Security news
Security news18 September 2006
Steve Irwin video tribute designed to collect email addresses Internet users warned to read the electronic small print
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a spam campaign designed to harvest email addresses by attracting readers to websites offering topical "video tributes".
The spam emails lead to sites containing a range of teasers offering video tributes to 9/11 victims, troubled celebrity Anna Nicole Smith and "Crocodile Hunter" Steve Irwin who was killed on 4 September by a giant stingray whilst snorkelling off the Great Barrier Reef.
A teaser is displayed, encouraging visitors to enter their full email address to watch the full tribute.
To view the full video, you need to provide your email address – something which seems harmless enough unless you visit the site's privacy policy, accessible via a link at the bottom of the page.
In this policy, the operator of the page reserves the right, amongst other things, "to send you personalized marketing information via electronic delivery", "to send you targeted advertising", and to "sell and/or license the personal information that you provide...to third party businesses," including "providers of direct marketing services and applications".
If you click through to the video, you are given an opportunity to invite five of your friends along to view it too, by providing their email addresses to the site's operator.
The web pages offer tributes related to news events such as 9/11 and the death of Steve Irwin.
"The message is simple: don't stitch up your friends by dishing out their email addresses, no matter how keen you think they might be, and always think carefully before giving your email address to any website especially if it has just spammed you. Websites like this are preying on people's interest in news stories like the death of Steve Irwin and the troubled life of Anna Nicole Smith in their attempt to collect email addresses," said Graham Cluley, senior technology consultant for Sophos. "If you really can't resist, then be sure to read the small print. Your personal information is valuable, so be wary of giving companies the right to collect it and then to dispose of it however they want."
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as secure their desktop and servers with automatically updated protection.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
