Spam Attacks Continue, Hide Behind Well-Known Brands, Bypass Messaging and Web Defenses

Related Articles

• Trust Takes Time and Dedication to Build, But Only A Second to Collapse
• User Education Key Element in Messaging Security Strategy
• Mobile Device Usage Continues to Accelerate - Along for the Ride: SMS Spam

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

The second spam attack this month happened this week. Starting Monday, September 27,2010, cyber criminals sent spam email messages targeting the LinkedIn social media community. According to Cisco, these messages accounted for as much as 24 percent of all spam sent within a 15-minute interval that day.

The spam campaign goes like this: victims are emailed an alert link with a fictitious social media contact request. Once unwary souls click the link, victims are taken to a Web page that says “please waiting…4 seconds” and redirects them to Google. During those four seconds, the victim’s PC is infected with the ZeuS data theft malware by a drive-by download. ZeuS embeds itself in the victim’s Web browser and captures personal information, such as online banking credentials. Cisco says this malware is widely used by criminals to pilfer commercial bank accounts.

The LinkedIn campaign follows this month’s earlier email worm spam campaign dubbed “Here You Have” (HYH). The difference is the HYH did not cause direct harm to computers, but rather once victims clicked on the emailed link, the HYH used a postcard approach, so that when downloaded the viral executable was capable of spamming itself back out to email addresses it found on the computer.

SMBs Polled on Phishing Attacks

Recent reports of social media being used by spammers and phishers show an increase in the use of such mediums as LinkedIn, Facebook and Twitter. But is it replacing email?

SpamTitan Technologies’ latest survey of small- to medium-sized businesses (SMBs), finds that an overwhelming majority (75 percent) of SMB IT managers surveyed regard traditional spam as the top security threat. Opinion is divided over whether business network security measures have caused phishing attacks to migrate from email to social networking sites like Twitter or Facebook with 37 percent saying it is a growing phenomenon, while 31 percent disagree. Instead they regard the move to online phishing as a natural response to the growth in the user communities of the main social networking sites.

Ronan Kavanagh, CEO of SpamTitan Technologies believes that there is no evidence to suggest that network security measures are discouraging the number of phishing attacks. He comments that it is simply the arrival of social networking in the workplace that has “presented phishers with a bigger pond to phish in.”

According to anti-virus software vendor Kaspersky Labs, Facebook’s share of phishing attacks in the first three months of 2010 was just 5.7 percent. This landed the site in fourth place on the list of most-targeted Web sites, behind the leaders HSBC, eBay and PayPal, which alone accounts for more than 52 percent of all scams.

Stealing Well-Known Brands

The hooligans behind the scams rely on brand names to aid them in their quest to trick people into revealing valuable information such as credit card numbers, bank details and passwords. The legitimacy of sites lends scams the credibility phishers need in order to be successful. According to Commtouch and Alt-N Technologies’ Internet Threats Trend Report for Q2 2010, emails claiming to originate from well-known brands directed recipients to a range of spam and malicious sites. Q2 report examples included: “Reset your Twitter password”—malware; “Apple store confirmation”—pharmacy spam; “Reset Google adwords account”—phishing; “Google 12th birthday giveaway”—419 scam; and “Free Disney tickets”—identity theft. The report states: “In these cases, the source domain of the email is genuine and verifiable, causing recipients to be less suspicious about opening the email or clicking embedded links.” The report goes on to say that the source domain helps phishing messages bypass content filtering engines, as well as suspicious users’ defenses. To gain further credibility, reputable initial destination Web sites are used to host illegitimate sites, or alternatively code has been placed to redirect to another site altogether.

Phishing tactics such as these continue because they work. Last week, Symantec Corp published its MessageLabs Intelligence Report for September, which found that in September phishing activity accounted for one in 382 emails (26 percent), noting a decrease of 0.01 percentage points since August. Regardless if messaging security is managed inhouse or is outsourced, it is vital to be prepared to combat phishing exploits, especially as those that appear so authentic can sometimes fool anti-spam systems and get delivered to potential victim’s inboxes. This means that it’s important for those chartered with the responsibility for messaging to adopt strong user education and awareness building as another tool in the fight against employees falling victim to phishing scams.