Symantec Connect
  • Login
  • Register
  • All of Connect
    • All of Connect
    • Backup and Archiving
    • Endpoint Management & Virtualization
    • Storage and Clustering
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas

MessageLabs IntelligenceSyndicate content

Login to participate
Bredolab trojan now using a popular social networking brand to spread
Daren Lewis | October 27, 2009
0 comments

This post is made on behalf of my colleague Mathew Nisbet, Malware Data Analyst

The Bredolab Trojan has been seen “in the wild” for a long time, but the people behind it constantly change the subjects and format of the e-mails to try and fool people. The most recent change has been to use the a popular social networking brand name to try and trick people into opening and running an attachment by telling them their password has been reset, and that their new password is contained in the attachement. Running the attachment will install the Bredolab trojan on their machine and give the people behind the attack full control to do almost anything they want.

The first few occurrences of the new style were seen between 7pm and 8pm on 26th October and there has been a steady stream of them since, reaching almost 30% of all malware seen between 2am and 3am on the 27th October.

...

Read more
Tags: Security, Spam, MessageLabs Intelligence
Mail Bomber – it does more than you thought
Daren Lewis | October 15, 2009
0 comments

After spending some time on analysing the mail bomber tool downloaded from spamfordz [dot] com, here is some interesting information noticed.

 20091005_01.gif

Fig.1 Files contained in the tool package

To get this work, one needs to upload the files (as shown in Fig. 1 above) to a web server and open index.html file, which opens the mail bomber sform as shown below.

 20091005_02.gif

Fig. 2 Mail Bomber form

As the form shows, one just needs to follow the easy steps like entering the victim’s email address, From name, etc, and hit ‘Do It!’ button, the job is done.

Is that simple? Before answering the question, let’s take a look at what it actually does behind the ‘Do It!...

Read more
Tags: Hosted Mail Security, Security, MessageLabs Intelligence
Creating a Simple Botnet Using the AutoIT Scripting Language
Paul Wood | October 14, 2009
0 comments

This post is made on behalf of my colleague Manoj Venugopalan, Malware Analyst for Symantec Hosted Services.

AutoIT, a free automation language for Windows platform-based development, is often used for scripting Windows-based applications and sometimes misused for creating malware. AutoIT scripts can be compiled into a compressed, standalone executable which will run without an interpreter. Auto2Exe is the application used to compile the AutoIT script into a standalone executiable.

Most of the malware based on AutoIT is in the form of worms and Trojans. Many such worms are well-known for logging into a user's IM client, changing their status message and then sending copies of the malware to all of the "buddies" in the victim's list.

MessageLabs Intelligence recently discovered an AutoIT Trojan using IRC (online chat) to connect an infected machine to a command and control channel without the user's knowledge. The malware is...

Read more
Tags: Hosted Mail Security, Emerging Threats, Evolution of Security, Malicious Code, Security, MessageLabs Intelligence
Rustock – The Botnet with a Heartbeat
Paul Wood | October 6, 2009
0 comments

Further analysis of Rustock reveals some interesting insights regarding how it seems to have settled into a remarkably predictable pattern of spamming in the last few months - so regular that it may be possible to set your watch by it!  Every day at 8 a.m. GMT (3 a.m. ET) it begins to send out spam emails, continuing throughout the day, peaking at about midday GMT (7 a.m. ET), and then ceasing spamming at midnight GMT (7 p.m. ET).  It then rests for about eight hours, before the cycle begins again the following day.
 

 2009Sep_Ex_rustock.gif
Figure 1  - Rustock's New, Regular Spamming Pattern
 

2009Sep_Ex_cutwail.gif
Figure 2 - Typical Spam Output from Cutwail

This pattern of spamming...

Read more
Tags: Hosted Mail Security, Emerging Threats, Evolution of Security, Malicious Code, Security, Spam, MessageLabs Intelligence

About MessageLabs Intelligence Blog

The MessageLabs Intelligence blog serves as a conduit for communicating MessageLabs Intelligence data, trends and statistics. MessageLabs Team Skeptic™ comprises many world-renowned malware and spam experts, who have a global view of threats across multiple communication protocols drawn from the billions of web pages, email and IM messages they monitor each day on behalf of 21,000 clients in more than 102 countries.
Filter by:

Recently on Twitter

messagelabs
  • Nisbet looks at the word frequency in spam from different botnets http://www.symantec.com/connect/blogs/word-usage-spam
    March 16, 2010 | 1:01PM
  • Rustock botnet sending more encrypted spam: http://bit.ly/aqxh5Z
    March 10, 2010 | 9:33AM
  • Pharmaceutical spam now accounts for 81.9% of all spam. Europe is more likely to receive it than other regions, and Asian ones least of all.
    March 09, 2010 | 8:33AM
  • Yuriko Kako-Batt shines some light on the Canadian Pharmacy spam websites in her MessageLabs Intelligence blog post: http://bit.ly/dkCrGu
    March 01, 2010 | 7:42AM
  • Symantec Announces February 2010 MessageLabs Intelligence Report: http://bit.ly/59o8EL - Spam Volumes Surge while Message Size Shrinks
    March 01, 2010 | 6:53AM

Blog Tags

Backup and Archiving Emerging Threats Emerging Threats Evolution of Security Hosted Mail Security Malicious Code Malicious Code Online Backup Online Fraud Online Storage for Backup Exec Security Security Security Risks Spam Vulnerabilities & Exploits
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Privacy Policy
  • Symantec.com