Saturday, 4 July 2015

Flipmailer - Flipora and more ....

It started with an email from I guy I know and have worked with from time to time but never been particularly close to. Let’s call him Bob.



Not visible in the image above – the From line in the message indicated Bob’s email address where the sender’s name usually goes, followed by an email address – <info@flipmailer.com>, suggesting this wasn’t really from Bob at all. And it claimed that Bob “would like to add me as a friend”. What sort of friend? It’s not a Facebook message. A “Flipmailer” friend? What’s that?
Hovering my mouse over both the Accept and Decline buttons in the message led to links on flipmailer.com – whatever that was.
So I emailed Bob, forwarding him the message and asking if it was something he’d initiated. His reply: “I can’ t explain… you are the third person to ask me about this. Do you have an explanation for me? Is there some way of stopping something like this?”
So I googled “flipmailer” and saw multiple listings of questions of whether it was malware, how to remove it, and more. Google’s Safebrowsing service claimed that flipmailer.com was “not currently listed as suspicious”, and McAfee SiteAdvisor similarly claimed “This link is safe” – but all those things indicated was that the actual webpage was not directly serving up malware.
Flipmailer.com connected to another “service” – flipora. Their website headlines “Flipora automatically learns what you like and helps you discover content that matches your interests” and includes links to Apple app store and Google Play Store apps along with NY Times, BBC, and other reviews.

After increasing the investigation I found the following results!
  • Spamvertized domain redirector Domain Name: FLIPMAILER.COM 
  • Creation Date: 2011-04-12 14:26:51 
  • Registrant Name: Registration Private
  • Registrant  Organization: Domains By Proxy, LLC (http://invites.infoaxe.net/signup_e.html + http://invites.fliporamail.com/signup_e.html + http://invites.fliporamailer.com/signup_e.html redirects to flipora.com ) flipora.com 
  • domain data hidden: Registered to "Domains By Proxy, LLC" / Creation Date: 2011-10-06 21:16:43 

... which then asks for gmail username and password, then steals address book and spams them too... "

Conclusion:

"Flipora and Infoaxe network are known spammers. They offers a fake service, when you sign up inadvertently giving access to the address book of your email account and those responsible for this spam used that information to send spam to contacts. Stay away from this spammers. "


Hope, I could help. For further Information you may use the Link to the Sources.
Source: lowendmac | malwaretips | trojaner-board