Forgot your password?
typodupeerror
Crime Security Spam IT

How Exploit Kits Have Changed Spammers' M.O. 37

Posted by timothy
from the if-you'd-like-to-continue-say-your-password dept.
An anonymous reader writes "Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: 'Your statement is available online'; or 'Incoming payment received'; or 'Password reset notification.'" One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now. "I send you this file in order to have your advice" was funny, because it stuck out.
This discussion has been archived. No new comments can be posted.

How Exploit Kits Have Changed Spammers' M.O.

Comments Filter:
  • Copywriting (Score:5, Interesting)

    by Anonymous Coward on Thursday July 12, 2012 @04:40PM (#40631957)

    "One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now"

    At least in the '419-style' scams, research from Microsoft [microsoft.com] implies that the bad English is, at least in part, deliberate. It's obvious enough to 'smart' people that they won't bother responding (and therefore tying up the spammer's time trying to extricate their funds/credentials/whatever). However, less-savvy people might not realize it's a scam and therefore follow the links. As a result the hit rate of people who do respond is likely to be higher, resulting in a better yield for the scammer.

    • Re:Copywriting (Score:5, Insightful)

      by stillpixel (1575443) on Thursday July 12, 2012 @04:44PM (#40631997) Homepage Journal
      I suppose that technique would boil down to basically use the grammar most likely used by the persona you are targeting much like in advertising. So if you are targeting people less educated or computer savvy, then use poor grammar and misspell words.
      • by gshegosh (1587463)
        Or they just use misspell words to bypass spam filters. I know it doesn't work NOW but it used to work.
    • Exactly.

      I leave this comment because I am out of mod points, otherwise I would mod you up.

    • How much time does it take to verify someone's information in the Nigerian prince scheme? I thought it was "Send me your bank account info" and if you sent them something else, they'd just ignore it. I'm surprised research indicates they'd save much time filtering out the smart people.
      • by heypete (60671)

        How much time does it take to verify someone's information in the Nigerian prince scheme? I thought it was "Send me your bank account info" and if you sent them something else, they'd just ignore it. I'm surprised research indicates they'd save much time filtering out the smart people.

        For the most part, the Nigerian scammers aren't interested in "pulling" money from your account via direct debit or whatever. Rather, they lure you into sending them money through otherwise-legitimate means like Western Union. Such methods are essentially anonymous and irreversible.

    • Re:Copywriting (Score:5, Interesting)

      by N0Man74 (1620447) on Thursday July 12, 2012 @04:55PM (#40632109)

      They are different attack vectors with different goals. Phishing relies on confusing a fake organization for a legitimate one. The more authentic and professional looking the better. Even a non-gullible person might fall prey to some of these sites (especially when more people are viewing e-mails on their phones and phones make it MUCH harder to see the tell-tale sign of a bad link).

      When all you need is log-in information, or a bit of personal information, the more legitimate looking the better. You don't care if the person is gullible or not, because you are asking less of them. You set up a web server and just collect data with no need for human interaction with the visitors.

      The Nigerian scams need people that are more gullible because those scams require more human time investment (and direct interaction) on the part of the scammer, and a greater amount of gullibility for their prey (since it also involves them sending money, not just filling in a form).

    • by 1u3hr (530656)

      At least in the '419-style' scams, research from Microsoft implies that the bad English is, at least in part, deliberate

      I don't believe that. It may be successful, but there is no evidence it's deliberate. This idea it's actually designed to sound dumb to target likely prey is pure conjecture. More likely it's just evolved -- just by cutting and pasting text that has worked in the past without any more analysis than that.

  • by oneiros27 (46144) on Thursday July 12, 2012 @04:50PM (#40632053) Homepage
    Here's yesterday's gem. Mind you, it was sent to an mailing list '-owner' account, too:

    Date: Tue, 10 Jul 2012 05:19:24 -0300
    From: MyUps <ups-shipping-agency@ups.com>
    To: [listname]-owner@[domain]
    Subject: You have urgent work

    Hi, [listname]-owner

    We got today a letter from tax depratment they writing that we have not paid all needed taxes. You must urgent clear this shit other way they are freeze our bank acocunts.

    I have scanned the letter for you, you will find it in attach. Clear this situtaion and write me back.

    • by Anonymous Coward
      That shit sounds serious, you better get on that, [listname]-owner.

      I'm just trying to help, I not spammer.
    • by oodaloop (1229816)

      acocunts.

      It seems that it doesn't really matter how you try to pronounce this word; they're all fun to say.

    • That is absolutely hilarious, but it's interesting that "shit" has found it's way into the vernacular enough that a translating robot would substitute it as a normal general word synonym for "badness" or "bad situation".

      It's also funny when the spammer launches an unconfigured autos-pam script (to: [recipient] type stuff)...

      That said, what the little shit said is no shit, this shit is some very urgent shit! :P

      • by 228e2 (934443)
        My text to voice translators have no problem saying profanity.
      • by oneiros27 (46144)

        Doubtful it was an automated translator -- those would have been more likely to have spelled the words correctly:

        depratment ... acocunts ... situtaion

        ... any of which would've been caught by a spell checker set for English.

    • by SpzToid (869795)

      It is terrible when the acocunts gets frozen. Let's hope it doesn't come to this.

  • Bookmarks (Score:5, Insightful)

    by organgtool (966989) on Thursday July 12, 2012 @04:55PM (#40632107)
    The only thing I use bookmarks for now is to make sure I don't fat-finger the URL to one of my financial sites and enter my credentials into an imposter's site. Whenever I get an e-mail that I have a new statement or that I need to reset my password, I use the bookmark rather than clicking the link in the body of the e-mail.
    • by Anonymous Coward

      That is good - now to avoid DNS redirects, I guess you'd need a second bookmark for each to the official IP of the websites.

      • by Baloroth (2370816)

        SSL cert signing helps a bit with that problem. If you are facing someone with a signed cert for that domain and the ability to do a DNS redirect, you're pretty well screwed. Not a lot you can realistically do to prevent that.

    • by downhole (831621)

      That's exactly what I recommend to any basic users I talk to - a blanket policy of never ever follow any links in any email. Using only bookmarks eliminates a whole bunch of attack types.

    • by lakeland (218447)

      Yes, I get SMS spam because I didn't do this once and was too sleepy to notice I'd hit the wrong site at first.

      So annoying :(

    • I'm such an old fart that I just type in the url when I go to a pfishable site.

  • by Anonymous Coward

    God, I am so tired of people who don't give a fuck about anyone but themselves. This goes for more than just the spammers. I would have thought that in the 21st century, with all of the technology and information available, that people would be a bit more willing to think about what's not just good for them, but also what helps out society and world as a whole. I remember how Usenet was once a thriving and intelligent community - and because of folks like this, it is now a shadow of itself. Way to go! Y

  • by Anonymous Coward

    Make spamming an offense with dire consequences. I've seen people suggest it for pedophilia. That won't work. Pedophiles aren't operating on a reward basis, but a compulsion.

    The same is not true for spammers, who see the rewards as far exceeding the costs.

    We need to change that. We need to make it possible to execute a spammer and their entire family on the streets and the person who does it gets to keep all of their stuff.

    Of course this solution will have some consequences as false-accusations of spamm

  • I once read that when Ray Tomlinson (the imventor of email) was asked about spam, he said he has an ironclad rule. "If I don't recognize the sender I immediatly delete it." I've been following his advice with good results for more than a decade now.
  • Sircam? That's a pretty funny definition of "now".

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (2) Thank you for your generous donation, Mr. Wirth.

Working...