This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."
Download it now to read this article plus other related content.
NEWS FROM THE FRONT
Why does this continue to work? Basically, despite all the news stories, commercials about identity theft and other warnings, there are still enough gullible users. It's why con artists continue to live off variations on the same tricks decade after decade.
They may use timely news topics--"See Britney Spears in the Nude or "Bin Laden Reported Dead"--that they hope will generate a lot of clicks. Or, they'll send "holiday greetings" attacks in the form of electronic cards to lure you.
The spammers continue to innovate at an astonishing rate; today, the road to email hell tends to run through Google. Spammers' latest ploy is to have Google index their malicious Web sites, then send around links to Google searches--as opposed to direct links to the sites. That's more likely to fool even an educated user.
"If you click the link, which is a legitimate
|www.google.com link, the result is that you get forwarded by Google directly to the spammer's website," says Message-Labs' Sunner.
This is effective because no Web filters are going to block links directly to Google. To add insult to injury, the bad guys can also get advertising revenue through this attack vector.
This was first published in June 2008