Noted by Cipher
Simple email evades suspicion.
KSL.COM, Sarah Doloff
A particularly effective email trick has been making its way through
some locales (e.g.,
Utah). Apparently
based on breaking into email accounts on popular email sites, it sends
a short message to a few people at a time on a user's contact list.
There is no subject, and the content is simply a URL. This simple
trick is remarkably effective in bypassing the normal spam filters and
suspicions of
users. Because the email is from a known contact, and because there
is no text, no advertising, no enticement, users seem to trust the link.
Experts warn that the action may lead to malware installation and
possible augmentation of a botnet.
Successful web services attract malware, and Facebook has been aware
of one that targets its site for some time. Riva Richmond of The New York Times
reports on how Joe Sullivan, Facebook's security chief, has battled the Koobface worm.
Although the worm's objective is to build a botnet for advertising
services, the bulk of the money comes not from designer watches but
from fake anti-virus software. The operators may have been netting
$200K per month in such sales.
November 10, 2010
Facebook faces down a botnet.
Published: November 14, 2010
http://www.nytimes.com/2010/11/15/technology/15worm.html?src=busln