OFFICIAL SECURITY BLOG
March 28, 2014 | BY Joshua Cannell
It appears that spammers never waste an opportunity, not even with the Syrian Civil War.
During its course, there have been many legitimate petitions against any US involvement in the war. Recently, however, numerous sites were discovered hosting what appear to be petitions against the Syrian war, but are in fact from spammers trying to harvest email accounts.
All of these petition sites seem to be delivering a similar message to visitors.
These so-called petitions require you to fill out personal details, most of them limited to at least your name and e-mail address. They also state they are “To be delivered to The United States House of Representatives, The United States Senate, and President Barack Obama.”
The same spam has also been spotted offering Amazon gift cards to one lucky petition signer every day.
The loaded webpage states the petitions are “powered” by Amazon, even though Amazon hosts no such petitions.
After signing this petition, visitors receive a thank you message and their data is sent in plain text via an HTTP POST request, where the information is recorded on the same server.
It’s important to be able to recognize a real petition from a fake, and so we’d like to make our readers aware of these traps.
If you encounter one of these sites, never share your personal information; while they may seem like a good idea on the surface, signing them will lead to a lot more spam than you may already be getting.
Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and malware analysis. Twitter: @joshcannell