SPAM LOVELY SPAM
The dirtbags who make malware are at it again. Sophos’s Naked Security blog reports that scammers are already taking advantage of Monday’s bombing at the Boston Marathon, because they have zero sense of decency.
Scammers are sending out emails with subject lines like, “2 Explosions at Boston Marathon,” “Aftermath to explosion at Boston Marathon,” and “Boston Explosion Caught on Video.” Inside the emails is a link to a website with the promised YouTube videos–plus a Windows virus. “Clearly, there are no depths to which cybercriminals are not prepared to stoop in their hunt for victims,” Sophos said.
It's Zuck's World We're Just Living In It
Many Americans may instinctively believe there’s little risk in visiting any site that ends with .gov. It’s the government–their sites are secure, right? Apparently not.
Sophos’s NakedSecurity blog reports that spammers have discovered many U.S. sites are vulnerable to a simple exploit that sends the unwary to fake “work-at-home” websites.
The culprit is sloppy coding, which permits something called an open redirect. NakedSecurity demonstrated the ease with which a spammer can construct an open redirect:
As per the good scam-and-spam-fighting folks at Sophos, there’s a new hoax making the rounds on Facebook. Or rather, an old hoax has resurfaced, slightly modified and fueled by the never-ceasing underlying fear that one day, Facebook will begin charging access to the social network.
Anything but that! Don’t make us pay to look at pics of high school classmates’ wedding photos!
The message in question blares in all caps: