10 million zombies go after Google and Microsoft users brains

Davey Winder
Monday, 28 July 2008 14:55

Business IT - Security

"The trend showed attackers targeted these large user groups" Cyberoam explains "by exploiting their psychological behaviour and through media they trust the most." The zombies are after your brains, in other words!

Call it what you will, phishing, fraud, scamming or 'expletive deleted' the fact is spam messages that use some kind of duplicity to coax recipients into handing over passwords and personal identifying information (PII) continues to flow and continue to claim victims.

The report reveals that university students and faculty members were increasingly targeted during Q2, 2008 by text-based message spam seemingly coming from the IT department. Google Adwords account holders were hit by another scam which used an email stuffed with legitimate looking links that redirected the user to a Chinese hosted PII skimming site.

Microsoft Hotmail users, meanwhile, found themselves on the receiving end of a new kind of Bayesian poisoning email. Cyberoam reveals how spammers this time manipulated the disclaimer message content of Hotmail messages in order to bypass content-based filtering systems.

Rather cleverly, the evil bastards stuck a link to a hosted image of a pharmaceutical advert right there in the disclaimer content. By viewing the image, the email ID was verified to the spammer who could mark the account as live and, presumably, either charge more to sell a live list on or more closely focus the next spam and phishing campaign.

It was, it has to be said, a neat twist on the one pixel image and GIF beacon exploits of old and shows that new spammers are updating old concepts in order to fool new filtering technologies.

"Dupery in the virtual world continues with an increased vitality, thanks to the new and innovative methods of spammers to manipulate the Internet users" Abhilash Sonwane, a Cyberoam Vice President told us, continuing "new and easily vulnerable user groups are being targeted today with techniques that can deceive even the more experienced in the industry."