As little pirates visit millions of doorsteps this Halloween in hopes of candy, the big ones are seeking to haunt millions of computers in hopes of cash.
Cyber spooks are preparing one of the largest Halloween spam waves to date in a mass promotion of pirated software, along with other attacks engineered to take advantage of the spookiest day of the year. Halloween tricks in the cyber world have already started, with “Halloween sale” spam e-mails advertising a wide assortment of pirated software.
Bitdefender e-threat analysts have discovered more than a dozen waves of spam, adorned with images of pumpkins and witches, seeking to peddle rip-offs of Windows 7, Office 2010, Adobe, Corel, Kaspersky or “soft for Macintosh” translated in “over 15 languages.”
“Morality is not the only problem with buying and installing pirated software” explains Catalin Cosoi, Bitdefender’s Global Research Director. “The problem lies in the fact that users generally don’t receive critical updates or patches from the vendors, leaving them exposed to vulnerabilities that might later on be exploited by crooks.”
Halloween has traditionally brought out the internet trolls and other ghosts in your machine but the theme changes every couple of years. Last year and in 2009, Halloween scams focused heavily on Black Hat SEO tricks designed to steer your browser to sites that can turn the scammers a profit.
In 2008 and 2007, Halloween was spammed with discount coupons for products you would never use, or want to. And Halloween of 2006 was famous for the Dancing Skeleton, spam e-mails that redirected users towards sites where a dancing skeleton game would dance and install a backdoor on the user’s PC.
Like a Halloween candy bag, this year’s spam sampling includes an assortment of products ranging from dairy foods, ink, flowers and sweets to toys, Halloween costumes, pornographic material, online dating tips service and lots of pirated software.
One huge spam wave heading your way addresses Windows and Mac aficionados alike with over “œ500 title of popular software products” at dazzling discounts – discounts possible because the spammers sell either pirated applications or licenses taken from legit users with license-stealing Trojans. Either way, selling this kind of software is illegal and will likely have your license revoked.
As with past Halloweens, malware-laden e-mails and web pages will also attempt to sneak on to your computer amid the barrage of spam. Through recent Halloweens, Bitdefender has found:
- gift vouchers worth $250 that would collect critical data and further use it for fraud;
- greeting cards sent by worms such as the notorious Storm, Waledac (Win32.Worm.Waledac) or Prolaco (Win32.Worm.Prolaco) containing archived malicious files that once run would allow an attacker to seize control over the infected machine and dispose of the stored data at will or used as zombies in DDoS attacks.
Some tips on how stay safe during the holidays:
- Make sure you have installed an antivirus solution with anti-malware, firewall and spam filter and keep it updated at all times;
- Regularly check your operating system provider webpage and install all patches or fixes they provide;
- Bitdefenderusers should make sure they have the Search Advisor on and avoid clicking on links that are labeled as dangerous;
- Do not click links in the spam e-mails, and never launch files attached to these e-mails, as you might trigger other malware;
- Know who you are following or add as friend;
- If you’re getting any warning message when visiting a page, leave it at once;
- Do not install software from untrusted locations, especially when they impersonate a codec. Use the vendor’s page if you plan to download this kind of software.
Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.