Video Screencast Help
Security Response
Showing posts tagged with Symantec Protection Suites (SPS)
Showing posts in English
Pavlo Prodanchuk | 25 Jul 2013 08:28:48 GMT

Last month Symantec posted few blogs (here and here) on an increase in spam messages with .pw URLs.

Since then the volume of URLs with .pw domains has considerably decreased. At the beginning of May the peak volume .pw domains accounted for about 50 percent of all spam URLs. Currently, .pw domains account for less than 2 percent for the last seven days.

Figure1_6.png

Figure 1. .pw TLD appearance in spam messages

The decrease in .pw domains is the result of a close collaboration between Symantec and Directi in reporting and taking down the .pw domains associated with spam.

The latest evidence from the Global Intelligence Network shows that even with such a small presence of...

Pavlo Prodanchuk | 23 Jul 2013 12:41:01 GMT

For the last few months, Symantec has been observing pharmacy related spam attacks where spammers are using the legitimate Google Translate service to avoid anti spam filters. 

Most of the samples received were sent from hijacked email addresses from popular free mail services. 
The majority of the messages’ subject lines were promoting either online pharmacies or well-known  tablets such as Viagra, Cialis and others. Furthermore, in an effort to make the spam immune to filters, several observed subject lines contained randomized non-English characters or words inserted at the beginning or end of the subject line. 

Figure1_4.png

Figure 1. Sample subject lines

The body of the spam message contains a Google Translate link as well as promotional text explaining the advantages...

Mathew Maniyara | 16 Jul 2013 21:24:37 GMT

Improving effectiveness of phishing bait is always at the top of any phishers’ agenda. They prefer to use bait that reflects enticing subjects in order to catch the attention of as many users as possible. Recently, we have seen phishers moving one step ahead. In addition to having eye-catching bait, they are compelling users to spread the word. In today’s example, phishers used free cell phone airtime as the phishing bait.

The phishing site requested Indian Facebook users to verify their account by entering their login credentials in order to get the fake offer of free cell phone airtime. But phishers, not content with just duping one user and eager to target even more, start off by saying the offer is only valid after posting this same offer on the profile pages of a number of friends. Phishers devised this strategy because obviously receiving messages from friends is more convincing than from unknown sources. The method phishers are using in effect enlists...

Anand Muralidharan | 05 Jul 2013 18:55:54 GMT

The 127th edition of the Wimbledon Championships, and third Grand Slam event of the year, are coming to an end with the final being played July 7. When it comes to major sporting events we can expect large amount of gambling, and spammers take advantage by sending online betting and casino email spam. We have observed the following spam campaign targeting the Wimbledon Championship with a fake betting offer.
 

image1_3.jpeg

Figure. Wimbledon Championship spam
 

Interestingly, in order to trick users the spammers are actually using Antispam Laws to make their spam look legitimate (which we recently blogged about in...

Anand Muralidharan | 02 Jul 2013 22:22:34 GMT

Independence Day in the United States is a federal holiday, commonly known as the 4th of July. It is traditionally celebrated with various political speeches, ceremonies, fireworks, and parades. Spammers are exploiting the holiday by sending numerous spam messages related to Independence Day events. Many of the spam samples observed are encouraging users to take advantage of clearance sales on cars, as well as other product offers.
 

Spammers Independence 1.jpeg

Figure 1. Financial spam targeting U.S Independence Day
 

This spam email tries to lure users by stating that the 4th of July event is already seeing a record demand in 2013 vehicles. By clicking the link provided in the email, the user is redirected to the Web page and asked to select the type of car model for a...

Ashish Diwakar | 27 Jun 2013 15:55:35 GMT

Contributor: Avdhoot Patil

As usual, phishers continue to focus on social networking as a platform for their phishing activities. Fake social networking applications on phishing sites are not uncommon. Phishers continue to come up with new fake applications for the purpose of harvesting sensitive information.

In the past six months, phishing on social media sites consisted of 6.9 percent of all phishing activity. Among the phishing sites targeting social media, 0.9 percent consisted of fake applications offering features such as adult videos, video chatting, adult chatting, free mobile recharge etc.

In May 2013, phishers implemented a fake security application on a phishing site that claimed to secure Facebook Fan Pages and thereby increase the “social security” of the user profile. A Facebook Fan Page is important, as it is a public profile on Facebook that can be used by celebrities, companies, and also by  regular Facebook users who...

Mathew Maniyara | 25 Jun 2013 15:57:38 GMT

Contributor: Avdhoot Patil

Digital currency, a form of electronic money, is a relatively new concept to the world. Many of these currencies have arisen during the past decade and digital currency in general has always been a subject of controversy. In recent years, the world witnessed the suspension of some digital currencies due to legal issues such as money laundering. However, phishers are not concerned about the controversies; instead they are busy seeking opportunities to steal digital currency or money in any form whatsoever. In May 2013, we found a phishing site that spoofed a popular digital currency company.

The phishing site alerted users of an account security update. According to the notice, the company wanted to ensure the integrity of their transaction system by reviewing user accounts. Users were notified that their accounts might be restricted due to multiple failed login attempts. The alert message instructed users to enter their confidential...

Anand Muralidharan | 13 Jun 2013 18:43:50 GMT

The International Cricket Council (ICC) Champions Trophy 2013 is currently being held in England and Wales. The group matches are already in progress and the grand finale will be held on June 23. In the past, Symantec observed various spam emails targeting the ICC World T20 and the Cricket World Cup. As expected, we have seen ICC Champions Trophy 2013 scam emails flowing into the Symantec Probe Network.

Nigerian scammers have reached out through text based emails, .doc files, and PDF files. Here, the scam message is attached as a .doc file called ICC UPDATE.doc. The email says that the reader has won a brand new Camry Solara worth 85,000 Euro. This is typical of 419 scams. The scam email explains that the winning email address was obtained in a raffle and was sent to the final drawing conducted at...

Ashish Diwakar | 11 Jun 2013 04:44:49 GMT

Contributor: Avdhoot Patil

It seems that targeting football clubs, football celebrities, and football events has become a habit for phishers. They continue their uncivilized activities and in particular single out football. Now, phishers have set their eyes on the Real Madrid Football Club based in Madrid, Spain. Real Madrid is one of the world’s richest football clubs and has a large fan base.

Real Madrid fake login.png

Figure. Fake Facebook phishing page featuring Real Madrid and Cristiano Ronaldo.

 As we can see in the figure, the phishing page asks users to enter Facebook login...

Anand Muralidharan | 10 Jun 2013 20:59:45 GMT

Contributor: Vivek Krishnamurthi

The International Dance Competition “Dance Grand Prix Europe” is set to begin June 12 and will be hosted in Spain. The purpose of the competition is to showcase all the top dancers from various dance schools and this major event attracts choreographic talent from around the world. Spammers also don’t want to miss this event and the opportunity to circulate a scam.
 

image1_0.jpeg

Figure 1. Dance Grand Prix Europe 2013 spam
 

To grab the reader’s attention, the spam email reveals some appealing facts about the event along with "only a little fee" required but no additional charges for participation in the event. Clicking the URL will automatically redirect the user to a website...