Video Screencast Help
Security Response

Spammers Take Advantage of US Government Shutdown

Created: 02 Oct 2013 10:42:56 GMT • Updated: 23 Jan 2014 18:04:00 GMT • Translations available: 日本語
Anand Muralidharan's picture
+2 2 Votes
Login to vote

The latest news making headlines around the world is about the partial shutdown of the US government, which failed to agree on a new budget. Ever quick to take advantage of a situation, cybercriminals have begun to send various spam messages related to the government shutdown. These spam messages have started flowing into the Symantec Probe Network. We have observed that most of the spam samples encourage users to take advantage of clearance sales on cars and trucks. Clicking the included URL will automatically redirect the user to a website containing a bogus offer.

US_Gov_Spam.png

Figure 1. US government shutdown themed spam email

In the messages Symantec has observed, the spammers are using a random email header, which may be an attempt to evade antispam filters. Some of the headers used in this latest spam campaign can be easily recognized:

  • Subject: Half-off our autos for each day the US Govt is shut down
  • Subject: Get half off MSRP on new autos for each day of govt. shut down
  • From: [NAME] <shut.down@[REMOVED]>
  • From: [NAME] <short.term@[REMOVED]>
  • From: [NAME] <very.limited@[REMOVED]>
  • From: [NAME] <limited.event@[REMOVED]>

The following pattern was observed in the links contained in the spam emails:

  • [DOMAIN NAME]/[RANDOM CHARACTERS]govt-shut[RANDOM DIGITS]do.wn_event[RANDOM DIGITS]

Symantec advises users to be cautious when handling unsolicited or unexpected emails. Symantec constantly monitors spam attacks to ensure that users are kept up-to-date with information on the latest threats.