Latest spam scams use Google, Olympics

Computerworld - Using new techniques to trick users into opening misleading, fraudulent and potentially harmful messages, spammers have recently targeted Google, the Olympic games and US Bank, according to SurfControl PLC, a vendor of Web and e-mail filtering software.
"There is greater awareness of the risks associated with spam and e-mail, so spammers must continually create new techniques to trick end users," Susan Larson, vice president of global content at Scotts Valley, Calif.-based SurfControl, said in a statement. "Companies should be on the lookout for these new techniques and others as they emerge."
SurfControl said the Google scam, discovered this week, appears in in-boxes with the subject line "Google, #1 Search Engine." The e-mail asks users to download the latest Google tool bar to stop pop-up ads and spyware and then directs them to a link to download the tool bar executable. However, this download is most likely a virus-infected file, according to SurfControl.
At least two aspects of the e-mail indicated it was a hoax, SurfControl said. First, the sender address was from an individual, rather than Google. Second, the IP address for the tool bar download matches that of a suspicious Web site that sells "The Essential Underground Handbook," a guide to get-rich-quick schemes and other forms of fraud, according to SurfControl.
SurfControl's research team also said spammers are increasingly embedding images into their messages rather than using HTML, which allows them to work around spam protections that can block HTML-based graphics offered in Microsoft Outlook. And since the text is all part of the embedded image, this techniques also bypasses the text-scanning abilities of traditional antispam filters, the company said.
SurfControl said this technique was found in three spam messages this week, including one that appeared to spoof US Bank as part of a phishing scam.
SurfControl also discovered a scam using excitement around the 2004 Olympic Games to help the scammer circumvent new federal antispam law. With subject lines including "Olympic Games," "Olympic Medals," "ATHENS 2004" and "ATHENS RANKS," the message appeared to provide the latest Olympic medal tallies.
However, directly beneath the tallies was the name of a company "sponsoring" the information -- with a link to an advertisement for Viagra.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.