What's the latest in virus spreading e-mails? The fake membership confirmation.

I've been getting a bunch of these lately, and Symantec just posted a warning about them today.

The basic format is...

When you go to the site, it uses an error in Windows Media Player to install malware on your computer and turn it into a zombie in their botnet, to be used for spewing spam, helping with DDOS attacks, or just sending out more copies of the virus e-mail.

If you haven't learned already, any link that's all numbers, such as http://127.0.0.1, should NEVER EVER be clicked. Also, if you didn't sign up for the site... it's 99.999% bogus. Porn spammers have been using this trick forever.

But what pisses me off is that it's hard enough to get legitimate mail to people. My FunDraw.com site generates about 5% of membership confirmations getting bounced or just never arriving. Some of those are because some doofus has put in an obviously fake e-mail address like asshat@yourmomshouse.com, but some are just because aggressive spam filters didn't like some element of the mail.

Spammers and malware authors have nearly crippled e-cards over the years. I have thought long and hard about letting people send FunDraw.com drawings as e-cards, but decided I didn't need the headache. Now with malware authors using a flood of fake membership confirmations as social engineering bait, I can see the bounce rate of legitimate messages going up significantly. While some admins will know how to configure their spam filters to weed these out based on stuff like the IP address link, some will use more generic cues and generate a lot of needless false positives on the premise that it's better to be safe than sorry.

Sad thing is that most e-mail confirmations are done to make sure that the person signing up has provided a valid e-mail address, which is one way of weeding out a lot of spam robots and site vandals that would otherwise sign up and run rampant. Making them provide a valid address AND respond to an e-mail isn't foolproof. It's like locking your car. It won't prevent the dedicated evildoer from doing what they're going to do, but it presents a "more trouble than it's worth" hurdle to a lot of casual evildoers.

Thus by using the fake registration confirmation to spread malware, evildoers get two benefits:

1. They get a new form that it will take spam filters a little while to respond to, thus getting more mail through in the interim.
2. Once the spam filters are set up to respond to it, more legitimate registration confirmations will get blocked by spam filters, making it harder for site owners to use registration confirmation as a security speedbump for evildoers.

Anyone starting up a hit squad to kill spammers, malware authors, botnet masters, and malware distributors, please count me in for a donation to your cause.

This entry was posted on Tuesday, August 21st, 2007 at 2:18 pm and is filed under Techno Thoughts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.