By Dave Michmerhuizen – Research Scientist, Luis Chapetti – Security Researcher
As often as not, malware infections are self-inflicted wounds. Spammers use carefully tuned social engineering techniques to tempt you to click their links. The ideal qualities of a malicious spam are that it is troubling, urgent and believable.
A perfect example recently appeared in the Barracuda Labs spam traps. A (fake) Facebook notification email shown here…
Right to the point, isn’t it? The Facebook theme tends to make the content believable, the inclusion of terms such as “thief” and “your product is [redacted]” is troubling – making the user believe that someone is seriously slamming them or their company on Facebook. The overall content invites an urgent reply. Naturally a user would be expected to want to quickly click on the convenient “See Comment” link included in the email. Spammers hope the recipient won’t take the trouble to check and see if the message or destination actually involves Facebook at all.
Like we said, most users don’t. Instead, the links point to a compromised website that hosts a popular Blackhole Exploit Kit. This version is configured to concentrate on exploiting Java vulnerability CVE-2012-0507, even to the point of trying to install Java if it is missing from the computer. A successful java attack downloads the well-known Zeus trojan which monitors outgoing Web traffic and steals username / password data. All of this happens without any user interaction once the “view comment” link has been clicked.
In a way emails are like this are like loaded guns. They need to be checked carefully to see if they are loaded and which way they’re pointed. Even better, don’t pick them up at all. If they say Facebook, open a web browser and log onto Facebook independently and check.
Additionally, Facebook users can set their email notification preferences under ‘Account Settings’ and then ‘Notification Settings’.