New Halloween-themed spam just the first fright

Share this article:
With Halloween nearing, users should be on alert for spam and other attacks exploiting the holiday, and experts expect social network websites to serve as a major vector this year.

So far, one Halloween-themed spam campaign offers readers the opportunity to earn money from home, according to anti-virus vendor Trend Micro.

“Happy Halloween!” the message reads. “Make it even sweeter with some EXTRA CASH in your candy bag!”

The message contains a link that redirects users to an inactive site that was registered in August – most likely just for spamming purposes, Gaye Ofilas, anti-spam research engineer at Trend Micro, wrote Thursday in a blog post.

“It is not uncommon for spammers to register domains for the minimum time period allowable to further their malicious profiteering activities,” Ofilas said.

There will probably be a fair amount of spam associated with the holiday, but other Halloween-themed exploits are sure to ramp up next week as well, Randy Abrams, director of technical education at anti-virus vendor ESET, told SCMagazineUS.com on Friday.

Users should be on alert for fake Halloween e-cards which could lead to malicious sites intended to infect visitors with malware. Also, users should be wary of clicking on links in emails or on social networking sites to supposed holiday-themed videos, Abrams said. Halloween-themed exploits will likely be rampant, particularly on social networking sites this holiday season.

“Twitter should be an interesting spectacle this Halloween,” Abrams said.

As a basic precaution, users should close their browsers if they see a link that says they need to download or install something, Abrams said. Also, users should ensure their operating systems and anti-virus programs are up to date and use a freely available web tool to ensure all applications are patched.

Legitimate e-cards should be addressed specifically to the recipient and include the name of the person who sent the card, instead of simply indicating that the sender was a “friend,” “family member” or “admirer,” Abrams wrote in a blog post on Friday. Also, links to e-cards should be for legitimate e-greeting sites such as American Greetings.

Around last Halloween, Trend Micro warned that internet searches for costumes would often lead to "poisoned" results, some of which were propagating rogue anti-virus software. Abrams said he expects to see similar ploys this year.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.