Symantec Connect
  • Login
  • Register
  • Security
    • All of Connect
    • Backup and Archiving
    • Clustering and Replication
    • Endpoint Management & Virtualization
    • Storage Management
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas
Login to participate
Security ResponseRSS

Chinese Spammers Stay Up to Date with Popular Internet Activities

Vivian Ho
Senior Security Response Lead
October 27th, 2009
Tags: Security, Spam, Spam, Security Response
Facebook Twitter

Chinese spammers are very adaptive to new Internet social mediums that might attract recipients’ interests in order to get Web hits. Spammers have done their research on popular social networking activities and living habits, thus setting up spam traps for possible hits. Recipients often fall for the spammers’ tricks because they may not be aware of updated spam news or phishing alerts.

Recently we observed Chinese spammers sending out moneymaking scams using a popular free micro blogging service. This type of free social networking allows users to send live updates through short text messages or links. In this sample we found that a spammer registered a legitimate user account and then sent out a friend invitation request. All links lead to the same money making promo ads:

Sample 1:

From: Popular social networking <Details removed>
Subject: 兼職工作,全職收入-每月增加2到 5萬 邀請您到 <Details removed> 註冊帳號

Translation:
Subject: part-time work, full-time income - increase 20 to 50 thousand dollars every month invite you to register a <Details removed> account

hipspam1.png
    
Body Translation:

I’ve been playing <Details removed> for a while, I hope you’ll try it!
Click here to accept my invitation:
http://www.<Details removed>/xxxxxxxxxxxxxxxxxxxxxx/invite/2
Click here to view my personal webpage:
http://www.<Details removed>/xxxxxxxxxxxxxxxxxxxxx

Below is another example of spammers disguised as a legitimate online auction administrator, notifying sellers that they might violate the policy by being involved in illegal bidding activity. They sent out a legitimate looking notification email and tried to trick the seller into logging in with their account name and password.

Sample 2:

From: < Details Removed >
Subject: <Details removed> 拍賣違規通知信   

Translation:
Subject: Suspected illegal <Details removed> bidding product notification

hipspam2.png

Body Translation:

<Details removed> Bidding Admin Notification
[image: Go to my shop on <Details removed> Bidding]
This store activity violated our auction policy.

==========================================

Note: My thanks to blog contributors Ching-Yu Hsu and Hitomi Lin.

+1 (1 vote)
  • Vivian Ho's blog
  • Comments RSS Feed

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Recent Blog Posts

  • Microsoft Patch Tuesday - February 2010
    Robert Keith - February 09, 2010
  • Sale! This Offer is Valid EVERY Week
    Mayur Kulkarni - February 05, 2010
  • SpyEye Bot versus Zeus Bot
    Peter Coogan - February 04, 2010
  • 利用双重漏洞发动攻击的木马Trojan.Hydraq
    Livian Ge - February 03, 2010
  • Phishing Using Pornographic Content as Bait
    Mathew Maniyara - February 03, 2010

Blog Tags

10.x 11.x 9.x and Earlier Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Evolution of Security General Symantec How to IT Risk Management Internet Security Threat Report Malicious Code Mobile & Wireless Online Fraud Platforms & Hardware Restore Security Security Security Risks Spam Vulnerabilities & Exploits Windows
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Newsletter
  • Privacy Policy
  • Symantec.com