Tuesday, January 31, 2012

Another reason to delete conference spam

If you're like me, you get an immense amount of conference spam, even for conferences that are not remotely in your area of interest. (This morning I got a message inviting me to an international geography and geology conference. All right then.)

According to a new report, conference invites are now being used to infect victims' computers with malware. It works like this: the attacker takes the PDF Call for Papers for a legitimate conference, infects the PDF with malware, and spams it to various targets as a conference invitation (with the malicious PDF as an attachment). The targets open the PDF and get infected.

So far, the affected conferences include ISSNIP, an IEEE-sponsored conference on sensor networks; but the malware version of the CfP may have only targeted one particular defense contractor.

(Previously in our irregular series on academic spam: 1, 2)

No comments: