Wednesday, July 1, 2009
The Michael Jackson spammers
BEWARE your Passwords will be stolen....
As millions upon millions of people rush to the internet to find out the latest on Michael Jackson, the underground network of spammers have sensed a business opportunity too good to miss.
They figure that at such a time, people have their guard down in their eagerness to substantiate rumours and half-truths. That has meant, for the legion of internet swindlers, this has been the ideal moment to trot out spam e-mails and throw up malicious websites to infect victims' computers.
As news of Michael Jackson's death was coming through, the scams started appearing almost instantaneously. As the days have passed, the guys behind these nefarious operations have stepped up their game.
Mr Jackson's death "took a lot of people by surprise - the spammers too," Dermott Harnett of anti-spam engineering at Symantec Corp told the Associated Press.
"It might take them some time to really pounce on this issue. They are catching up pretty quickly, though."
Spam is the most common way for fraudsters to find victims after these types of events. The easiest way to lure people into the trap is to trick users to click on e-mail attachments so that the online crooks can infect computers and take command of them for more underhand activities.
Symantec says the spam about Mr Jackson gets more convincing every day. One message promises a YouTube video showing the exclusive "last work of Michael Jackson." Unfortunately all users get is a malicious programme that steals their passwords.
Another example is that of a promise to show the "latest unpublished photos" of the so-called Prince of Pop if people click on a link which actually installs a password-stealing programme on users' machines.
Dodgy solicitations are even coming in the guise of legitimate news organisations that seem like the real deal because they contain accurate enough information to persuade people to click on the link. Others promise access to secret songs.
In an e-mail I received from Websense Security Labs ThreatSeeker Network, they warned about spam e-mails offering recipients links to unpublished videos and pictures of the late pop star. All of course fabulously enticing to see in this frenzied atmosphere.
In some cases the spam may force a pop-up message asking users to update their copy of Adobe's Flash. This is seen as a standard hacker tactic notes ComputerWorld.com as a way to install spyware.
One of the newer scams that Sophos has noticed is a malware-free scam that tries to get people to send money to the bogus "Michael Jackson Organisation."
Symantec has drawn up a list of scams that will soon become commonplace as a result of Mr Jackson's surprise death and that of Farrah Fawcett and Ed McMahon.
These include things like spam with subject lines trying to peddle fake medicines, Twitter tweets about these deaths with links to all sorts of malicious websites and sites claiming to host videos of the last moments of these individuals lives. The purpose is to actually peddle fake goods or malware or even collect and validate live e-mail addresses to sell to the highest bidder for spamming.
The age old advice is to only visit sites you are familiar with and trust... yes, that would be the BBC. Added to that, the security community also recommends users do not click on every link that pops up related to the story, don't open e-mails from people you don't know and of course keep security solutions up to date.
In a blog, Sophos reckons naturally enough things will get worse before they get better.
"It is likely that more Michael Jackson-themed malware and spam is on its way however. It is advised that users be especially vigilant when they receive messages or links related to this news."
Such are the times we live in Be Sure to Leave Your Comments!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment