The 'Canadian Pharmacy' was one of the top Internet scams of 2009. Interestingly, it was also one of the most prevalent e-mail spam campaigns. Users typically found the site after receiving an e-mail or while researching a new drug, perhaps one prescribed by their doctor or denied by insurance. Sites would appear on short-lived URLs, shifting rapidly to avoid being detected in spam filters or blocked by database-driven URL filters.
Many of these sites operated outside of North America and primarily conducted the transactions without using the SSL security most legitimate companies use for financial transactions. Users who submitted payments through these malicious sites either received a different product, a placebo or no product at all.This is also an example of the trend towards greater complexity in blended threats. Some of these scam sites have been linked to distributing credit card and other personal information gathered during the transaction process. Many also launch malware known as Trojan 'droppers' onto the PCs of visitors. The 'Canadian Pharmacy' has been a very successful campaign, so cybercriminals have applied it to a variety of attacks.
The most successful attacks of 2009, as in previous years, required a successful social engineering component at one stage of the attack or another. For instance, fake antivirus scams exploit common security fears, while fake code malware teases individuals to the point where they lack the patience to really think about what they are being asked to do.
In addition, death, disaster and drama have become hugely effective vehicles for spreading malware. These tactics are explored in more detail below.
As part of a comprehensive review of 2009, Blue Coat Systems has compiled this list of the most common (and successful) bait and scams the bad guys are using to install malware on unsuspecting users' systems and steal personal information.
An effective content automation solution can ease the transition to a digital-first distribution strategy, helping companies preview and approve content across all platforms and media types. ... More >>