07 Nov Gaddafi’s death in spam Maria
07 Sep SQL for dummies Natalia Zablotskaya
13 Apr Lab Matters - Malware in Spam Messages Ryan Naraine
25 Mar Japan Quake Malware Again Michael
02 Feb Valentine’s spam on the increase Darya Gudkova
05 Jan A few words about the HLux botnet Dmitry Bestuzhev
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
“Nigerian” spammers are extremely quick to react to the world’s hottest news stories. News of the death of former Libyan leader Muammar Gaddafi had barely even broken before a string of emails from the “relatives of the deceased” began to appear.
Gaddafi’s inconsolable relatives would be amazed if they knew how many emails had been sent in their name to Internet users around the world.
Instead of joining in the funeral rites, it looks like Gaddaffi’s sons and daughters, or his wife, his brothers or even friends, have rushed straight to their PCs to write to people all over the world asking for help in spiriting uncountable millions of dollars out of the country.
According to the “Nigerians”, the family of the Libyan leader is worth hundreds of millions of dollars. The emails which fell into my hands cited a minimum figure of $300 million.
Most of these emails purport to come from “Gaddafi’s wife”. The spammers seem to think their heart-rending stories about her hard life in her husband’s family could explain her sudden desire to share his money with her close friends. Or even with distant strangers, depending on the recipient of the email.
She’s not alone, though: an unlikely coalition of “opposition forces”, “lawyers” and “bank clerks who have access to Gaddafi’s accounts” also share the general desire to transfer the Colonel’s money abroad.
“Nigerian” spam is, of course, pure fraud. None of Gaddafi’s wives or even his lawyers will ever send emails to someone they do not know asking for help in getting millions of dollars out of the country and offering an unknown agent the commission for doing so. If a user takes the bait the fraudsters will extort money from him to allegedly cover different “expenses” until no more money is left. One should be realistic about the many offers received via the Internet from an unverified source calling himself Colonel Gaddafi’s son (ALL OF A SUDDEN!).
Below are the screenshots of several “Nigerian letters” sent on behalf of Gaddafi’s family:
In their attempts to bypass e-mail filtering systems and deliver their information to users, spammers often resort to all sorts of tricks. Although really new tricks (such as distributing mp3 files with voice-generated messages) are relatively uncommon, sometimes they do come up.
Kaspersky Lab analysts have recently come across a few curious samples. While masking text with noise is nothing out of the ordinary, the links were arranged in a rather unusual way.
The trick itself turned out to be rather simple and has been relatively harmless so far: a URL in the message is a request to a website that is vulnerable to SQL injection. The code yields one string, which is a spam link (in this case, a typical pharmacy ad). This is where the browser is redirected – naturally, if the original site allows such code to be executed.
Some instances we encountered during a week of observations demonstrate that following a large-scale SQL-attack LizaMoon many website owners took relevant security measures and finding suitable “donors” on a mass scale was not at all that simple.
Head of Content Analysis and Research Darya Gudkova joins Ryan Naraine on this episode of Lab Matters to talk about the use of spam e-mails to launch malware attacks.
The earthquake and tsunami related crisis in Japan is still far from over - so is the appearance of new cyber threats trying to exploit that same crisis.
Tens of thousands of people in Japan have lost their homes, and many their loved ones too. On top of that, radiation leaks are still a major concern for the country and its observers , while new tremors remind everyone of nature’s power on an almost daily basis. (At time of writing, a Magnitude 6.2 quake shook the place!).
Today we investigated another malicious webpage. This one states in Portuguese: "Novo tsunami atinge a região de Sendai e Japão declara estado de emegência em usina nuclear", which roughly translated means "New tsunami reaches the area of Sendai, Japan declares state of emergency at nuclear power plant".
It’s February, and that means Valentine’s Day-related spam. Lots of it! There are already loads of adverts offering expensive alcohol and chocolates, jewellery and leather goods, romantic trips for two etc.
Other goods that are traditionally advertised in spam, such as fake designer watches and Viagra, have also exploited the Valentine’s Day theme to grab the attention of email recipients. The spammers appear convinced that there’s no better time than 14th February to increase your libido or buy cheap replicas of designer watches:
So far, this year’s Valentine’s Day spam has been mostly harmless, but we would like to warn our readers once again that the first half of February usually sees a surge in malicious links appearing in emails that appear to be for virtual greeting cards. So, be careful if you receive an e-card – make sure it has come from a genuine source before clicking any links.
Kaspersky Lab will be following developments closely in the run-up to Valentine’s Day.
We’ll keep researching this issue and will keep you updated.