January 11, 2012

Spam with QR code targets mobile users

Spam with QR code targets mobile users
Spam with QR code targets mobile users
Researchers have revealed a new type of spam campaign that appears to be a test run to find out how mobile users will respond to social engineering attempts on their smartphones and tablets.

According to a Tuesday blog post from security firm Websense, the emails look like typical spam trying to hawk male enhancement drugs. However, in this case, they contain a link to a legitimate site -- 2tag.nl -- that generates quick response (QR) codes for URLs.

The link leads to an already-created QR code, which can be scanned by a mobile reader application available in places like the Android Market. After the code is recognized, a URL is loaded that advertises the counterfeit goods, including Viagra and Cialis.

"This is a clear movement and evolution of traditional spammers toward targeting mobile technology," Elad Sharf, a Websense Security Labs researcher, wrote in the blog post.

Patrik Runald, senior manager of security research at Websense, told SCMagazine.com that this is the first time his team has seen QR codes being used in spam. He added that the culprits may be trying out this tactic to see how people respond, with the goal of eventually evolving it to foist malware.


Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.