Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« A New Day, A New Canadian Pharmacy Scam/Lure | Main | A Newer Day... »

June 20, 2010

A Triple WTF?

Okay, strap your brain down for this one.

No sooner do I finish with a phony-amazon-order-to-medz misdirection, than a triple misdirection lands in the inbox. The inbox listing looks like the ordinary run-of-the-mill spam, with a medzy feel to it. The From: field is an unrecognizable aol.com email address, and the Subject: line reads, "What are you afraid of? [recipient email account name]". Surely it's a way to entice me to order up some illegal prescription medz.

But no!

The message has a largely Twitter look to it, but with a twist:

bizarre Twitter-like spam

Under the guise of a Twitter email address change request, this message then adds a big red sales pitch on a cure for hair loss. This message, by itself, ranks high on the list of mind blows.

But there's more.

If you're fool enough to follow the link in search of a hair loss cure, you're in for yet another mind blow (perhaps enough to cut off circulation to even more of your hair). The destination isn't a medz site, a Twitter credentials phishing site, or a malware installer site (directly, that is). No, here is the destination:

OEM software spamvertized site

The image may say "World Software," but the page identifies itself as a different, Eurpoean entity. They advertise all kinds of downloadable software — a.k.a. pirated software. Trust me: You can't buy a legitimate copy of the full $2600 Adobe CS5 Creative Suite for $250.

What the splashy web site doesn't tell you is that you get the added bonus of software that already has hidden malware installed in it. Even Mac users won't be immune because to install the fraudulent software, you'll be granting the installer full permissions to install whatever it wants at the same time. The malware is ready to pwn your computer to turn it into a botnet node and steal every login credential you type. In fact, you'd save yourself a lot of time by just sending your banking login credentials along with your credit card number when you order their non-upgradeable, unsupported products. At least then you'd know when your accounts were compromised.

Whew! I'm worn out from all the mind-bending tricks up the spammers' sleeves today.

Posted on June 20, 2010 at 12:05 PM