Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2006-05-31

Info: Why you should never click links in spam, no matter what.

I recently received a spam like so.

Dear [name]

On 2004-07-12 03:17:00.000 you purchased SystemSoap. As a SystemSoap user,
the improved SpySpotter 3.11 is available to you.
Did you know that when a PC is infected with spyware that every keystroke,
every website and every conversation could be recorded or monitored?
Try our newest version with improved features & updated spyware lists…
Scan your computer and find out now!
http://collegeclubpoker.com/upd200606.html

I decided to investigate that link -- very carefully, of course. If you just opened it up in a browser, you'd probably see a page of pharmaceuticals for sale and think "oh, that was just a lame lure to get me to buy some medecine." You'd be wrong, though: the medecine is just a ruse. The real sting is an invisible "IFRAME" on the page which links somewhere else entirely and attempts to exploit known vulnerabilities in various versions of Windows to install software on your computer!

Unless you're well up to date with all the latest security patches, just visiting a site like this can be enough to turn your computer into a spam-spewing zombie without you knowing it. In practice, you're substantially safer if you use anything but Windows while attached to the Internet -- not that this fact helps the majority who are stuck with it for one reason or another (my sympathies to you). Just bear in mind that any web site you visit could attempt a hostile invasion of your computer, and don't go visiting sites advertised by disreputable means (like spam) no matter what the cover story is.

No comments: