Spammers are increasingly impersonating “opt-in” emails, messages that people explicitly request and expect. Although less dramatic than last week's CNN News Alert spam (which, by the way, has now morphed to use images of Angelina Jolie,) our example this week shows why you need to take care with every email, no matter how familiar or pedestrian.
Intellicast.com is a well-known weather website which allows you to sign up for a regular email weather report. The spam that we're seeing in the Barracuda Labs honeypots looks very similar to the legitimate emails that Intellicast sends.
The differences are that the forecast (which is of particular interest) is missing, and the false link provided actually goes to a compromised website which hosts an attack page. There are many different compromised sites being used by this fast-moving campaign. The attack pages host exploit kits that send malicious content to the browser, eventually downloading and installing password-stealing malware.
The beauty of these emails as far as a spammer is concerned is that a regular Intellicast email subscriber might not think twice before clicking the familiar 10-day forecast link in the email. After all, they've done it many times before without any problem. Why would they expect this time would be anything different?
This just goes to reinforce our regular message – do not click on links in unsolicited emails, and in fact, as much as possible, don't even click on links in email that you do expect. Busy people just don't have time to examine each of their emails in detail looking for tell-tale signs of malicious spam – and it's just too easy to relax and fall into the trap of “click first and ask questions later.” Instead, visit websites directly so that you know where you're going and what you're getting.