Facebook is still one of the most popular ways for hackers, spammers and phishers to target the unwary, and the last quarter has seen a new application that takes spamming to new and more convincing heights.
Cyberoam has released its July 2012 Internet Threats Trend Report, prepared in collaboration with its partner, Commtouch. The report throws light on some recent and highly hazardous malware and spam trends of the second quarter (May-July 2012).
Facebook has always been on the hit list of spammers, and in this quarter also the same trend was seen. This quarter spammers created a new Facebook/Digg application called “Facebook Social”. Actually a “Facebook Social Reader” for Digg, exits, but “Facebook Social” is a neatly confusing invention of pharmacy spammers designed to draw recipients, to an online pharmacy. The description of the new service seems to have been lifted more or less from the description of the Reader, leading the users to spam, more convincingly.
On registering at the application, users received an email, welcoming them to the new service and inviting them to “view profile details”. The links in the email led users to compromised websites that has been hacked. The same URL folder structure was used in a “Facebook notifications pending” outbreak, suggesting the involvement of the same spammer group in this attack. The probable thought process remains the same that usage of Facebook name obviously guarantees a good open-rate.
Apart from Facebook yet another social networking service entering the spam lists was MySpace. MySpace name was also abused to draw pharmacy clicks. Scripts hidden in the compromised sites redirect users to the destination “Wikipharmacy” or the more traditional “Toronto Drug Store”.
Levels of e-mail attached malware increased in the second quarter of 2012. Many attacks from this quarter featured new malware or variants of malware with very low detection rates by most AV engines at the time of the outbreak. With only 6 out of 42 antivirus engines detecting spam after mass emails, it is evident, how efficient spammers have become, and how social engineering is being utilised at its optimum, to hook users.
Compromised websites continued to be used extensively this quarter. An analysis carried out during the second quarter of 2012 revealed, categories of legitimate Web sites were most likely to be hiding phishing pages. Portals (offering free website hosting) remained at the highest position among these.
Other highlights from the July 2012 report included details about which categories of Web sites were most likely to be compromised with malware, of which pornographic sites has disappeared from the top 10 list. The report also talks about the usual range of phishing attacks, Zombie trends, Zombie Hotspots and Web 2.0 trends, citing examples.