Threat Management, Network Security, Vulnerability Management

My not-so-funny valentine

As much as I “love” an audience, I'm not inclined to start sending valentines to all my readers. But I certainly don't want you to fall prey to the scammers that come out of the woodwork at this time of year – well, any time of year, but more so on special occasions like this – so here are a couple of resources you might want to keep in your virtual back pocket.

ESET Latin America was way ahead of the curve, spotting some Spanish-language Valentine-related malicious activity weeks ago. I came at that with some fairly free translation and included some extensive, more generic advice from the same force, and my colleague Stephen Cobb added some thoughts before posting the whole thing as a comprehensive blog here. And he's subsequently posted a video putting the trend into the context of cookie-stuffing and click-jacking.

Click-jacking, life-jacking, like-jacking, and so on, are probably familiar to you, but cookie-stuffing (or cookie-dropping) may not be. It has nothing to do with sage-and-onion flavored biscuits (if you'll excuse the English-ism of that phrase). Instead, it's a form of affiliate marketing where the cookie (or a number of cookies) is/are dropped by the “stuffer” from an entirely different website to the one actually visited, normally without the knowledge of the computer user, but in the hope that he'll take the hint and proceed to the third-party site and complete a “qualifying transaction” that will “earn” the stuffer a commission.

There is actually some contention (here, for example) as to whether cookie-stuffing is legitimate. However, in jurisdictions where, for example, legislation in accordance with the European Community's Privacy and Communications Directive is in effect, the covert nature of the cookie download is likely to be legally problematical. However, it's unlikely that marketers using this technique are thinking too hard about ways of distinguishing between jurisdictions where it is and isn't legal...

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.