We are monitoring new malicious attacks that look similar to the fake "Microsoft Outlook reconfigure" spam campaign messages we have been observing for the last couple of months. That malicious campaign was followed by attacks on social networking sites, transforming from malicious code attacks into URL-based phishing attacks.
Symantec has always recommended that personal information, especially financial information such as Social Security numbers, credit card numbers, and of course your email address must not be revealed anywhere on the Internet. Many security experts also believe that disclosing an IP address to an unknown person on the Internet is equally dangerous.
Symantec recently reported a malicious spam campaign against Facebook, which is now accompanied by a phishing attack. These messages look like an official Facebook invite or password reset confirmation mail.
Instant degree spam attacks have become one of the most regular attacks monitored in recent months. In an earlier blog post we listed the top five degrees offered by spammers. The messages guided users to online degree sites where recipients needed to actually earn their degree.
This has been a season of malicious attacks, starting last month when we informed users about an increase in spam containing malware. Coincidentally, we are seeing different methods of luring or scaring recipients to download malicious programs.
People are always curious about different theories on tragedy, especially those involving airplanes or ship accidents. In fact, even after the Titanic sank decades back, hundreds of books were published and movies developed based on expert views. Malicious software authors use information related to similar tragedies to entice recipients into clicking on virus-laden links.
Last week we observed a new Russian spam trend dealing with phone numbers. We have been monitoring spam samples containing phone numbers in the message body—with or without obfuscation. In one of our March ’09 blog posts, we mentioned the use of phone numbers in the headers as well.
Online degree spam has been around for years. However, nowadays these spam campaigns aren’t just limited to passing degree certificates (super fast - within days or weeks), but they also focus on directing recipients to specific degrees. For example, it is common knowledge that there is a shortage of qualified nurses in the US—there are many media reports on the subject.
The Diwali “Festival of Lights” happens in October and is celebrated across India. During this time a large portion of the Indian population will be out shopping and looking for holiday deals. We have started noticing spam messages that offer discounts related to Diwali. Interestingly, spammers are sending the same Internet offers, but in the form of Diwali discounts.
The IRS settlement offers for U.S. taxpayers holding accounts in foreign banks end on September 23, 2009. Using these offers, one can fully disclose and pay their back taxes, interest, and penalties. In return, the IRS will go back and scrutinize only a limited number of tax years, along with lower penalties and no criminal prosecution.
