Thread: Pretty smart scam - e-mail/Infected website

Softpedia

Scammers are always looking to exploit vulnerabilities, take advantage of people's naivety or direct users to malicious websites, but today's report is about what seems to be smartest attack in the last few months. Alex Eckelberry, of security company Sunbelt, informed today that a new scam based on spam messages attempts to take users on Google search and bring them on infected pages through the search engine's results.

But before getting to that, let me mention some details of the unsolicited email messages. First of all, the emails are sent by Barbara Moratek, Vice President of the Ivete Foundation.

"Would you have additional information for prospective donors or volunteers other than what is on your website? Thank you in advance. Warm regards, Barbara Moratek", the email message entitled "information for prospective donors" reads, according to Alex Eckelberry.

What's interesting is that the email is 100 percent clean and no attachment or infected link is included. But what the scammers hope to get is actually sending the interested victims on Google in order to search for "Barbara Moratek" and get more information. See? There's no dangerous element in this scam, other than your own actions.

The Sunbelt official wrote that most links returned by Google attempt to drop a fake codec Trojan, which may seriously harm the data stored on your computer once it is deployed by the user.

"It’s likely that malware sites are taking advantage of the fact that people will be googling this name to find out more about it, by stuffing pages with the term 'Barbara Moratek' (spamdexing), having purchased or otherwise acquired 'zeitgeist' keywords (meaning, loading sites up with current "hot" keywords and then using them to lure people to their site)", Alex Eckelberry explained.

As you can see, the scammers have found a new and smart way to exploit vulnerable computers, other than the classic "in-mail-infected-attachment" or the "malicious URL included in the message". So, in case you want to remain on the safe side, extra-care is recommended when looking for more information on Google.