How Exploit Kits Have Changed Spammers' M.O. 37
An anonymous reader writes "Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: 'Your statement is available online'; or 'Incoming payment received'; or 'Password reset notification.'" One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now. "I send you this file in order to have your advice" was funny, because it stuck out.
Copywriting (Score:5, Interesting)
"One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now"
At least in the '419-style' scams, research from Microsoft [microsoft.com] implies that the bad English is, at least in part, deliberate. It's obvious enough to 'smart' people that they won't bother responding (and therefore tying up the spammer's time trying to extricate their funds/credentials/whatever). However, less-savvy people might not realize it's a scam and therefore follow the links. As a result the hit rate of people who do respond is likely to be higher, resulting in a better yield for the scammer.
Re:Copywriting (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Exactly.
I leave this comment because I am out of mod points, otherwise I would mod you up.
Re: (Score:1)
What is copywriter anyway? Is it a misspelling of Copy Right changed into a noun?
A copywriter writes "copy" (material that will be copied). The normal implicaiton is "advertising copy", but it could be any short text, really.
A copy editor does what an editor once did: edit text for style and consistency, and of course simple errors ("editor" means something closer to "producer" these days).
Re: (Score:2)
The text of news stories is also referred to as "copy".
--Former writer of radio ad and news copy*.
(*Sometimes it was even possible to discern which was which.)
Re: (Score:2)
Re: (Score:2)
How much time does it take to verify someone's information in the Nigerian prince scheme? I thought it was "Send me your bank account info" and if you sent them something else, they'd just ignore it. I'm surprised research indicates they'd save much time filtering out the smart people.
For the most part, the Nigerian scammers aren't interested in "pulling" money from your account via direct debit or whatever. Rather, they lure you into sending them money through otherwise-legitimate means like Western Union. Such methods are essentially anonymous and irreversible.
Re:Copywriting (Score:5, Interesting)
They are different attack vectors with different goals. Phishing relies on confusing a fake organization for a legitimate one. The more authentic and professional looking the better. Even a non-gullible person might fall prey to some of these sites (especially when more people are viewing e-mails on their phones and phones make it MUCH harder to see the tell-tale sign of a bad link).
When all you need is log-in information, or a bit of personal information, the more legitimate looking the better. You don't care if the person is gullible or not, because you are asking less of them. You set up a web server and just collect data with no need for human interaction with the visitors.
The Nigerian scams need people that are more gullible because those scams require more human time investment (and direct interaction) on the part of the scammer, and a greater amount of gullibility for their prey (since it also involves them sending money, not just filling in a form).
Re: (Score:2)
At least in the '419-style' scams, research from Microsoft implies that the bad English is, at least in part, deliberate
I don't believe that. It may be successful, but there is no evidence it's deliberate. This idea it's actually designed to sound dumb to target likely prey is pure conjecture. More likely it's just evolved -- just by cutting and pasting text that has worked in the past without any more analysis than that.
Ahh ... the humorously bad english. (Score:5, Funny)
Re: (Score:1)
I'm just trying to help, I not spammer.
Re: (Score:3)
acocunts.
It seems that it doesn't really matter how you try to pronounce this word; they're all fun to say.
Re: (Score:2)
That is absolutely hilarious, but it's interesting that "shit" has found it's way into the vernacular enough that a translating robot would substitute it as a normal general word synonym for "badness" or "bad situation".
It's also funny when the spammer launches an unconfigured autos-pam script (to: [recipient] type stuff)...
That said, what the little shit said is no shit, this shit is some very urgent shit! :P
Re: (Score:2)
Re: (Score:2)
Doubtful it was an automated translator -- those would have been more likely to have spelled the words correctly:
Re: (Score:2)
It is terrible when the acocunts gets frozen. Let's hope it doesn't come to this.
Bookmarks (Score:5, Insightful)
Re: (Score:1)
That is good - now to avoid DNS redirects, I guess you'd need a second bookmark for each to the official IP of the websites.
Re: (Score:2)
SSL cert signing helps a bit with that problem. If you are facing someone with a signed cert for that domain and the ability to do a DNS redirect, you're pretty well screwed. Not a lot you can realistically do to prevent that.
Re: (Score:2)
That's exactly what I recommend to any basic users I talk to - a blanket policy of never ever follow any links in any email. Using only bookmarks eliminates a whole bunch of attack types.
Re: (Score:2)
Yes, I get SMS spam because I didn't do this once and was too sleepy to notice I'd hit the wrong site at first.
So annoying :(
Re: (Score:2)
I'm such an old fart that I just type in the url when I go to a pfishable site.
The decline of western civilazation (Score:1)
God, I am so tired of people who don't give a fuck about anyone but themselves. This goes for more than just the spammers. I would have thought that in the 21st century, with all of the technology and information available, that people would be a bit more willing to think about what's not just good for them, but also what helps out society and world as a whole. I remember how Usenet was once a thriving and intelligent community - and because of folks like this, it is now a shadow of itself. Way to go! Y
Here's the real solution. (Score:1)
Make spamming an offense with dire consequences. I've seen people suggest it for pedophilia. That won't work. Pedophiles aren't operating on a reward basis, but a compulsion.
The same is not true for spammers, who see the rewards as far exceeding the costs.
We need to change that. We need to make it possible to execute a spammer and their entire family on the streets and the person who does it gets to keep all of their stuff.
Of course this solution will have some consequences as false-accusations of spamm
Re: (Score:2)
"That I see now?" (Score:2)
Sircam? That's a pretty funny definition of "now".