Video Screencast Help

Security Response

Showing posts tagged with Symantec Protection Suites (SPS)
Showing posts in English
Anand Muralidharan | 29 Aug 2012 16:10:25 GMT

Since mid-August, Symantec have been observing spam samples containing links with file extensions in the URLs. If these links are clicked they do not open any files, instead they redirect the user to an online pharmacy website.  The following file extensions are used in the URLs:

  • .asp
  • .doc
  • .htm
  • .html
  • .mp3
  • .mpeg
  • .pdf
  • .php
  • .txt

The following URLs were seen in spam samples examined by Symantec:            

  • http:// [REMOVED].be/HOOK2_txt
  • http:// [REMOVED].com.br/897110_doc
  • http:// [REMOVED].com/677115_php
  • http:// [REMOVED].com/686112_asp
  • http:// [REMOVED].ru/706060_mp3
  • http:// [REMOVED].ru/HOOK2_htm
  • http:// [REMOVED].ru/vern_html
  • http://[REMOVED].org/521862_pdf
  • http:// [REMOVED].com/139097_mpeg

Spam email examples:

...

Mathew Maniyara | 10 Aug 2012 18:50:42 GMT

Celebrities are frequently featured in phishing sites. Now, phishers have taken an interest in targeting French users by using teenage celebrities as bait. Some of the celebrities recently used as bait were the singers Jojo, Justin Bieber, and Zac Efron. The phishing sites were hosted on free Web hosting sites.

In the first example, the phishing site spoofed the login page of an email service of a popular information services brand. The phishing page contained an image of Jojo and the contents of the page were altered to promote the singer. The legitimate brand does not promote any celebrities, but phishers modified the contents of the page to entice users. Phishers believe that by using popular celebrities they can gain a larger audience, which increases their chances of harvesting user credentials. After the login credentials have been entered, users are redirected to the legitimate website.

...

Mathew Maniyara | 10 Aug 2012 16:56:45 GMT

Co-Author: Avdhoot Patil

Lucky draw prizes are commonly used as bait in phishing schemes. The fake lottery prizes observed last Christmas and the charity lottery are examples. In July 2012, phishers offered a smart phone as a lucky draw prize. The phishing site spoofed a telecommunications company based in France and was hosted on servers based in Fulshear, USA.

The phishing site was in French and the title translates to “Congratulations”. A message on the phishing site stated that a lucky draw takes place every day and that the user won the draw for the current day. In this case, the lucky draw prize mentioned was a smart phone. To attain the prize, the user was required to enter personal information, including their:

  • User name
  • Surname...
Mathew Maniyara | 03 Aug 2012 17:36:42 GMT

Co-Author: Avdhoot Patil

Phishers continue to target Indonesian celebrities with adult scams. Phishing attacks on rock star Ahmad Dhani have already been seen. In July 2012, Symantec observed a phishing site that claimed to have an adult video of Indonesian actress and singer Aura Kasih. The phishing site spoofed a social networking brand and was hosted on a free Web hosting site.

The adult scam came in light of a recent scandal surrounding the singer. An adult video, allegedly of Aura Kasih and pop star Nazril Irham, has been circulating recently in Indonesia over the internet and mobile phones. It is rumored that the video started appearing after Nazril Irham’s laptop was stolen.

Phishers created the phishing site with an image of a video link of Aura Kasih. A message in Indonesian on the image prompted users to login to view the video. The message also...

Mathew Maniyara | 25 Jul 2012 21:25:45 GMT

Co-author: Avdhoot Patil

Phishing sites using celebrities as bait are on a rampage. In July 2012, Honey Singh, also known as Yo Yo Honey Singh, a popular Indian rapper, singer, music producer, and actor was featured on phishing sites. Symantec observed several phishing sites that spoofed a social networking brand that claimed to have an application for Honey Singh. The phishing sites were hosted by a free web hosting service.

The phishing sites promoted Honey Singh’s 2011 album, International Villager. A poster of the album's artwork was displayed on the left side of the phishing page and the login form was displayed on the right side. The phishing sites claimed to have an application that enabled users to listen to the Punjabi star's latest songs and videos. As with most applications on social networking sites, the application made a request to the user before allowing access. After a user's login credentials were entered into the phishing...

Pavlo Prodanchuk | 23 Jul 2012 16:03:01 GMT

Recently, Symantec has observed an increase in .eu domains contained within pharmacy and dating spam messages. The spam emails observed so far are predominantly in the German language. The specific patterns and characteristics demonstrate that the attacks employ a "hit-and-run" technique.

In "hit-and-run" attacks, spammers quickly rotate through the IP addresses and domains that are being used. Unlike 80% of spam attacks, these messages are not sent from botnets of compromised computers, but from mail server IP addresses with a previously unknown reputation.

Recent data obtained from the Symantec Global Intelligence network shows that the number of spam emails that contain .eu domains increased slightly in the first and third week of June. Furthermore, the number of spam emails containing .eu domains written in the German language increased considerably in the last week of June.
 

...

Ben Nahorney | 20 Jul 2012 19:31:45 GMT

Contributor: Andrew Watson

A coordinated effort lead by security researchers at FireEye and Spamhaus has resulted in the takedown of one of the largest spam botnets in the threat landscape. The botnet, known as Grum, was reportedly responsible for close to a third of the world’s spam email traffic.

We’ve been watching the developments carefully here at Symantec and have noticed a decided drop in spam traffic coming from the Grum botnet. Around 5:00 p.m. on July 17, the botnet sent a batch of around 40,000 spam emails. The next hour that number dropped to around 30,000. The next hour 16,000, followed by 11,000. The numbers continued to decline to the point where, yesterday afternoon, the botnet sent only a handful of spam messages.

...

Samir_Patil | 26 Jun 2012 23:04:58 GMT

Last week I was jolted with a mail that says:
 


 

My first reaction was: "Did I ever interview or converse with any such person? Then why am I receiving this email?". I immediately began analyzing the email and found that it is nothing but a variant of a Hitman spam which tries to threaten the user after initiating a conversation and then extorts money in the bargain.

The discussed spam mail is a reply to an email thread which was never received or replied to before. (Although the spam message says that the recipient was part of the email communication sent a few months back.) The email comes with an attachment containing the candidate’s resume. Suprisingly, the attachment has no...

Samir_Patil | 05 Jun 2012 06:46:13 GMT

Contributor: Anand Muralidharan

The 14th edition of the UEFA European Championship is set to begin from June 8th and will be hosted in Poland and Ukraine. Symantec has intercepted a 419 spam attack targeting EURO 2012. Below is a screenshot of the spam mail.

The scam message is attached as a PDF file called UEFA.pdf. This is a typical 419 scam message that says that the reader has won a EURO 2012 Cup promotion lottery. In the rest of the message, the spammers explain in detail how the recipient’s email address reached them and how it was selected as a winner out of huge number of other participants.

Finally, the recipient is asked to send the winning identification numbers by filling in the UEFA EURO 2012 online documentation form, which asks for personal details such as name, address, age, occupation, and phone number. One interesting line in the message says that the...

Mathew Maniyara | 31 May 2012 22:32:49 GMT

Co-Author: Avdhoot Patil

Lottery scams are not new to the world of phishing, so phishers are always seeking new fake lottery strategies. Phishers gained interest in schemes that involved donating to charity using lottery prizes. They utilized the idea in a phishing site which claimed that a popular bank was organizing a lottery for its customers and that a portion of the prize money would be donated to charity. Phishers believed that customers would be duped by the twin advantages: winning prizes and donating to charity. The phishing site was hosted on servers based in Iowa Park, USA.

A link to login was provided on the phishing site urging customers to enter their credentials. The link lead the customers to a phishing page that prompted the customer for their name, ticket number, and email address:
 

...