Thursday, 7 August 2008

Beware Olympic, Obama & McCain Spam!

As we enter August the Olympic Games has become a prime target in malicious spam campaigns notes Symantec in its recent “State of Spam Report.”

The security company also noted that US Presidential hopefuls, John McCain and Barrack Obama have become a favourite amongst many spammers who continue to attempt to entice users to open their messages by sensationalizing false news events.

In July, some of the subject lines Symantec observed were:

• Beijing Olympics cancelled

• Beijing postpones Olympics due to McCain-Dalai Lama meeting

• Mccain Says Unsure If Obama A Secret Hippopotamus

• Kick-up - Obama speaks in London - video

In the samples observed, the URLs were hosting malicious code (malware). There is a continuing link between spam and other security threats with a penchant for spammers to utilize current events to lure users to open their messages.

Also seen last month was a spam message containing both a proclamation of the start of World War III in the text and a Trojan virus attached to the message-- another example of spammers banking on human curiosity to open messages with sensational headlines and click links by utilizing current events, which in this particular case happen to be false.

Symantec said it is important to note the prevalence of malware associated with such spam types. Victims too frequently succumb to curiosity and sensationalism rather than resisting the lure to open messages and further clicking the links.

“If the headline – or in this case subject line – seems ridiculously sensational, it probably is. If you do open the email, make very sure not to click any links. Instead, use your browser to navigate to a reputable news source and check to see if the headline is true. Also, please practice due diligence by verifying the origin of the message and checking out the validity of the URLs. You should always use caution when giving out any personal information online because you never know exactly who is asking for it or how the information will be used,” said Symantec in a statement released to the media.