Facebook porn chicks and Skype payment spam

Filed Under: Facebook, Malware, Social networks, Spam

Yesterday I blogged about a widespread spam campaign that posed as a message to "Reset your Facebook password", but was really designed to redirect you to a Canadian pharmacy website instead. En route you can also be hit by an exploit which attempts to load a booby-trapped PDF and slap you with an infected EXE file via some Java exploits.

Today it looks like the same gang have changed their disguise, spamming out many messages with the subject line "Problem with your payment" pretending to come from noreply@notifications.skype.com.

Clearly the "from" address has been forged, as is common with spam messages, and your suspicions should be aroused by the fact that there is no text in the body of the message but just an attachment called Skype.html.

Skype payment spam

Sophos detects the attachment as Troj/JSRedir-BO, meaning that your browser won't be redirected to a third-party site as the cybercriminals would wish.

Skype spam messages

Although the vast majority of the spam messages we have seen in this campaign today have used the Skype disguise, I also stumbled across this example which pretends to be an X-rated Facebook message about "porn chicks" teaching a "rookie" about something to do with chickens:

Porn chicks message from Facebook

Again, we detect the facebook.html file attachment as Troj/JSRedir-BO.

It's probably a sad reflection on society that there are many people on the internet who wouldn't think twice of opening a file attached to an email with that subject line.

, ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.