The other day I received a spam at work, telling me my credit card had been billed for some earthenware products. If I’d read to the end it would have been obvious it was a fake, but I ended up doing some research on it and came across the Australian site, Code Fish Spam Watch. It’s a very interesting site because they investigate quite deeply into the scam, and reveal technical details about how various scams work. It turned out that the spam I received was part of a turf war between carders – people who try to extract credit card details from people.
Reading more on the site, I found a particularly scary attempt at extracting passwords from people’s computers. Simply by clicking on a link, Internet Explorer can be made to download a malicious “HTML Application”, write an executable to disk, and run it. In this case the executable kills off processes that look like anti-virus software, logs keystrokes, and emails the results back to a server.
I suppose I shouldn’t be shocked that this is possible, but I am. It shows the importance of not only keeping software patched, but also being careful what you click on. Even better, run an open source browser like Mozilla: Open source software is more secure by its nature.