Spamming emails with advertising messages is the prefered way of the unscrupulous marketers to conduct their business, it has the big advantage that there is a guarantee that somebody will read their emails. Spamming emails become a whole industry, there are groups focused only on harvesting valid tens of thousands of email addresses; after that they can sell them to unethical marketers for good money or spam these email addresses with advertising messages, depending of what type of orders they take.
For example if someone who is registering using his email address for a fake anti malware software free license, it’s in danger to have passed the email address to other fake antivirus vendors and spam emails with advertisements are never-ending. This innocent user is perceived as a possible buyer — a targeted client by the evil marketers. The problem is that the links provided by the spam email, almost always are leading to scam websites.
Therefore, it’s very important to be carefull where you submit your email address: questionable forums or websites where an email is required for registration must be avoided, you don’t know if a dishonest webmaster will not sell in a bulk the collected email addresses. Also, the registrations for untrusted free products, newsletters, free services can lead to a spammed email inbox. There are tools — email harvesters that extract automatically the email addresses where these are posted publicly example in About Me or Contact Me fields from websites, you can prevent this by exposing your email address in a format like :
example(at)domain(dot)com instead of example@domain.com
There is a bigger problem with unsolicited email other than the user annoyance, besides that exists the possibility to infect your computer by opening the attachments that carry trojan viruses apparently in all kind of formats: self extracting archives, links to malicious domains, infected PDF files or poisoned images. So, never open an email attachment coming from an untrusted source and always scan that ones that are sent by known persons ; if they are infected with a computer virus, will spread the virus involuntary. No need to say that once infected with a virus trojan you will have all the accounts compromised and a lot of troubles starting with financial losses and ending with a disturbed private life.
Somebody related about a spam email that he did received in his inbox with subject — the well-known program Adobe Acrobat Reader. The official site and download link of Adobe Reader can be found here :
but the spam email offer another link to visit :
http://adobe-acrobat-download7.com
which redirect to :
http://www.2011-acrobat-pdf-reader.com/
Clicking on Download Now button, take us to a payment site :
http://secureonlineweb.su/p06/(S(nlc4ijearzfeuz45r2rwn055))/join.aspx
You can see here the McAfee SiteAdvisor report, there are found potential security risks and here is another report from www.malwareurl.com, where the domain above mentioned is labeled as Fraud / Scam.
Here are the domain details :
Network: 84.22.96.0/19 (AS34109 AS34109 CB3ROB Ltd. & Co. KG)
domain: SECUREONLINEWEB.SU
nserver: a.dxmx.com.
nserver: b.dxmx.com.
state: REGISTERED, DELEGATED
org: Media E Guide
phone: +1 242 502 8715
fax-no: +1 242 502 8715
e-mail: stevenbates11@gmail.com
registrar: RUCENTER-REG-FID
created: 2011.03.22
paid-till: 2012.03.22
source: TCI
The registrar is in Russia and for who does not know, the .su TLD stands for Soviet Union. As you can see, even if Soviet Union does not exist anymore the .su domains refuses to die.
The web page source looks very suspicious, I’m wondering if it’s not containing another silent exploit kit:
It’s interesting that if you click Download Now button on that scam website: http://www.2011-acrobat-pdf-reader.com/ , you are landing on the sign-up page on http://secureonlineweb.su but if you try to navigate there using twice the above link (http://secureonlineweb.su/p06/(S(nlc4ijearzfeuz45r2rwn055))/join.aspx), you meet an error:
Error
We apologize for the inconvenience, but we are currently experiencing technical difficulties
Please try again at a later time.
As a result when this page was submitted for unpacking the malicious Java script to:
http://jsunpack.jeek.org
only the error page was decrypted and the report shows that the page is benign. Indeed, that error page is a very simple and clean page, but this is just a clever method to avoid the forensic analysis of the sign-up page.
Another thing, if you type directly in the browser address bar the URL:
http://secureonlineweb.su/ , another error is encountered :
PAGE NOT FOUND ERROR 569
The page you requested cannot be found. The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Please try the following:
• If you typed the page address in the Address bar, make sure that it is spelled correctly.
• Use the navigation bar on the left to find the link you are looking for.
• Click the Back button to try another link.
It’s clear for everyone that the malicious individuals behind this site, made all the efforts to avoid the website analysis and that’s make me think that there is malicious codes(scripts) behind it.
Here are the screenshots of the scam Adobe Reader website:
and for scam payment site :
A very important security rule is to not open the emails with unknown sender and to not become a new victim of scam websites, try to investigate the site reputation. In fact a Google search reveals more than enough to make yourself an idea about the character of a website.
Keep safe !
thank you so much sir
Awesome informations but i think spammers had new technology nowdays
anyway thanks for your great posts keep posting !
lj