedded link (URL) – and it was HIGHLY suspicious – instead of a “SouthWest.com” link – the URL used a raw IP address… namely 23.21.154.126 – which appears to be DropBox.
Hmm.. most interesting…
So we dropped into some diagnostic tools and looked at the page – it was an immediate redirect to another page… yes, this is very fishy…
Next – that page uses cached images, through an anonymizer service, to hide the site doing the calling of those images – and presents a “fake” SouthWest competition page… on that page, entering something would bounce you to any one of 121 hidden addresses (all hidden behind a URL shortener) – at that stage – we stopped… time to call in the virus-labs to do the heavy lifting…
Please beware – do NOT click on offers that arrive – without a heavy dose of caution… even from facebook friends…
