The Diwali “Festival of Lights” happens in October and is celebrated across India. During this time a large portion of the Indian population will be out shopping and looking for holiday deals. We have started noticing spam messages that offer discounts related to Diwali. Interestingly, spammers are sending the same Internet offers, but in the form of Diwali discounts.
For example, in the spam message selling a database CD of contacts (names, email addresses, ages, phone numbers), “Diwali” is inserted to make it enticing for recipients. As shown in the below sample message, recipients are offered a database CD of 57,000 Indian companies (SMEs).
We also monitored unsolicited offers that we think may ultimately lead to a compilation of opted-out email addresses for the spammers. Most of these spam messages draw email users with cash...
Yes folks, the Bredolab crew is at it once again. Today we saw a moderate wave of spam email, numbering a few thousand per hour. Not to be drawn to the depth of exploiting the death of Patrick Swayze to deliver their malware, the Bredolab gang is still adapting old reliable—spam email messages with promises of undelivered parcels and cash for collection. Depending on whether the delivery is for cash or for a parcel you will get a slightly different message, although the attachment names are much the same as one another, following a distinct pattern.
For parcel deliveries you might see something like the following example:
Subject:
= ?koi8-r?B?REhMIERlbGl2ZXJ5IHByb2JsZW0guT[UP TO 6 RANDOM CHARACTERS]?=
Body:
Dear customer!
Unfortunately we were not able to deliver the postal package sent on the 24th of June in time
because the recipients address is inexact.
Please...
The IRS settlement offers for U.S. taxpayers holding accounts in foreign banks end on September 23, 2009. Using these offers, one can fully disclose and pay their back taxes, interest, and penalties. In return, the IRS will go back and scrutinize only a limited number of tax years, along with lower penalties and no criminal prosecution. Legitimate FAQs on the settlement offered by the IRS can be found here, with additional information found here.
Spammers are using this deadline to expand their network, using malicious attacks and sending fake IRS email notifications to recipients. These emails do not mention the deadline, but they explicitly describe the issue as “Unreported/Underreported income.” Users might possibly panic over the subject line “Notice of Underreported income,” and download the executable “tax-...
Overall spam volumes averaged at 87 percent of all email messages in August 2009, which is a decrease of 2 percent since July 2009. Health spam, which decreased by 17 percent in July, also decreased again in August and averaged at 6.73 percent. It is interesting to note that over 29 percent of spam is now Internet-related spam. Internet-related spam attacks are those that specifically offer or advertise Internet- or computer-related goods and services. Examples include attacks promoting Web hosting, Web design, and spamware-related products and services.
Holiday spam campaigns have also begun taking advantage of Halloween and Christmas. This follows closely after Labor Day-related spam in a nod to what some economists predict will be a very difficult holiday season for legitimate retailers.
In an attempt to conceal spam messages from anti-spam filters, spammers employ various tactics of ill intent. And for that purpose, spammers use obfuscation and/or spoofing techniques, the misuse of brand names, and many other tactics that make it difficult for content filtering to identify the spam message.
Recently, Symantec observed a spam attack in which homograph spoofing was used so that the spoofed domain name partially or completely resembles the reputable brand domain name. However, before discussing this trend we will first introduce you to terms that may be unfamiliar, such as IDN, Punycode, and homograph spoofing.
IDN
An internationalized domain name (IDN) is a domain name that contains one or more non-ASCII characters. Such domain names could contain characters from non-Latin scripts such as Arabic, Chinese, or Devnagari.
Example:
The domain “ёxample.com” uses “ё”, which is a...
