Friday, February 01, 2013

Phish, Spam, and Eggs (on our face)Cu

While Macs are usually hit by Phishing attempts less frequently than Windows machines, it sometimes happens. This current version is remarkably insidious, as it has managed to get around a lot of Spam filters. I’ve even tried some pretty standard reverse-engineering of this shortened URL, without success, so the only way to find out who is sending this Malware, is to actually click on the link WHICH YOU SHOULD NOT DO! I’ve received a number of these from friend’s email addresses, with a jocular ‘Hey’ in the subject line and an embedded, shortened URL, sometimes more than once from the same sender. Because they message looks so much like something a close friend would send, the temptation to click on the link is really powerful. It appears that once you do that, the virus relays the message to all the names in your address book. The destination site appears to just be a run of the mill sleazy finance company, so hopefully, the virus will run its course, like H1N1 as people get the word that this is a virus.
Current Phishing Virus is Insidious
At the same time, I am fascinated by this phenomenon as a journalist and would be interested in any help anyone can provide to ‘reverse engineer’ this ‘’ address, and track backward at least to an IP address. If you are a good hacker and want to help in this effort, let me know. To be of any value, we would have to move fairly quickly, before the perps drop their effort and move on to something else. Also, let me know of any experiences you might have had with this particular phishing virus. If not, this is just to warn you if an email like this appears in your mail box, don’t click on it; just delete it – if you haven’t already

1 comment:

Jon Beaupre said...

An addendum to this posting: if you have received such a spam message, feel free to send it on to me. I need a bunch of them to build a database and see if they all originate from the same sources. If you remember, please put 'hey spam' in the subject line as a reminder that you are sending an infected message. Send it to: jbeaupre (at) broadcastvoice . com