New Halloween-themed spam just the first fright

With Halloween nearing, users should be on alert for spam and other attacks exploiting the holiday, and experts expect social network websites to serve as a major vector this year.

So far, one Halloween-themed spam campaign offers readers the opportunity to earn money from home, according to anti-virus vendor Trend Micro.

“Happy Halloween!” the message reads. “Make it even sweeter with some EXTRA CASH in your candy bag!”

The message contains a link that redirects users to an inactive site that was registered in August – most likely just for spamming purposes, Gaye Ofilas, anti-spam research engineer at Trend Micro, wrote Thursday in a blog post.

“It is not uncommon for spammers to register domains for the minimum time period allowable to further their malicious profiteering activities,” Ofilas said.

There will probably be a fair amount of spam associated with the holiday, but other Halloween-themed exploits are sure to ramp up next week as well, Randy Abrams, director of technical education at anti-virus vendor ESET, told SCMagazineUS.com on Friday.

Users should be on alert for fake Halloween e-cards which could lead to malicious sites intended to infect visitors with malware. Also, users should be wary of clicking on links in emails or on social networking sites to supposed holiday-themed videos, Abrams said. Halloween-themed exploits will likely be rampant, particularly on social networking sites this holiday season.

“Twitter should be an interesting spectacle this Halloween,” Abrams said.

As a basic precaution, users should close their browsers if they see a link that says they need to download or install something, Abrams said. Also, users should ensure their operating systems and anti-virus programs are up to date and use a freely available web tool to ensure all applications are patched.

Legitimate e-cards should be addressed specifically to the recipient and include the name of the person who sent the card, instead of simply indicating that the sender was a “friend,” “family member” or “admirer,” Abrams wrote in a blog post on Friday. Also, links to e-cards should be for legitimate e-greeting sites such as American Greetings.

Around last Halloween, Trend Micro warned that internet searches for costumes would often lead to "poisoned" results, some of which were propagating rogue anti-virus software. Abrams said he expects to see similar ploys this year.