Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Security Response

Showing posts tagged with Symantec Protection Suites (SPS)
Showing posts in English
Christopher Mendes | 16 Dec 2013 09:07:53 GMT

Contributor: Binny Kuriakose

‘Hello world’ we are digital! Well that was ages ago. Today the need for speed has made us extra fast. A click of a button and the desired webpage is up and running in an instant. In fact, organizations are switching to the Web because of cost effective business and global presence the Internet provides. This phenomenon has made predators smack their lips. What better environment to make a kill than Christmas, with the unaware and the vulnerable abound!

With a systematic study of business done during Christmas, spammers have leveraged a plethora of categories since early July, ranging from hospitality-related spam for those who plan early on how to celebrate Christmas later in the year, to last minute shoppers who scramble to buy gifts before rushing home. Now, that is a well-planned spread.

  • For the vacation planner, there is a hospitality-related spam, with headers reading:

From:...

Pavlo Prodanchuk | 11 Dec 2013 08:53:49 GMT

The latest trend in Russian language spam shows that spammers have started promoting Make Money Fast (MMF) schemes where users are told that money can be easily made with the use of binary options trading.

The sample observed by Symantec has the usual spam traits including a catchy subject, which highlights a large sum of money someone is making every month, to grab the attention of the recipient.

The spam is sent from mail.ru, the largest free email service in Russia, with the account name stating the age of the person linking it to the subject line. The following is a translation of the email header: 

Subject: $3700 a month – this retiree making more than you?
From: pensioner.vladimir@mail.ru

This is an effective trick, especially during the festive season when many peoples’ finances are stretched.

figure_0.jpg

...

Binny Kuriakose | 03 Dec 2013 08:16:47 GMT

Word Salad, a workaround method invented by spammers to counter Bayesian spam filtering, is an old trick in the spammer’s manual, but cutting edge anti-spam filtering technology has made this ploy blunt.

As a form of Bayesian poisoning, Word Salad is an incongruous string of words. It uses words that are very legitimate and can be seen in any form of legit prose. From the perspective of Bayesian filtering, there is a large volume of legit data in emails which employs Word Salad. The word salad are often seen in the form of HTML, where nonsensical tags are used to break  URLs up so analysers will have a hard time tracking down the spammy URL. The latest trend in word salad is to add the most current keywords, like the hottest news or an upcoming event.

The demise of Paul Walker, the ‘Fast and Furious’ franchise star, in a fiery car accident on Saturday, is the latest example exploited by spammers. Within hours of this breaking news, Symantec...

Christopher Mendes | 02 Dec 2013 08:10:34 GMT

The Christmas season is a time to loosen up a few strings.  The ‘how’ is obvious, and the ‘where’ is situated in your pocket.

Now that’s no joke. You draw your plans and fix your expenditure. After all, you know the frontiers of your funds. But, the one who values it the most after you is the one who pries on you! It’s amazing to see how easily they do it. All it takes is a little bit of greed, a little bit of fear and a little bit of urgency and you lose your resolutions.  It’s only moments after you have allowed yourself to be cheated that you feel the remorse. After all, you have struggled for months to build your bank account balance to spend for Christmas only to have it burgled in an instance. If this detour does not bring you goosebumps, a little analysis on one such phishing sample should do the needful.

The header of the phishing email reads:

Subject: [Brand name] is giving...

Binny Kuriakose | 22 Nov 2013 09:42:44 GMT

Contributor: Vivek Krishnamurthi

The holiday season starts in the United States on Thanksgiving on November 28 preceding Black Friday, which occurs on November 29. This also marks the beginning of the much awaited shopping season when people take to the streets to celebrate the shopping furor with their family and friends. The shopping buzz is fuelled by discount sales and promotional offers by online sites and retailer outlets.

With online commerce growing by the day, spammers may take advantage of the holiday season to target shoppers. The spammers usually send out fake promotional messages and bogus deals and lie in wait for any victims who are tricked by these scams. Symantec has been on the lookout for signs of such messages to warn the public on what to avoid this holiday season.

We found the most popular spamming techniques, which topped our chart early this holiday season 

Products offered at discounts never seen before...

Symantec Security Response | 22 Nov 2013 00:12:26 GMT

Fake AV 1 edit.png

Contributor: Joseph Graziano

A new clever way of social engineering spam is going around today that attempts to trick users into running malware on their computers. The methods malware authors are using include emails pretending to be from various antivirus software companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for their antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as...

Christopher Mendes | 20 Nov 2013 05:37:33 GMT

Tacloban, the new ground zero created by Haiyan, is the raison d'être for a large directory harvest attack (DHA) launched by spammers today.

A DHA attack is launched to check the validity of an email directory or emails related to a targeted email server. The aim of this is to collect intelligence and prepare a platform to launch a large spam campaign on that particular site once a database is put in place. Rejected emails return as bounce or non-delivery report/receipt (NDR) and the rest is concluded as legit, while valid emails will soon be bombarded with a host of spam, phish and malware laden email attacks.

The attack is launched, with the spammer claiming to be from a reputed mass media and communications company on a very large Internet site and service provider, for the sole purpose of harvesting and validating email addresses.

The email’s structure is very simple. The headers and body content of the said attack are taken from a...

Mathew Maniyara | 19 Nov 2013 05:34:13 GMT

Contributor: Avdhoot Patil

The internet can be a dangerous place with security threats lurking from every direction, and it gets worse when threats meld together. Phishing today is a major part of cybercrime and phishers have recently gained interest in additional security threats. This year has witnessed the fusion of threats such as malware and spam with phishing, for instance. The recent use of malware in bogus apps are a good example.

This month, malware was used yet again in a phishing site spoofing Facebook. This phishing site offers a fake app devised to entice Android and iPhone users and was hosted on servers based in Paris, France, with pages in the French language.

A phishing site always comes with bait but phishers always craft new ones because they don’t want users to get familiar with same old phishing bait. This time, the bait was an offer...

Samir_Patil | 12 Nov 2013 08:34:49 GMT

Contributor: Vijay Thawre

Typhoon Haiyan, one of the strongest tropical cyclones on record struck the Philippines this week, leaving behind a trail of mass destruction. With more than 10,000 people dead, call for help has been raised by several NGOs and organizations worldwide. Donation requests have been posted on different social networks as well as some popular websites. Meanwhile, spammers have started taking advantage of the situation by sending email containing fake donation requests.

Figure_0.png

Figure. Philippines Typhoon Haiyan scam email

In the the example shown in this blog, the spammer has sent an email that seems perfectly fine at first glance, but when you take a closer look, you can see the email is sent from a different email ID with the subject line "HELP PHILIPPINES".

The spammer disguises himself as a...

Christopher Mendes | 30 Oct 2013 07:35:35 GMT

Diwali is just around the corner and many users will be doing their festive shopping online since online shopping is cool, fast and easy these days.

India has come of age when it comes to online shopping. Many Indians are turning towards this easier mode of purchase, which is less time consuming and comes with better bargains. But online shopping is also turning out to be an easy hunting ground for opportunistic cybercriminals. Scammers and fraudsters are once again doing the rounds with "out-of-the-world offers and speedy deliveries" to users’ doorsteps.

In the sample case discussed in this blog, third-party mailers and recently registered spammy domains are being used for nefarious Web activities. The samples discussed below illustrate how the spammers have conducted a thorough study of India’s online shopping environment, and customized their campaigns accordingly.

Subject: This Diwali Gift  B[REMOVED] – A...