PSA: LOL ‘Apple’ Malware Spam of the Week

| Quick Tip

Check this out. It’s probably the worst malware spam I’ve seen in a long time. I actually snorted out loud reading it. But it’s always good to be on guard against these things, and to help those in our lives who might be fooled by even this lame attempt. Accordingly, let’s turn an LOL moment into a learning opportunity.

Malware

Malware is, generally speaking, software designed to compromise a computer. On Macs, known malware needs to trick the user into voluntarily giving permission for it to be installed. That can take several forms:

  • Malware masquerading as something legit.
  • Malware that has been included in an otherwise legit-seeming installer. This is a real threat when downloading pirated software, but actually-legit installers have been compromised.
  • Malware included as one of many components in an otherwise useful free download.
  • Malware a website tries to trick us into downloading, or is downloaded in the background as part of a maliciously-crafted link.
  • Malware sent in spam that is usually presented as something necessary or useful.

My specimen today comes from that last category, which I’ve been seeing a lot of. The attacker crafts a message warning of a security breach—an email that can look a lot like a phishing attack—and the user is asked to click a link or an attachment to install something. In this case, the attachment purports to give me more information about my supposed security breach.

LOL Malware Spam of the Week

Here’s my fun example, with circles and arrows and a paragraph on the back of each one:

LOL Malware Spam of the Week

Note to self: there might be good side money to be made copy editing for spammers, phishers, and malware spammers.*

The point is to always know what you’re clicking, and to never immediately trust an email even if it looks legit. More importantly, help those people in your life who turn to you for help with tech stuff. I guarantee you someone double clicked that red “View PDF file” thinking it was real.

(It opens the image I squared off, as that image is a PDF—likely a maliciously crafted PDF.)

*Just kidding. I’d rather light ’em on fire.

3 Comments Add a comment

  1. I have received six to eight maiware emails over the last couple of weeks. Several of them reported emails that I supposedly sent that had bounced. These contained a link to click for a complete report of the issue. Another supposedly came from Apple Support and looked a lot like the one in your article. It contained a link to click to correct my address on file that they couldn’t confirm. LOL I also gotten one from iTunes Support.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account