Social engineering met shameless profiteering once spammers figured out that a subject line with a current headline worked at getting people to open the message.
When it was just plaintext pitches for penny stocks stuffed inside that email, spam was just an annoyance. As security vendor Symantec found in a recent spate of spam, the senders dropped in some malware for the trip:
One subject line that has been seen reads: “Subject: Journalists Shot in Georgia.” A short description of a “news event” related to the Russia-Georgia conflict is contained within the body of the message.
The use of the attention-grabbing subject line seems to be intended as a social engineering tactic to entice recipients to click the link and view videos. The attachment contains no videos; rather, the attachment redirects to a link that delivers a payload identified as Trojan.Popwin.
CNN and MSNBC have been spoofed by spammers recently, as the criminals behind fake messages from those news media companies sought to deliver malware via a fake Flash Player file.
If a news story merits broad attention, it's better to head to your favorite news site and check it out. A real breaking news item will be on a CNN or an MSNBC, and those sites won't try turning your computer into a spambot either.
Posts
0 comments:
Post a Comment