Spam

Spam mails claiming to be from Twitter that send you to pharmacy sites are a popular wheeze for spammers, and here we go again. It seems I have “two PR messages from Twitter”. If that wasn’t enough to get me clicking (it isn’t), I can also join in on sports conversations, argue with bloggers and tell the World when I stumble into some form of natural disaster. Hammering one of the many links will actually take me to 219(dot)84(dot)119(dot)56/afternoon(dot)html, which will send me to pharmacydrugstorehealthprofessionals(dot)net. ...

SophosLabs wrote: Do you want to know the total number of times that your Facebook wall has been viewed? Are you curious as to who may be stalking you on Facebook? If so, you’re a prime candidate for scammers who are exploiting that desire to put money into their own pockets. Here are the latest messages spreading virally between thousands of Facebook users who have fallen for the scam: ...

Symantec: Only a few days ago, Japan experienced one of the worst earthquakes in its history. The earthquake registered 8.9 on the Richter scale and triggered an enormous tsunami. The heart-wrenching images on television have left the world shaken. It was the worst earthquake and tsunami in the past century and at least 50 countries have since received related tsunami warnings. As the death and injury tolls continue to rise, one must not forget those who awake to exploit such delicate situations—spammers continue to maintain the guise of charitable institutions and governmental organizations! Don’t be surprised to suddenly see an email message in your inbox marked as URGENT and pleading with you for “monitory help” [sic] or a phishing mail urging you to donate to the rehabilitation of those affected by the quake and tsunami. Use prudence in finding out the genuine intent of email senders before you reach out or respond. ...

Thousands of Facebook users have been hit by a scam which claims to give them early access to a facebook.com email address. Messages, appearing in the news feed of users who have fallen for the scam, read: Just got my own email @facebook.com! Quickly get one before someone takes your name [LINK] However, clicking on the links leads you to a webpage which tricks you into giving a third party application permission to post to your Facebook wall. ...

Earlier this year I received a Facebook invite in my Yahoo! Mail account from none other than Angelina Jolie herself. I kid you not. While it’s true that we live in the Digital Age where communicating with anyone is a mere tap of a finger away—whether it’s via email, IM, Facebook, Twitter, etc.—the chances that Ms. Jolie would randomly reach out to a regular Joe, such as myself, is still pretty darn improbable. So, the following questions raced through my mind: ...

Symantec Connect: WikiLeaks.org is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users’ computers. Symantec is observing a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat. The spam email has subject line “IRAN Nuclear BOMB!” and spoofed headers. The “From” header purports to originate from WikiLeaks.org, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs WikiLeaks.jar which has a downloader ‘WikiLeaks.class’ file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat. ...

Symantec Connect: We have become familiar enough with malware creators poisoning popular search engine terms through SEO techniques in order to deliver their malicious files to a greater pool of unsuspecting users. Other popular services such as Twitter have not escaped the watchful eyes of the miscreants. This attack involves pumping out many of the same tweets with different accounts to push them into the Twitter trending list. That way more people are likely to see them even if the individual user accounts being used to send the tweets don’t have that many followers. Incidentally many of the accounts used in this attack don’t have that many followers and are quite fresh – meaning they are probably fake accounts set up specifically for the purpose of spamming tweets. ...

Mashable: A large number of messages containing only the link “goo.gl/R7f68” has appeared on Twitter today, redirecting the users to various malware-laden sites. The messages are mostly coming from disposable accounts, but they also appear on some accounts that appear to be genuine, which indicates that there’s a worm spreading and sending the messages from infected accounts. Furthermore, all of the messages containing the link are sent from the mobile version of Twitter. ...

You might be seeing something on your Facebook wall today: Sadly, it’s not a fun video. It’s just a phish. The link goes to apps. facebook.com/ lookatuhah, which then redirects to a phishing site: In other words, if you’re absent-minded enough to enter your credentials again, they will be used to then send more of these stupid fake videos posts to others — or do any of a number of other rather nefarious things.

Tom Kelchner, Sunbelt blog: Alert reader Laurie (my boss actually) forwarded a copy an email she received from a friend. It said the sender was “…pleased to announce the newest version of Antivirus 2010 for Windows.” There was a link to click, of course. Something called “Antivirus 2010” for sale in November is very odd for three reasons: It’s nearly 2011 and legitimate AV companies are putting out their 2011 versions. There was a rogue security product last year called “Antivirus 2010.” (VIPRE detection: FraudTool.Win32.Antivirus2010 (v)) Although a lot of companies make a product named Anti-Virus 2010, they usually put their name in front of it, such as “Kaspersky Anti-Virus 2010” or “Norton AntiVirus 2010.” The Antivirus 2010 rogue graphic interface from 2009: ...