If you're like me, you get an immense amount of conference spam, even for conferences that are not remotely in your area of interest. (This morning I got a message inviting me to an international geography and geology conference. All right then.)
According to a new report, conference invites are now being used to infect victims' computers with malware. It works like this: the attacker takes the PDF Call for Papers for a legitimate conference, infects the PDF with malware, and spams it to various targets as a conference invitation (with the malicious PDF as an attachment). The targets open the PDF and get infected.
So far, the affected conferences include ISSNIP, an IEEE-sponsored conference on sensor networks; but the malware version of the CfP may have only targeted one particular defense contractor.
(Previously in our irregular series on academic spam: 1, 2)
According to a new report, conference invites are now being used to infect victims' computers with malware. It works like this: the attacker takes the PDF Call for Papers for a legitimate conference, infects the PDF with malware, and spams it to various targets as a conference invitation (with the malicious PDF as an attachment). The targets open the PDF and get infected.
So far, the affected conferences include ISSNIP, an IEEE-sponsored conference on sensor networks; but the malware version of the CfP may have only targeted one particular defense contractor.
(Previously in our irregular series on academic spam: 1, 2)