SophosLabs blog

Today while looking at the spam queue, I came across a very small message sent to multiple email addresses. The message was a simple link to a website like so..

The link mentioned in the message goes to a page which looks *very* similar to sendspace.com, a legitimate website offering a file upload/download service.

The link listed in the message took me to sendspace-free.com.ag. This page defaults to the following.

While asking me to “upgrade” to a Max premiun downloads service (clicking  on which takes me to the malware), it also tried to automatically download some  malware, asking me to click on a redirect button incase your browser has scripts turned off. Sneaky!!

Sophos detects this malware already as Troj/Virtum-Gen.

While this is all very simple, it again highlights the ease of which users can be tricked into believing that a site is legitimate. Resorting to copying the “look and feel” of legitimate websites is a age-old technique of scammers and not something which is likely to go away anytime soon.

It’s useful to look out for dodgy signs like out of place domain names; e.g. “sendspace-free.com.ag” instead of “sendspace.com”, small emails with just a link in the body, emails from unknown senders, websites which automatically ask you to download executables on the main page

The lesson as always is to have a internet security system in place and to always “think before u click”.

Posted on April 6th, 2009 by Prashant Kumar, SophosLabs AU
Filed under: General, Malware

                                         

Free virus scan - Download the Threat Detection Test

Related posts

• Tatyana would like to a) be your sex partner or b) give you malware?
• Don’t send login credentials via email
• Driveby installer targets Australian bank customers
• Hurricane postcards
• Free FakeAV at Virus-Total (That’s not VirusTotal)