Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Samir_Patil | 05 Jul 2011 12:29:52 GMT

He was seen several years ago. Now, he is back with the name “Don Gunshot”!

Luring people with promises of huge sums of money in return for bogus favors is the classic method adopted by the Nigerian/419 type of spammers. It is one of the oldest forms of spamming; very rudimentary, yet creatively lethal. This revisited scam tactic uses coercion to force people to pay up or else they will (apparently) face dire consequences. From a lighter point of view, however, it is a bit more humorous than scary.


 
The above email is indeed a perfect example of a scammer trying to blackmail someone they don’t know from Adam. The spammer does not know you, but he pretends to have received blood money to kill you. He blackmails you with threats of dire consequences if you even try to whisper the secrets explained in the mail. Forget the police, and if you dare to try and tell...

Suyog Sainkar | 30 Jun 2011 17:31:45 GMT

As most all of us will know, the United States’ Independence Day is on the fourth of July, which is only a few days away. Independence Day is commonly associated with fireworks, parades, barbecues, fairs, ceremonies, get togethers, and various other public and private events celebrating the national holiday. Many people also utilize this time for vacation trips, especially if it’s a long July 4th weekend. However, not everyone goes out of town or participates in special events. Some people actually take advantage of the nice holiday weekend to stay at home and catch up on other activities, which may include shopping. Since sales levels are usually lower during holiday weekends, stores and online shopping sites offer lots of exciting deals. In any case, today’s technology makes it possible to shop online from anywhere—even while on a beach vacation, say!

The spammers, as always, have exploited this likelihood and are distributing spam messages...

Sammy Chu | 29 Jun 2011 20:36:34 GMT

With our globalized economy, non-English email between international organizations has become the norm for business communication. However, at the same time, non-English spam is also becoming more and more of a problem for national and international enterprises.

For the past several months, Symantec has noticed an increase for Chinese language spam, as shown in the graphic below:


 
What’s interesting about this increase is the resurfacing of a body-obfuscation technique that is being used by Chinese spammers—the technique is called “invisible text.” What is “invisible text,” exactly? Invisible text is the body text that’s the same color as the background; therefore, it is invisible to the human eye.

Below are some samples that Symantec has observed. The first sample is a typical Chinese seminar (training course) promotion spam...

Samir_Patil | 29 Jun 2011 20:03:55 GMT

Yes, of course! This is what the email is all about! Or, is it?

The 2011 Wimbledon Championship has begun in full gusto and like any other major sporting event, we have been observing spam flowing in the wild that targets Wimbledon 2011. Spammers are exploiting the event by sending online betting, casino, and even online pharmacy spam through email.
The Italian spam sample given below mimics a legitimate betting website (the name of the betting site is deliberately omitted). The email headers are spoofed in an effort to bolster the legitimacy of the email; but the Sender domain has been registered only recently and shows hit-and-run spam characteristics. The spammer says, “Bet risk free! Even if you lose the bet, 20 Euros will be reimbursed.”

The spam sample given below explains the steps that users would supposedly need to take to acquire the “bonus”:

1. Sign up and make a deposit into your account.
2. Place your first...

Samir_Patil | 29 Jun 2011 19:17:08 GMT

Exploiting the popularity of social networks for the purposes of distributing spam, malware, and phishing attacks is quite a common technique these days. Spam attacks via social networks grew dramatically between April and June 2011. Over this period, we monitored and analyzed social network spam attacks that used three popular social networking sites—Facebook, Twitter, and YouTube.

The Trend

The graph below demonstrates the volume spikes for social network spam from April 1 to June 15:

One of the obvious patterns seen in the graph above is the rise in the number of attacks on one social networking site, then an abrupt fall, and then a shift to the next social site, as if following a cyclical pattern. We observed a sudden surge in the number of attacks on Facebook, then a peak, and then a drastic decline. While the attacks on Facebook declined, we...

Samir_Patil | 17 Jun 2011 11:41:34 GMT

This year, Father’s Day will be celebrated on June 19th. Of course, this is an occasion that is used to express feelings towards dads for all of their love and support, often accompanied by the giving of exclusive gifts. Sadly, spammers don’t forget to send out their fake offers to target this special day. Symantec is observing an increase in spam volume related to this event, which is shown in the graph below.

Father’s Day spam can be categorized into hit-and-run spam promoting fake products, e-cards, dating, and gift card spam. Various product promotions are seen to contain products such as cigars, replica watches, wallets, and computer accessories. Once a user clicks on a fake offer, they are directed to a webpage where they are asked to divulge confidential information such as a credit card number, CVV, email address, etc. Below are some examples of this type of...

Mathew Maniyara | 07 Jun 2011 11:49:49 GMT

A couple of months ago, Japan was hit by an earthquake of magnitude 9.0. The earthquake and tsunamis that followed caused severe calamity to the country. Phishers soon responded with their fake donation campaign in the hopes of luring end users. Unfortunately, it seems that the phishers are continuing to use these fake donations as bait in a recent phishing attack we observed.

In a fake donation campaign, phishers spoof the websites of charitable organizations and banks and use those fake sites as bait. This time, they spoofed the German page of a popular payment gateway site with a bogus site that asked for user login credentials. The contents of the page (in German) translated to “Japan needs your help. Support the relief efforts for the earthquake victims. Please donate now.” The message was provided along with a map of Japan that highlighted two cities from the affected region....

Amanda Grady | 02 Jun 2011 17:29:02 GMT

I received reports this week of emails that reference transactions of which the recipients have no knowledge. The  email includes a link for more detail, which then attempts to download a ZIP attachment. Nothing new here; most savvy users would know better than to open an attachment in an unsolicited email.

The interesting thing about this email, however, is that it includes a password previously used by the recipient. Seeing private data in an email like this would definitely raise suspicions that the sender has some kind of connection to the recipient, or worse, has comprised their account details. The ultimate goal for the sender is that the user’s curiosity would be piqued sufficiently to open the attachment which would, of course, deliver the inevitable malware payload.

Symantec detects the file as Trojan.Zbot, also called Zeus, which is a Trojan horse that...

Suyog Sainkar | 02 Jun 2011 17:17:21 GMT

Spam messages promoting pharmaceutical products have been perhaps the most commonly seen spam attacks over the past several years. Pharmaceutical products are deceptively marketed through spam emails employing a variety of obfuscation techniques. Symantec recently observed a pharmaceutical spam campaign abusing the YouTube brand. Similar spam campaigns abusing popular brands have been seen in the past, however, the email volume observed in this particular spam attack has been immense.

Sample From and Subject lines observed in this spam attack are below.

From: YouTube Service <service@youtube.com>

Subject: YouTube Administration sent you a message: Your video on the TOP of YouTube

Subject: YouTube Service sent you a message: Best Unrated Videos To Watch

Subject: YouTube Support sent you a message: Your video has been removed due to terms of use violation

...

Samir_Patil | 26 May 2011 15:21:56 GMT

There has been yet another spam attack on the widely followed game of cricket. Earlier this year, Symantec reported about a spam attack that targeted the Cricket World Cup. It is now time for the Indian Premier League (IPL). With the playoffs in progress and the grand finale just two matches away, it is not surprising to see spammers trying to make the best of it.

We have observed IPL scam, in the wild, promoting an IPL lottery. Were the IPL honchos promoting a sweepstake of this sort?  We did our research and the answer is no.  So, where did this offer come from?  We investigated further and found that it was from a compromised machine from the suburbs of Mumbai, India.

Below is the spam sample:

So what is this scam all about? Our analysis found out that it comes...