« Craigslist Malware Lure | Main | Malware Deliveries With More Bite »

June 08, 2012

Same crook, different social engineering approaches. All links lead to hijacked web sites containing obfuscated JavaScript leading to malware installation sites, while showing (briefly, anyway) a page indicating some kind of "Loading...".

First up is a phony alert claiming to come from social networking site, xanga.com. The message says "Shonta" (probably a different name with different messages) has accepted my friend request. It invites me to click all kinds of links, including a change of my profile setting for real-time alerts. In my case, it's easy to spot the fake because I don't belong to Xanga.

Next comes an order acknowledgement/receipt for a very expensive Amazon Kindle ebook. The HTML layout of the message is a pretty good amazon.com knock-off, so I suspect many recipients will believe it came from amazon.com. Being charged $50-$100 for an ebook you didn't ever order can get your adrenalin flowing, driving you to click the links to contest the charge. And that's when malware downloading trouble begins.

Don't fall for these tricks. Always check the URLs of the links or visit the sites via previously-saved bookmarks to check your account activity, no matter how legitimate the email looks.