Threats Get Trickier with Versatility and Social Engineering

Cybercriminals intending to take your data find various ways through social engineering. For example, in our investigation of what seemed to be a run-of-the mill spam run leading to a pharma site, we’ve uncovered the same points we have raised in our eguide, How Social Engineering Works.

The spam run starts as an email notification bearing the familiar Facebook blue lines, and the message itself wants the recipient to confirm their account. Such practice is nothing out of the ordinary, as most membership-based sites (even non-social networking ones) send users an email to confirm their membership. The problem in this case, however, is that the email address to which the message was sent to is not affiliated to any Facebook account.

Further checking on the spam message, it turns out that clicking on the link leads to a fake pharma site:

While this kind of spam run is certainly not new, further analysis has revealed that this run has the potential to lead to more “evil” kinds of payload.

Spam runs such as this one are versatile, and can lead to anything – from survey scams to the popular blackhole exploit kit, and can be changed from one to the other very quickly. So the fact that it loads a relatively “harmless” pharma site today, does not guarantee that it will do the same tomorrow.

Our investigation shows that this spam run is indeed a versatile one. The links in the spammed messages can be redirected to any number of sites, and these sites can lead to differenet kinds of threats such as malware, phishing attacks, and others.

In order to address this, the Trend Micro Smart Protection Network correlates billions of data that is used to actively identify and block spam, malicious URL, and detect and delete malware. This ensures layers of protections for Trend Micro product users against threats such as this one.

Post from: TrendLabs | Malware Blog – by Trend Micro

Threats Get Trickier with Versatility and Social Engineering