Websense Security Labs : social-engineering spam campaign
October 2008 by Websense
Websense Security Labs ThreatSeeker Network has discovered a new malicious, visual social-engineering spam campaign masquerading as official emails sent by the popular Web 2.0 social-networking site Hi5.
The email comes in Spanish language, and is spoofed to appear as if it comes from the domain hi5.com, an official domain used by Hi5 for their outbound emails when notifying their users of an event.
It is common for Hi5 to send an email to notify their users when another Hi5 user adds them as a friend on the social network. However, the spammers embedded malicious links and a fake friend photograph in order to entice the recipient to click on them, which leads to a download of a Trojan horse (md5: 5f6b089f0048e6510c78bb38a3909b9c). The malicious application aims to steal confidential logins for a popular Mexican bank.
A-V detection of this banker Trojan is low.
A fake Hi5 friend request is included in the body of the email. We have previ! ously alerted on a similar attack relating to Facebook "add friend" Malicious Spam . This clearly indicates that spammer and malware authors are increasingly targeting Web 2.0 sites to carry out their attacks.