Security Response

The five-time Grammy award winner Amy Winehouse was found dead in London on July 23rd. Symantec has already observed spammers who are trying to capitalize on related news headlines by sending out malicious threats less than a day after the news was released.

The two samples given below are examples that we have observed. These Portuguese-language attacks use similar spam techniques. All samples are sent from randomized individual email accounts with various subject lines related to the celebrity’s death in an attempt to lure interested readers to open a malicious URL. Immediately after the link is clicked, a pop-up window is shown, which asks users to download a file that is loosely disguised as an image or video file, for example (anything other than an executable).

The file is given a name that is related to the celebrity, and of course isn’t an image or video file, but a malicious binary. Symantec has detected the threats in these samples as...

In the past couple of days, Symantec has observed a spike of email attacks that are designed to distribute malicious threats. All of the observed samples are spoofed to appear as if they are legitimate delivery warnings or notifications from UPS or Post Express. The message text asks recipients to open the zipped executable file for further details or actions necessary to take delivery of the item.

Below are the sample headers observed in this spam attack:

From: "United Parcel Service" <info***3@ups.com>
From: "UPS� Customer Services"<***@secureserver.net>
From: "United Parcel Service" <***@dhl.com>
From: "Neil Molina" United Parcel Service  <[Details Removed]@ [Details Removed]>
From: "Kimberley Miner" United Parcel Service  <[Details Removed]@ [Details Removed]>...

Giving gifts for Chinese New Year is a traditional custom, not only for families but also for businesses to show their gratitude to customers. While everyone is ready to welcome the Year of the Rabbit, spammers have already provided many holiday surprises for them.

Chinese New Year is on February 3 this year, about half a month earlier than last couple of years. Spammers have also adjusted their attack schedule for the upcoming festival.

Product and business promotion spam have been observed since last December. Most attacks have customized the ‘From’ line alias and use promotional ‘Subject’ lines related to Chinese New Year.

The following two samples are medical product promotions with a customized ‘From’ line and have a subject line related to the occasion.

From:可输入多个<[Details Removed]>

Subject:过年了！给领导送什么哪？（AD)

Translation:

From: you may enter multiple choices...

When one thinks of Christmas, an aura of emotion arises. We are reminded of our family reunions, Christmas carols, that aroma of turkey being roasted, the cakes and pastries - don’t forget the Christmas gifts! But before we can wish you a merry Christmas we would like to caution you as you prepare your Christmas shopping list.

Please be careful, especially when you do your Christmas shopping online. Spammers are offering a plethora of fake offers, replicas, medication, and loans at unbelievably low interest rates, as is customary, during this season. Don’t get carried away by their cheap offers because no haute couture brand offers their products at such throw-away prices. We again would like to remind you not to get lured into giving your email credentials without first finding out that the Web site you are shopping on is legitimate and real.

We would like to highlight a few more tricks that spammers have pulled out of their hats this Christmas...