Video Screencast Help

Security Response

Showing posts tagged with Messaging Gateway
Showing posts in English
Binny Kuriakose | 16 Apr 2014 16:51:58 GMT

Contributor: Azam Raza

Easter, like all other celebrations is meant to be a day of jubilation, which of course means gifts, shopping, and spreading cheer. However, cheer is not the only thing that is being spread this holiday. Spammers have also started spreading their handiwork. With just a few days left before Easter, the volume of spam is on the rise.

Each year Symantec observes certain categories of spam using Easter as a theme and this year is no different. Let’s take a look at some of the different types of spam Symantec sees year-over-year, as well as some samples from this year.

Replica goods spam
With gifts being at the core of many major celebrations, product spam (replica goods spam in particular) is the spam category Symantec observes the most. In this spam, items such as fake watches and jewelry are promoted using catchy subject lines and product images. Email header examples include:

From: "WorldOfWatches"...

Eric Park | 16 Apr 2014 12:58:18 GMT

A variation on the 419 email scam is being used by fraudsters to take advantage of couples desperate to adopt a child. Once they are carefully lured into a fake adoption process, the victims are then asked for money to cover legal and administrative fees.

While most recent 419 scams rely more on the naivety of victims than any ingenuity on the part of the spammer, some fraudsters are beginning to make more of an effort to directly communicate with the victim to secure their confidence. Their scams are well researched, convincingly presented and may borrow stories from real life to make their stories more authentic and better able to withstand a little scrutiny.

While fake adoption scams have been seen from time to time before, in this instance Symantec observed real life...

Avdhoot Patil | 11 Apr 2014 11:11:40 GMT

Politicians are frequently featured on phishing sites and in light of the ongoing general election in India, phishers are starting to target Indian users by using a local politician and his party as bait. 

Symantec recently observed a phishing site which spoofs Facebook’s appearance and includes Arvind Kejariwal, the former chief minister of New Delhi and leader of the Aam Aadmi Party. The phishing site was hosted on servers based in Lansing, Michigan in the US. 

figure1_facebookspam.png
Figure 1. A fake Facebook “like” button and a picture of Arvind Kejariwal on the phishing site

As seen in the previous image, the phishing site, titled “Unite With Us Against Corruption”, uses a poster of the Aam Aadmi Party along with a fake Facebook “like” button. The site’s background image is a picture of the party’s leader Arvind Kejariwal...

Avdhoot Patil | 07 Apr 2014 07:25:58 GMT

Contributor: Parag Sawant

Phishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.

The phishing page, hosted on a free web hosting site, targets Facebook users and contains a fake voting campaign, “WHO IS GREAT BOYS OR GIRLS?” along with the “VOTE” button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application.

figure1_1.jpg
Figure 1. The Facebook application asks users to register their votes

The first phishing page contains a button to initiate the...

Eric Park | 18 Feb 2014 18:34:22 GMT

In this blog detailing how spammers continue to change their messages in order to increase their success rate, we looked at the evolution of the same spam campaign from missed voicemail messages to spoofing various retailers, and then spoofing utility statements. Clicking on the link led the users to a download for a .zip file containing Trojan.Fakeavlock. Attackers may have realized that those attack vectors no longer entice recipients, so spammers have introduced two new schemes for this campaign that appear to be random and unrelated at first, but they do share a common goal.

The first scheme spoofs various courts around the country:

...

Eric Park | 11 Feb 2014 17:55:34 GMT

One of the most popular methods of spamming is snowshoe spam, also known as hit and run spam. This involves spam that comes from many IP addresses and many domains, in order to minimize the effect of antispam filtering. The spammer typically sends a burst of such spam and moves to new IP addresses with new domains. Previously used domains and IP addresses are rarely used again, if ever.

Some spammers like to use a similar pattern across their spam campaigns. This blog discusses a particular snowshoe spam operation that I have labeled “From-Name snowshoe”. While there are other features in the message that allow the campaigns to be grouped into the same bucket, the messages’ most distinct feature is that all of the email addresses that appear in the “from” line use real names as their usernames. 

  • From: [REMOVED] <Leila.Day@[REMOVED]>
  • From: [REMOVED] <CharlotteTate@[REMOVED]>
  • From: [REMOVED] <Diana.Pope@[REMOVED]>
  • ...
Satnam Narang | 04 Feb 2014 03:00:30 GMT

Scammers are taking advantage of recent Super Bowl social buzz in a scheme that targets entrants of an Esurance contest. The company premiered a commercial following Super Bowl, where they offered US$1.5 million to one lucky Twitter user who used the hashtag #EsuranceSave30. Following this, Symantec Security Response has observed a number of fake Esurance Twitter accounts being created to leverage the attention generated by this contest.

Many of these Twitter accounts used variations of Esurance’s brand name and logo to convince users they are affiliated with the company. These accounts include the following Twitter handles:

  • EsuranceWinBig
  • EsuranceGW
  • Essurance
  • Esurrance
  • Esurnace
  • Esuranc

There are also other accounts that use logos and imagery making them look like they belong to Esurance, but their names have nothing...

Binny Kuriakose | 30 Jan 2014 09:39:42 GMT
China is gearing up to usher in the Year of the Horse, which begins with the new moon on January 31 this year. With more than a billion people worldwide preparing to celebrate the new year for the lunar calendar, the celebration this year promises more color than ever before.
 
Chinese New Year, also known as the spring festival, is a day for reunion and thanksgiving, where exchanging gifts is at the heart of the celebration. Friends, family, colleagues and even businesses exchange gifts to show love, respect and loyalty. Business owners often send gifts to their customers and shops offer gifts and discounts to show their gratitude. However, spammers are all too aware of this practice.
 
The spammers and fraudsters are known to capitalize on special occasions and exploit the noble gesture of giving gifts in order to send out spam. They are known to pose as friends and business owners and send emails promising gifts and...
Eric Park | 15 Jan 2014 09:29:01 GMT
After a long hiatus, spammers are once again using an old trick, where they attach a .zip file to trick the user into executing the compressed malware. The chart below shows the number of spam messages with .zip attachments over the last 90 days in Symantec’s Global Intelligence Network (GIN).
 
figure1_6.png
Figure 1. Spam messages with .zip attachments over the last 90 days
 
On January 7, 99.81 percent of the .zip attachment spam that came into Symantec’s GIN had the file name “BankDocs-”  followed by 10 hexadecimal characters.
 
figure2_7.png
Figure 2. Email with “BankDocs-” .zip attachment
 
On January 8, 99.34 percent of the .zip...
Christopher Mendes | 15 Jan 2014 07:35:27 GMT

It’s not surprising to see scammers exploiting the laxity of Internet users.

Symantec has observed another malware wave over the past few days following the holiday season. Many users check their utility and other official emails post-vacation to see if they missed out important messages. This is where spammers take a chance and hope that users will click on malicious links in their emails.

In this latest wave of attacks, spammers are taking advantage of users’ desire to open and respond to urgent emails right away. When this happens, the malware infects users’ computers and extracts confidential data.

Last week, I too, received some of these scam emails posing as delivery failure notifications from well-known stores with an online presence, stating that I missed the delivery of a couple of parcels while I was away on vacation.

At first, I wondered how this was possible since I hadn’t placed any orders, and wondered if they might be surprise gifts....