Something we’ve seen lately are a number of attempts to use spam as an infection vector for spyware using social engineering tricks. However, unlike past attempts with things like “a postcard greeting is attached”, these spams feature striking images and a link to a website that has malware on it.
Recently, we saw the fake IE 7 download, which attempted to get users to download an “IE 7” which, in fact, was malware. Then we saw the Britney Spears spam, which had a link to a malware installer using the ANI exploit. Click the picture. Life becomes unpleasant. The sort of thing.
Today, we’re seeing the “Hot pictures of paris hilton nude” spam, which also gets you to a site which attempts to use a number of now-patched exploits to install malware on a system (and the picture itself isn’t even of Paris Hilton, it’s Jenna Jameson). It’s the same gang that did the Britney spam.
(Thanks Francesco and the rest of the team)