14 DAY TRIAL // Marketing companies gather all sort of information based on the IP address used for visiting websites. Security researchers believe that the user profiling these organizations do could be leveraged by malicious actors for more efficient attacks.
Targeted advertising has been honed up to such a degree that browsing for particular subjects is enough to generate targeted advertisements on visited websites and even to receive emails in connection to the matter of interest for the user.
In one case, spotted by security researchers at F-Secure, an individual received an email with an offer for a plane ticket to San Francisco, only hours after having discussed with a friend over the phone purchasing one.
Abuse of user profile database suspected
Cybercriminals getting useful information about the potential victim from a phone conversation is unlikely; but the target in the case mentioned above could have searched for cheap plane tickets on various websites that recorded his interest and created a profile. This, on the other hand, could have revealed a match in the user profiling database of a service.
Abusing such a database would provide cybercriminals with incredible details about potential victims, and instead of blindfoldedly sending spam messages in the hope of entrapping someone, they can devise emails that appear to respond to the current need of a user and thus increase the chances of compromising their computer.
Evidence in support of this theory occurred after the security experts analyzed the sample email from the potential victim and discovered that the malware employed in the attack had only 1,250 instances in their sample database; this “would indicate that this particular malware is not being spammed to large audiences.”
Email contained attachment with plane ticket for the right destination
The email received by the individual claimed to be an order notification from Delta Airlines, purporting to provide a plane ticket to San Francisco in the attachment.
The file appended to the message has been identified by F-Secure as being a variant of Trojan.Krypt.AU.
“So this case looks very much like some targeted advertising services were misused for victim discovery by malware authors. We have seen advertising misused a lot with search engines, but this is the first case where we have indications that e-mail advertising services would be used in similar manner,” says F-Secure in a blog post.
The researchers also admit that this could very well be just a weird coincidence, although abusing marketing profiling information is definitely worth keeping an eye on.