Internet Security Systems - AlertCon(TM)

Spam & Phishing, A Reflection Of The Times

Posted by Dan Holden on June 26, 2009 at 4:00 PM EDT.

If you think about spam and phishing for a moment, it's not necessarily the most complex aspect of the overall threat landscape, but it is one of the most fast paced.  Spam and phishing are likely the quickest aspects of the threat landscape in terms of spammers having to stay out in front of not only anti-spam technologies but also one step ahead of their targets.  In the case of phishing, it's not much more than sending out a question, and then waiting to see if you get a response.  In recent weeks I have come to the conclusion that phishing is almost a day to day reflection of daily life.  If you don't get your news from television or the web, you could probably get it from your email in the form of spam and phishing attempts.  Let me share the most recent example as it is extremely timely.

"It is sad to see Michael Jackson leave us. You can download 25 of his greatest hits on eMusic at no charge. Listen to the greatest musician/live performer of all time today.

www.eMusic.com/JacksonPromo "

 

Now if you go to the above URL it will be a non-existent link but if you actually clicked on the URL in your email it redirects you to a more unfriendly destination at loudafoul.info.  This all leads to some nasty malware.  It seems as though the spammers and malware folks out there are almost as fast as the guys selling t-shirts outside of the hospital that Michael Jackson was taken to on Thursday.

Phishing has certainly changed over the last 6 months given the economic downturn and we will review that further in the upcoming mid-year X-Force trend report.  However, in some cases the standard goal of phishing, gathering info in the traditional sense of it being sent back by the end user, but instead fooling the user into opening a PDF as a mechanism for malware delivery that then sends the information without any further user interaction.

Below is a good example of being lured to a PDF that could be used for both information gathering via the traditional reply with the info, or malware being delivered via the PDF and an info gathering trojan simply sending back info to the originator of the e-mail.

 

 

"Dear Mr/Ms,

Due to the World Economy Recession, Motor Company, Inc undergo a statistic fall in Sales and result in a drastic financial crisis this last season.

The Government has given us the opportunity to bounce back on our feet, but unfortunately we have not achieved the fund necessary.

Therefore, we offer you the opportunity to purchase a very good Auto at 35% discount of the price. We decided to pull the sales of 1.000 cars at a very low price for us to aquire[sic] the capital needed to bounce back in business and to use this medium to increase the scale of our valued customers.

The payment shall be made in installments through the bank at 1 month after signing the contract.

The first payment for all documents necessary and lawyer is made within five work days or you have the opportunity to get 10% discount if you pay 100% payment.

We will send you: the SALES AGREEMENT between Seller and Buyer, and our payment department will contact you with the invoice to buy with confidence using our Payment Protection.

The vehicle will be delivered to your location. It will be shipped within 5 days after the payment will be cleared the bank. The shipping is free of charge and the vehicle is fully insured for damage during the transportation, inspection process and prior to the physical sale.

You will have 7 days to inspect the vehicle upon delivery. You have the option to use an independent Inspection Authority to make sure that the vehicle is as described.

If the vehicle is not as described or not passes your inspection, the vehicle will be collected and you will be fully refunded. Refund requests are processed within 3 days.

If you are interested in this offer please fill out the application form, A representative will contact you about this application within two business day."

 

Now attached to this email was of course a .pdf that isn't meant to be as friendly as the email suggests.  Same ole malicious email attachment, just a new way of selling it.

Here we see another phishing scam based upon the lower employment rate.  I will omit a good portion of this one and show the more important pieces.

 

"A new Job Offer.

Hello How are you doing, this is a awareness to let the public know that we have a job opening for the position of Accounts Receivable/Payable Clerk.

About 90 percent of our customers prefer to pay through, Cashier Check, Poster Money Order. Based on the amount involves we have decided to open this new contract-to-hire job position for solving this problem. Your First Primary task (Collection of Payments):
 1. Payment will be issued in form of Cashier Check, check or Poster Money Order to your name and send to your address by our customers.
 2. You must be checking your email every day to know when payment has been sent or Wired by our clients.
3. Deduct 10 % which will be your percentage/pay on Payment processed.
4. Forward balance after deduction of percentage/pay to any of the offices you will be contacted to send payment to, you'll have a lot of free time doing another job, because this job is part time, you'll get good income ($1000usd weekly).

You have to contact us here(a.entoray@inmail24.com) But this job is very challenging and you should understand it. We will consider your application if you satisfy our requirements and we are sure you will be an earnest assistant till we start Running our branch office in your state. Get back to us with below information so that we can add your mailing address to our Regional database and forward it to our customers."

 

I'm sure many of you have either seen these same emails or many others like them.  Most of the phishing attempts around the world are related to financial service organizations and every year around tax season you will see some phishing attempts perpetrating as the IRS.  These types of spam and phishing attempts aren't going to go away and aren't all that entertaining either.  These legacy types of phishing emails are also easier to avoid because most people have come across them before.  However, it's the more timely emails as I've shown above that keep spammers out in front of not only the more simplistic security solutions out there, but also fresh so that we don't immediately view them as a threat.  Moral of the story, don't be the kid that has to touch the stove to realize it's hot, take a good look first and make sure that you aren't going to get burned.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.