Massive Spam Campaign Impersonates Social Networks

by

Share this news now.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

Spammers are the source of a flood of messages that appear to originate from various social networks, including Facebook and Myspace, as well as popular sites like iTunes.

The spam messages usually just contain a link, and possibly a few words. Their subject matter falls into three general categories common to most contemporary spam: Pill vendors, Russian bride “vendors,” and drive-by download sites hosting Zbot password-stealer installers.

It’s not unusual for spammers to forge the return addresses, but the sheer volume of spam that has been forged so it appears to originate from MySpace, Facebook, or iTunes is notable.

A significant percentage of the spam leads link-clickers to websites which purport to hook up western bachelors with eligible “russian brides,” in what appears to be a simple data-mining scam aimed at obtaining email addresses for further exploitation. Messages that look like Facebook notification emails, such as this:

Lead to myriad duplicate sites that look just like this:

And messages like this one, that appear to come from MySpace:

Lead to either (or both) of the two most prolific spamvertised pill vendors, the so-called “Canadian Pharmacy” and “Online Pharmacy” Websites.

In addition to the social spam, another email spam campaign has been making the rounds, with messages that imply that someone has posted undesirable photos of you on a website. The links in the messages lead to a page that pushes down a Zbot installer.

The message reads, in part:

Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:

It goes without saying, you should avoid clicking the links in these messages, and you shouldn’t automatically trust that mail which says it comes from Facebook, Myspace, or iTunes really originated from those companies.
wordpress blog stats


Share this news now.
Massive Spam Campaign Impersonates Social Networks by

Trackbacks

  1. [...] Webroot Threat Blog WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS « Massive Spam Campaign Impersonates Social Networks [...]

  2. [...] Association, NACHA, the IRS (and its equivalent British tax authority), as well as Amazon.com, iTunes, Facebook, MySpace, AOL, the Centers for Disease Control and Prevention, and many [...]

  3. [...] scam: Set up a drive-by download site, Canadian Pharmacy page, or phishing page. Look at one of the automated messages sent out by a multitude of online services, such as Facebook, LinkedIn, Plaxo, or an instant messaging service. Duplicate the format and [...]

  4. [...] that supposedly come from Facebook don’t merely lead the recipient to one of those so-called Canadian Pharmacy pill-vendor websites. They now come with a bonus: An infection, courtesy of a malicious iframe [...]