9:22 pm (UTC-7) | by Alice Decker (Senior Threat Researcher)
Do you know the story where a human and a monkey lived in two rooms separated by a single door?
The first part of the story says that after a while in that room, the human started to get curious and decided to find out what was happening behind the door. As the human peeked through the keyhole, what he saw was another eye, which apparently was the monkey’s.
Cyber criminals can use the simplest of methods and maximum yield by simply exploiting human curiosity. How?
The first step is to send a spam email message. This message is supposedly sent through well-known botnet infrastructure.
The message above was sent in German but it could be sent in any language. The message above reads “With our completely free service, you can find out whoever blocked you in MSN or deleted” in English.
The link opens a Web site that includes the invitation to use the free service to check the validity of the MSN account.
All the user has to do here is “to peek through the keyhole” by typing the MSN account and the right password to figure out if his account is “indeed blacklisted”. Of course no answer comes back but…What happens then?
If the data entered in these fields are valid then the user could be considered an accomplice for the next criminal actions done by the users of the firstname.lastname@example.org mailbox, the mailbox where the data is sent.
This gives cyber criminals a free choice to use their unlawfully acquired data in any of their illicit activities. The hacked MSN account can be used to send out spam, distribute malware both through email and the instant messaging application, MSN Messenger. Apart from this, the unauthorized user will then have access to the mailbox and can gather personal data about the affected user.
Share this article