Sunday, August 3, 2008

Spear Phishing for Child Safety Advocates Nets SafeLibraries

Spearing phishing for child safety advocates is now occurring, and SafeLibraries is included in the net. I'm honored! Interestingly, I wrote to the first spear phisher and got an actual response!

Phishing is spamming people in an attempt to deceive them to reveal information that can or will be used in a criminal act. Spear phishing is when the phisher targets specific individuals.

Child safety advocates are being spear phished with an appeal to what the criminals believe are the anti-pronography interests of the advocates. A long message is sent that sounds legitimate about the alleged concerns about child pronography and a request to stop certain web sites from spreading child pronography, then a long list of various URLs at a few domain names are given as examples. I won't give full information but naughty, beauties and adultlounge have something to do with the links being promoted.

One paragraph of the spear phisher's message says:
Our aim is to raise public awareness of the damage pornography does and the dimensions of the problem, while encouraging and enabling women to voice their protest and organize against this dangerous trade. That is why, we can start a fight against pornography by spreading this e-mail and submit links/websites that contains pornography until it reaches the proper authority that has the ability to block or close these sites.

Thirty six links to three different web sites are then listed.

The email first appeared from It was addressed to me (1), Gannett newspapers (6), Asheville's Citizen-Times (1), the Polly Klaas Foundation (1), AMECO (3), Counter Pedophilia Investigative Unit (2), NoPornNorthampton (1), the FCC (1), the Lighted Candle Society (1), Dr. Laura (1), the Fairfield County [OH] District Library (1), the Zeeland [MI] Public Library (1), the Hennepin County Library (1), the Institute for Media Education (1), Techweb (25), and various individual emails addresses (3). Total = 50 victims.

So I responded to all warning them as to the potential for spam activity and asking if anyone knew "her." I received a response from the original spammer! "She" said, evasively:
This is a valid e-mail, i am not asking you to open the links because it contains pornography, all I'm asking is that for you to resend the e-mail until it reaches the proper authority who has the ability to block the website or the links attached to this e-mail. It doesn't matter who i am or where i come from, this letter is an information if you have to read again the whole e-mail and understand its content. I am just a concerned internet user because i believe that there should never have porn sites in the first place. I just wish that you could help, although this is a very impossible fight for all of us. But who knows, in due time we will be able to eliminate pornography on the internet. we've started this fight because we too have been receiving spam emails, invitation to view porn sites and everything, and some site have been using children as their subject to pornography and we don't like that. Poor little children if we couldn't help them.

That first spam was received July 11, 2008. Since this time I have received and am still receiving the same message or a substantially similar one from hundreds of other spammers. Sometimes I get a dozen a day. Many are addressed to the same 50 emails being spammed. Sometimes, the same or substantially similar explanation letter is also sent around.

Sometimes the fraudulent claim is dropped completely and the message contains pure pronographic spam with a link to the same web site:
I am a young girl from Manila city I'm here to give you some erotic sex and fun. I am a young sluts that needs financial support I also accept people who are willing to help me in exchange of sex and fun. I am willing to do anything just to sustain our needs.

By the way, Google's Gmail does an excellent job of dumping them all in the spam folder.

As to my efforts regarding public libraries and children, this blog post is not directly related. However, I felt it was interesting enough from a computer security point of view to post this anyway.

Any technical experts wish to shed light on this?

No comments:

Post a Comment

Comments of a personal nature, trolling, and linkspam may be removed.