Valentine scams: Romancing the stony-hearted
As we've seen so many times before, cybercriminals are not ashamed to exploit horrors like the Haiti earthquake or 9/11, so it would be naive to expect them not to make use of our warmer sentiments, too. My colleague Urban Schrott at ESET Ireland has just blogged a cautionary note on that very topic.
I recently blogged at Mac Virus about an excellent blog by Dancho Danchev on “How the Koobface gang monetarizes Mac OS X” by compromising legitimate sites with a PHP backdoor shell in an attempt to direct OS X traffic to affiliate dating programmes.
As I mentioned at the time, Dancho included a lot of detail on a range of scam dating sites that are currently active. Not surprisingly, we’re seeing somewhat related material (Russian bride scams, malware populated domains with Valentine’s Day themes) at ESET.
Here are some domains Pierre-Marc has flagged that include malware-populated pages that seem to have Valentine's Day themes. (For obvious reasons, I haven't included the full pages.)
hxxp://holidays.prosperity66.com/ hxxp://obscurepop.com/ hxxp://www.webfetti.com/ hxxp://www.3wishes.com hxxp://www.whatstruehealth.com/ hxxp://my-vogue.com/2009/01/st-valentine-sexy-and-trendy-apparel/
I'm also hearing about large quantities of Russian Bride spam: my colleague Urban Schrott in Ireland has mentioned sites like datemeet.ru and girlandboysex.ru. Journalist Larry Seltzer has also mentioned receiving lots of this stuff.
Checking my own spam traps, I found some of those fake eCards that Randy loves so much, a sprinkling of East European ladies wanting to get to know me, and an avalanche of Viagra spam. I wish I could tell you what my wife said about that, but this is a family blog.
By the way, quite a few of those fake eCards include bit.ly compressed URLs. You might want to watch out for those.
David Harley BA CISSP FBCS CITP Director of Malware Intelligence