Classmates.com Scam Sets Up Fake Reunions to Infect Your Computer with Malware

The invitation for Classmates.com that just hit your inbox probably seemed like perfect timing. After all, it's been several decades since you've met up with your high school classmates, and you're feeling extra nostalgic today after a long day at work. You might think that the timing's just perfect, but it couldn't be more worse--because what you might have there might just be an email invitation to fall victim to a scam.

Security experts from AppRiver have intercepted several of these emails and discovered that they're actually part of a ploy by cyber criminals to get you to hand over the reins of your computer--to them.

They're good at it, too. The messages they've sent out mimic emails that Classmates.com sends out to new members, complete with fake account info and well-put-together graphics. The emails contain a decent amount of links, supposedly directing to related pages on the networking site. However, none of them lead to Classmates pages at all and instead redirect to one of several hundred domains that host some pretty nasty malware.

The [links] all lead to one of 202 different domains we're seeing (so far) that house some malicious, obfuscated JavaScript that lead to a Java exploit called "set.jar" that's bent on taking over victim PCs. Currently we've seen over 12 million pieces of mail related to this campaign coming in at about 98 pieces per minute per domain.

-- Fred Touchette, security expert at AppRiver

The compromised domains are allegedly part of the Blackhole Exploit kit, which cyber criminals use to gain access to PCs and turn them into botnets.

If you see an email allegedly from Classmates.com the next time you check your email, think twice about clicking on any of the links and double-check to see if it's legit or not. As always, keep your PC protected by installing an anti-virus program and keeping it updated.