Spam

Today has been quite a busy day for scammers. We have been tracking a global scam/spam run that targets Facebook users. The lure used in the run is a familiar one: Facebook Password Reset Confirmation! Customer Support. The email looks like the following [Just it won’t notify you it’s Spam, it’s my own Software 😉 ]: The activity on this particular scam run has been global from the beginning. The malware in the attachment is pretty much what one would expect: downloaders, password-stealing Trojan, fake-AV, or bot stuff, depending on which one you got. Check out the Artemis map of this malware: ...

About a year or so ago one of the “McMarketeers” decided it would be fun to run a campaign against “fram”–spam that friends send you. As you might guess, we in the Labs have no friends, so it was no problem for us to ridicule the idea. However, around the coffee machine the other day I got involved in a quick discussion about spam on Facebook. A long-term social networker genuinely thought that Facebook spam did not exist and that all the noise was from Facebookers playing games or using annoying apps. So I offered to write up an example. ...

Hot on the heels of the Patch Tuesday announcements yesterday, came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link. ...

A while ago I was writing about twitter spam and I was trying to make a brief definition of this kind of spam: It follows a lot of users , has 1 post and is followed only by a few persons. Well, this changed now, because the theme became much more interesting for the people on Twitter: how to loose weight. Ironically, the URLs on Twitter also make a diet – they always get “compressed” using link shortener services. ...

There’s an angelically tinged infection doing the rounds at the moment that has more than a whiff of sulphur about it. We can’t say for definite, but it looks like the point of this little angel is to turn your PC into a file storage area for an IRC channel since it dumps you into #music IRC channels and makes sure you can accept various media files. Our tale begins with an Email, claiming you have a “funny picture from Facebook friends” waiting for you at Oast(dot)com: ...

Cybercriminals are attacking bloggers who use Google’s Blogger.com. We have received emails intended for bloggers to update their account. Here’s the snapshot email of the email we have received: The email contains link that will redirect to fake login page of the “Blogger.com”. As seen from the highlighted link, it has a root domain “*.erdca.kr” which is differ from the authentic root domain of blogger.com. The fake login page which is known as phishing site appears to be like this: ...

We frequently read stories about spammers who can circumvent CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) authentication. Using bot-infected machines, they can create a vast number of random e-mail accounts for spamming purposes. This week, a federal judge in Newark, New Jersey, revealed the latest use of a botnet-like network with a CAPTCHA breaker. In this case, the computers overseen by the defendants were used to buy seats for high-profile concerts and sports events from ticket sellers’ websites. The defendents later allegedly resold the tickets on Internet at much higher prices. ...

Somebody is trying to pose as F-Secure. If you see an email like the one below, just ignore it: Before you ask: No, we’ve never heard of “F-Secure HTK4S anti-virus” either.

This morning while I was enjoying my coffee I received an event notification for my personal Facebook account. It was for a group called “See Who’s Spying On Your Profile – GET NOTIFIED -”. and “See Everyone Who Views Your Profile”. Immediately, my security hat went on and I started to investigate. At first glace, they are both pyramid schemes. In both, you become a fan, then you have to suggest the page to 50 of your friends to move onto the next stage. From there the tactics diverge slightly. In the first one, you need to take a marketing quiz that asks for all sorts of personal info, and you need to put in your Facebook username and password, so they can “monitor” your profile. AND you have to provide them with your mobile number. Now wait a minute… why would they need my mobile number? ...

The 2010 Winter Olympics were held in Vancouver, Canada, from February 12-28. With more than 82 countries participating and millions across the globe catching day-to-day action, it was sadly quite obvious that we would see spam attacks centered on this event. However, the volume of spam relating to the Winter Olympics is actually very low, which is unlike the Beijing Olympics, when spam campaigns had started way before actual event. In the case of the Winter Olympics, spammers seem to be only now waking up from their slumber. ...