Haiti, World Cup Emerge as Latest Malware Lures

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Spammers got off to a fast start in the new decade, using 419-style scams tied to this summer's World Cup soccer tournament and bogus charity cons relating to the devastating earthquake in Haiti to infect users' machines with all types of viruses and malware, according to AppRiver's February Spam Report released this week.

The security software vendor said that these and other socially engineered malware traps were particularly common on social networking sites like Facebook, where compromised accounts are easily usurped to spread malware across the community.

"Facebook has become as popular with phishers and malware authors as it has become to non-threatening netizens," AppRiver researchers said in the report. "This trend has continued into the new decade."

AppRiver identified a new phishing campaign at the beginning of January that was concealed in a graphic designed to fool the recipient into believing e-mails were coming from Facebook itself.

"As is often the case, the notices attempt to convince people that a security upgrade is taking place," the company said.

When users clicked on the faux security update links, they were taken to another page that prompted them for a password. The username field was populated with the same address that the original e-mail was sent to. A third page then asked for the user's full name and country.

Finally, a notification window popped up thanking the recipient for the information and explaining that they would now be taken to Facebook.com since the user for some reason was no longer logged in.

"This page was the actual Facebook, and this is done in an attempt to make the attack seem legit, though the whole thing should be pretty fishy (or phishy, as the case may be) to any vigilant user," the report said.

And while the World Cup soccer tournament is still more than six months away, AppRiver detected a surge in lottery-style 419 scams in which users receive unsolicited e-mails asking for their help -- and bank account number -- to help move a distant relative's or imaginary king's money into the U.S. in exchange for a finder's fee.

Other scams, including those using the Haitian relief effort and bogus requests from the IRS for tax information, continue to be common in the more than 150 million spam e-mails sent in January.

By country, AppRiver said the U.S. led the spam parade followed by Brazil, India and Poland. By region, Europe accounted for 39.7 spam messages in January, outpacing Asia (26.7 percent), North America (15.9 percent) and South America (15.1 percent).

Near the end of the month, AppRiver unearthed a large phishing attack against Visa credit card holders. The ploy advised consumers that their credit card had been used at an ATM in a foreign country such as Mozambique or Uzbekistan, and a corrupt link within the e-mail took victims to a "well-dressed" Visa landing page.

The URLs of these pages most prominently featured ".cforms.visa.com" to hide the actual domain, which was hidden just beyond it in the URL string.

AppRiver investigators determined that all of the domains used in this scam were registered the day before the attacks commenced.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.