FortiGuard Advisory (FGA-2006-28)
MySpace Social Engineering Threat The Fortinet Response Team has discovered another social engineering and phishing threat that is related to MySpace, the popular social networking website. The threat comes in the form of an eye-catching message from MySpace, which leverages the web site’s usual style and text for updates. The spoofed email uses a plain-text format that bypasses common filtering technologies. In addition, the sender’s email server is positively spoofed; one detection originated from a bank in Japan. Once the email hits the inbox of a MySpace user, the percentage of clicking-through the URL is believed to be more likely given that the MySpace is a website to publicly share pictures, videos, music, opinions and more. “This kind of deception resembles criminal renting a Porsche and trying to pass it off as his or her own in order to gain the trust of innocent victims,” said Bryan Lu, virus researcher for Fortinet.
The URL in the email forwards the user to a legitimate-looking MP3 download site. The list of artists, albums and songs are structurally indexed. Registering as a new member and adding selected albums to the cart works much like selecting books from Amazon.com. Finally, before checkout, the site is forwarded to a secured website where one can add a fund into the account ranging from $15 to $50. Worth-Investing With $15 one can download as many as five albums compared to just one song from iTunes. To build the entire phishing site only takes a few ingredients: a Web page programmer, web server and $30 for the domain listing including the secured site. After it’s fully baked, this cake is primed for eating – and stealing. This social engineering threat is undeniably for getting the attention of MySpace users and for a intention of stealing credit card information. Threat Activity Fortinet has recorded more than 50,000 of these spam emails for the past nine days. At the start, as high as 90 percent were primarily targeted to Japan. Over time, the threat gradually transfers the threat load across the world. From the graph below, the highest detection for a particular hour is 672 as of early today.
There are several threads of this spam trail, with many emails linking to different URLs. The spammers seem to be generating new URLs as a way to bypass antispam engines that blacklist malicious emails based on specific web links. However, all of these URLs re-direct potential victims to the same phishing web site. Disclaimer: Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. About Fortinet ( www.fortinet.com ): Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California. |
