In Symantec Corp.'s July 2008 edition of its monthly spam report, one of its findings noted that hackers were using personal e-mail accounts to scam contacts in a user's address book.
The twist was that the e-mail came from a user's hacked webmail account and was sent to their personal list of contacts. People on this list would receive an e-mail request for financial assistance and were urged to respond via e-mail only. As the hacker took over the users account, the real owner would not have known about the e-mail if the recipients fell for the scam. As a further stamp of authentication, the auto-signature typically used by the account owner was included at the end of the message. The Symantec report indicated that this scam was a variation of the Nigerian spam.
However, the account owner was quickly notified by a friend via telephone of the scam, and immediately contacted the webmail service providers to get his account access back. This proved to be difficult because the hacker had changed the account details such as password, address and secret question.
According to Kelly Conley, manager of anti-spam research with Symantec Security Response, hackers were able to obtain this information because they replied to an e-mail request for an account update.
"You never want to respond to account expiration or update notifications because there is a good chance those are spammers trying to scam personal account information," she said.
Symantec stressed that this scam was not isolated to one particular webmail provider or organization. This scam also serves as a timely reminder that users should always keep passwords secure and never share them with anyone.
As well, Conley said that if a person were to receive such an e-mail, it should immediately raise a red flag.
"They should be suspicious, especially if it is out of the ordinary for the character of the person," she noted.
Also in the July spam report, Symantec discovered that spammers were simplifying their e-mail harvesting technique. To obtain e-mail addresses spammers used spambots which crawl the Internet looking for e-mail addresses, bombarded an e-mail server with e-mail addresses and storing the addresses that do not bounce, or bought lists of e-mail addresses from other spammers.
They used these addresses to send messages whose recipients were interested in receiving certain offers and encouraging these people to e-mail them back. The list of e-mail addresses that may be compiled would be very useful for the spammer. Not only were these people interested in buying the kind of products that the spammer was offering, but its a bona fide opt-in list, one that the spammer can now send messages to freely without concern that he will be sending to spamtraps, or that the message will be blocked by spam filters.
As well, the report noted spammers were using the recent earthquake tragedy in China to spread viruses by sending e-mails with news headlines, hoping it would entice the reader to open the message.
A video was embedded into the link that was in the e-mail which users were then lured into playing the video, which in turn opened an executable file. This executable file has been detected as Trojan.Peacom.D by Symantec AntiVirus software. Trojan.Peacomm.D is a Trojan horse that gathers system information and e-mail addresses from the compromised computer. Users should be aware of such attempts, and avoid opening e-mails and clicking on suspicious links.
Additionally, spammers turned to old techniques to lure in victims. Symantec noted in June that they were using bogus news headlines in an e-mail subject header to get recipients to open the message and click on a link that directs them to a spam offer.
Some of the headlines include: White House hit by lightening, catches fire; Donald Trump missing, feared kidnapped; and Obama quits presidential race.
Symantec warned that curiosity killed the cat and may result in people becoming an unwitting target for spammers. Conley advised that people use a reputable news source to confirm these headlines.
Other findings of the report noted spam targeting the Japanese mobile phone market. As people spend more time using mobile devices to check e-mail, the growth of these types of mobile spam messages is expected to continue. Conley said that the majority of spam noted were adult-related and was sent purely as spam and not to obtain personal information.
Also, as the Beijing Olympics nears, so do more spam related to them. In the latest scam, messages claiming to originate from the Beijing Olympic committee have been observed where fraudulent messages purport to declare the winners of the lottery for an Olympic promotion.
"People should exercise due diligence when checking out their e-mail, don't give out personal information and be suspicious of scams as there are a lot of scams going on these days," stressed Conley.
By Vanessa Ho
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment