[ insider_reports_insider ]
Hallmark, YouTube Vexed By Spammers
David Utter
Staff Writer
2007-10-08
 Insider Reports RSS Feed
Malicious greeting card payloads and abuse of YouTube's 'invite-a-friend' email feature have posed issues for everyday users and security pros.
 | | Malicious greeting card payloads pose issues |  |
We have to wonder if the online greeting card industry can continue to thrive, as criminal spammers mimic its daily practices. With more greeting card announcements turning out to be links to malicious executable files, there isn't much incentive to clicking on those links.
One example of this hit our inbox this morning. Thunderbird dutifully notified us it could be a scam. A link to postcard.exe hosted at an IP address in Seattle prompted the customary eye-rolling and submittal of said message to CastleCops PIRT that the spam deserved.
Though this message used official images from Hallmark, the spelling lacked a certain attention to detail that gave it away as an attack even before peeking at the page source. Bad people tend to be bad spellers, for some reason.
Over at YouTube, security firm Sophos said enterprising spam pests were making use of the video sharing site's 'Invite-a-friend' email service.
The come-ons offered a copy of the hot Halo 3 game for the Xbox 360, and invitations to visit dating websites. "By putting their spam message in the 'comments' section of the 'invite-a-friend' facility on YouTube, hackers have been able to hijack the website for the purposes of sending unsolicited email," Graham Cluley said at Sophos.
These spams come from a YouTube Service email address, so they likely skate right into recipient inboxes, given YouTube's enormous popularity. It only takes a few people falling for these to make them profitable for their backers.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
