Malicious Junk Mail

A few days ago, a colleague I hadn’t corresponded with in a while told me he almost missed my email because it wound up in the spam folder, and he hesitated before deleting it because my full name wasn’t displayed in the sender address. That reminded me that it had been a while since I emptied the spam folder on one of my accounts, so I opened it up to check.

Of course it was filled with junk mail offers for pharmaceutical and luxury products I don’t want, but two messages caught my eye supposedly from service@youtube.com. I was rather perplexed since I didn’t remember attaching this email address to any of my YouTube accounts, but just in case I opened one to check. The mail looked fairly legitimate and was designed to make me curious. The link looked ok, but being generally wary of this sort of thing, I opened the mail in a separate browser window to check before clicking on it, since the browser didn’t resolve the link when I first moused over it and the mail tool I was using didn’t want to show me the full email header. Here is what I saw:

I’ve blacked out some personal information, but you can clearly see the real URL behind the innocuous-looking YouTube one in the bottom left-hand corner of the window. I’ve blacked out part of the link too, but the same link showed up when I moused over any of the hyperlinks in the message.

How does that work? Well, it’s easy. The authors just used a simple trick in HTML to insert a link using the tag <a>. The clever part is that they made the text anchor look like a normal link to YouTube: http://www.youtube.com/watch=etc. That could fool even some savvy users.

Inspecting the element with Firebug reveals the trick:

I didn’t check the link to see what was behind it. Most likely either more spam or a site that will use some malicious javascript or other code to capture personal data or install some malware. As this type of email becomes more and more pervasive, it becomes more and more important to have the right tools to protect against clicking on malicious links.

Since I emptied my spam folder, I’ve already received another email from service@youtube.com telling me that I have one unread personal message. The link in the email resolves to a different address but the trick is the same.

Be careful out there!

This entry was posted in Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s