Phishers using current events as bait
A couple of new phishing e-mails have emerged that use current events to lure victims to bogus Web sites where they are offered the opportunity to download malicious code or turn their money over to crooks.
The MX Logic Threat Center found e-mails using a lengthy account of victims' suffering to solicit charity for survivors of the earthquake in China's Sichuan province. 'Sometimes the depth to which spammers will stoop really sickens me,' said Sam Masiello, director of threat management at MX Logic. 'We've seen this type of scam before ' after Hurricane Katrina back in 2005 and the Indian tsunami in 2004 ' and now we are sure to see more scams over the coming weeks.'
Other e-mails attempt to capitalize on a less catastrophic event ' the release of Microsoft Windows XP Service Pack 3. The subject line suggests it is an important update and provides a link to download a patch for a high-priority vulnerability. The spelling of the originating address ' Micrisoft ' should be a dead giveaway. The 1M file is malware, of course, identified by MessageLabs as a variant of Virut, a virus that infects executable files and opens a back door to an Internet Relay Chat server.
The standard rules apply: Microsoft knows how to spell Microsoft and does not e-mail links for downloads and updates. And if you want to donate money to a good cause, choose the organization and initiate the transaction yourself ' don't respond to an e-mail solicitation.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.