Recently we have had a resurgence of people complaining that their online email accounts have been compromised and are being used to send spam. The reports all say the same thing: a message has been sent to every recipient in the Webmail address book, but the user had nothing to do with sending it.
In these types of situations, it usually turns out that a user’s Webmail login credentials are stolen during a phishing attack. The attacker will then use the stolen credentials to change the user’s account settings in order to allow the Webmail account to automatically send out spam email. Also, the attacker will modify or add an email signature so that every future email sent by the user includes additional spam text that the user will be unaware of. In addition, auto-responding vacation notifications are often turned on so that an automatic reply—including spam—is sent to any new incoming email.
The added spam signature text usually contains an...
As discussed in the Symantec State of Spam Report for February, URLs with the “.cn” country code top level domain (ccTLD) have become a popular ingredient in spam messages. A top-level domain (TLD) is the part of a domain name that follows the final dot of any domain name. A ccTLD is a top-level domain generally reserved or used by a country or a dependent territory. According to the February report, URLs with .cn ccTLDs accounted for approximately 32% of all URLs seen during that period. However, we saw a noticeable decrease in this particular technique starting around the end of January with levels dropping down to 7%. On February 12, we once again observed a revival approaching similar levels as was seen in January—these levels are currently sitting around 29%. The URLs are applied to various kinds of spam attacks, but one of the more popular versions uses legitimate...
With the worsening economic situation, unemployment figures have risen worldwide. This has led millions of people to search for jobs, using whatever resources they can find. One of the most common is online job search sites. Email alerts from recruitment agencies are anxiously viewed for future job prospects and hopes dashed when rejection letters are received.
Malicious code writers are making use of this opportunity to distribute their malware. Symantec has recently observed emails with malicious attachments, informing the recipient of a job rejection and including an attached copy of their purported application. These emails pose as though they have been sent from a genuine recruitment agency.
The attached zip file “copy of your CV.zip” contains an executable file, detected as...
This is the third and probably final blog entry for me on Valentine’s Day spam as the minutes tick off before the holiday. Since my last post on February 3, we have continued to observe an increase in spam messages associated with this lovers’ holiday.
I narrowed my search to the month of February, so the data in this blog article only covers spam from February 1 until today. As a throwback to my first Valentine’s Day blog post, I thought I would pull up a recent list of Valentine’s Day spam subject lines. The top 20 Valentine’s Day-related subject lines for February:
St. Valentine's bomus Casino St. Valentine's Day St. Valentine's Casino Casino - St. Valentine's day St. Valentine's casino St. Valentine's games in Casino St. Valentine's Bonus Send Valentines Day...
While reviewing some Russian spam samples recently, I came across an amusing message. It extols the financial benefits of promotional email messages, also known as “spam” in layman’s terms. The spammer sells it in true snake oil peddler style, all the while quoting Lenin for a great mix of capitalism and communism! The message contains many of the telltale signs of recent Russian language-based spam attacks: short, text-based, and a phone number for a call to action.
As always, be wary of any email received from an unknown or untrusted source. Below is an example of this type of message (translated text follows after the original content):
Subject: Информация для вас
Если вы спросите, Что такое спам? То можно с уверенностью ответить, это доходный и стабильный бизнес. ...
The February State of Spam Report has just been published (available to download here) and while it was widely predicted and not unexpected, spam levels continue to rise post-McColo shutdown, accounting for over 79 percent of all email in recent days. The speed with which spammers have returned to business is not totally unexpected. Let's remember that as long as the profit motive exists for spammers, new spam campaigns will continue to emerge.
There have been a few changes on the “spamscape” since McColo was shut down in November 2008. The presence of active zombies around the world continues to shift and while the United States retains the “honor” of being the primary region of origin for spam, and has consistently been one of the largest sources of spam, new botnets in Latin America and Asia are increasingly...
As U.S. President Obama focuses on preparing an economic stimulus package, it is clear that spammers are also working on their own unique version of a “stimulus package.” Spam levels are continuing to rise post-McColo shutdown, accounting for over 79 percent of all email in recent days. As the economic situation continues to worsen across the globe (with the unemployment rate in the U.S. expected to have jumped to 7.5 percent in January from 7.2 percent the month prior) it is clear that spammers believe that some clouds have a silver lining. A number of economic stimulus-related spam emails have emerged in recent days.
One example claimed to be from the Internal Revenue Service (IRS) and encouraged the recipient to “Submit your Economic Stimulus Payment form.” This is a common spam tactic used by spammers to try and obtain personal information from a recipient who may be unfamiliar with such attacks. It should also be noted that as the April...
After I posted a blog entry last week (1/28/2009) on Valentine’s Day spam subject lines, I thought it would be interesting to take a closer look at specific words related to Valentine’s Day that have been appearing in spam subject lines recently to see if there were any trends. I had previously noted an increase in the appearance of a few Valentine’s Day related words; “cupid,” “Feb 14,” and “February 14,” and I wanted to expand the search a bit. I was hoping to try and redeem the reputation of Valentine’s Day spam since my previous post put the spammer’s intentions in a less romantic light than the holiday warrants. I decided to search for traditional Valentine phrases such as the following: chocolate, cupid, Feb 14, February 14, flowers, heart, jewelry, Valentine, and Valentine...
