Video Screencast Help
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Dylan Morss | 18 Mar 2011 18:14:08 GMT

The earthquake and aftershocks which have struck New Zealand in the last few months are still being exploited by spammers and phishers in an attempt to feed upon the fears of Internet users. Symantec has recently observed continued phishing attacks against these users.

In this case, the phishers are asking users to check in with the bank and provide some additional information. The information will then most likely be used to access users’ banking accounts and personal information with the intent of stealing money and probably identities as well.

By the time Symantec went to analyze the data, this site had already been taken down. Although the volume of New Zealand specific attacks continues to dwindle as the events in Japan take center stage, we will continue to see such scams.

Internet users are advised to follow best practices to avoid phishing attacks:


Samir_Patil | 17 Mar 2011 17:11:32 GMT

Symantec observed a spike of malicious spam activity in the early morning of March 16. These spam samples use subject lines related to the recent natural disaster in Japan and political unrest in the middle east. This blog discusses the end-to-end analysis of the attack.

As shown in the samples below, the spam mail uses subject lines related to the nuclear disaster due to series of explosions at Japanese nuclear plants, earthquake and tsunami effects on the global economy, and unrest in middle east.

Below are some of the subjects used in the attack.

Subject: Japanese Stocks May Defy Earthquake, Gain as Global Demand Drives Exports - Bloomberg

Subject: Quake-prone California questions nuclear safety - Reuters

Subject: Yen slips as risk aversion flows subside - Reuters

Subject: Japan Adds to Global Economy Woes

Subject: Apple delays Ipad 2 launch in Japan - Inquirer

Subject: European hospitals may aid Japan


Samir_Patil | 17 Mar 2011 13:53:17 GMT

St. Patrick’s Day is a religious holiday celebrated internationally on March 17. Traditionally, this day is celebrated with festive parades and music in Ireland, Europe, and even New York City. Among the many popular traditions that surround St. Patrick’s Day, one cannot miss out on the food, drink, and merriment at local pubs.

Symantec is monitoring St. Patrick’s Day spam, which is, as usual, offering various bogus products. In one such sample, all that the recipient needs to do is to take part in a very simple survey. Upon completion of the survey, the user will receive a $250 gift card reward absolutely FREE! But wait a minute—think twice before you even try clicking that button. Although the offer is perfectly tailored for the occasion, the reward that awaits the tempted is disastrous.

Subject: Are You Celebrating St. Patty.s Day?

Subject: St. Patty's Day Clearance - Huge Discounts on New Cars.

Subject: You have (1)...

Mathew Maniyara | 16 Mar 2011 15:51:57 GMT

On March 11, 2011, Japan faced its worst nightmare when a massive earthquake struck with a magnitude of 9.0. Nations all over the world are giving their support through aid to Japan. On the other hand, phishers are trying to take advantage of this situation to steal and exploit well meaning donors.

Symantec observed a phishing site that spoofed a popular payment gateway requesting a donation for Japan’s earthquake victims. Phishers paid attention to every minute detail to make the page look like the legitimate brand’s Web site. On the top left corner of the page, phishers used the logo of the American Red Cross, a humanitarian organization, to make it appear that the donation would be sent to them! A donation summary was highlighted towards the left of the phishing page that displayed an amount of one euro. A hyperlink, “Donation for Japan earthquake victims”, was provided...

Eric Park | 16 Mar 2011 15:21:30 GMT

As predicted in last month’s report, average daily global spam volume increased month-over-month for the first time since August 2010. The average daily spam volume increased 8.7 percent in February. This rise in spam volume also increased the overall spam percentage, as spam made up 80.65 percent of all messages in February, compared with 79.55 percent in January.

On the phishing side, we take a look at phishing attempts using fake SSL. Fraudulent sites are becoming more sophisticated and are using fake, or even basic domain validated SSL certificates to fool visitors. An Extended Validation (EV) SSL certificate, which turns the address bar green and ensures a more rigorous validation process, is conducted to verify the website owner is who it says it is.

To find out more, click here to download the March 2011 State of Spam &...

Samir_Patil | 14 Mar 2011 12:33:14 GMT

Only a few days ago, Japan experienced one of the worst earthquakes in its history. The earthquake registered 8.9 on the Richter scale and triggered an enormous tsunami. The heart-wrenching images on television have left the world shaken. It was the worst earthquake and tsunami in the past century and at least 50 countries have since received related tsunami warnings.

As the death and injury tolls continue to rise, one must not forget those who awake to exploit such delicate situations—spammers continue to maintain the guise of charitable institutions and governmental organizations! Don’t be surprised to  suddenly see an email message in your inbox marked as URGENT and pleading with you for "monitory help" [sic] or a phishing mail urging you to donate to the rehabilitation of those affected by the quake and tsunami. Use prudence in finding out the genuine intent of email senders before you reach out or respond.

Within the first few hours of...

Eric Park | 03 Mar 2011 20:34:12 GMT

In this blog published in January, we followed-up on the spam volume saga as the Rustock botnet returned to action on January 10. At the time, it looked like the holidays were over for spammers. Did the prediction hold up?

Yes, as it turns out. Over the following six weeks, the global spam volume has remained more or less flat. Towards the end of February however, it is showing a bit of a decline.

A similar pattern can be seen for the global spam percentage:

Even though the spam volume has somewhat recovered, it is nowhere near what it was one year ago. This chart shows the global spam volume in the month of February in 2010 and 2011:

Suyog Sainkar | 03 Mar 2011 20:09:12 GMT

Spammers often use a variety of obfuscation methods in an attempt to bypass anti-spam filters. We did some follow up analysis on a recent dating spam attack in which the spammers made use of URLs in the message body with spaces inserted in between characters in the URL. Although this obfuscation technique has been much used in the past, it has not been as prevalent in recent times. This particular spam attack was active during the last week of January and lasted until the first week of February, 2011. Approximately 12,000 spam messages were observed in this attack.

The subject and message body in this spam attack were randomized in addition to the URL obfuscation.

Sample subject line variations observed in this attack are:

Subject: Svetlana Martyushova appeared in the chat

Subject: Tatyana Zhivkova - waiting on you

Subject: Kazak Avrora thinks...

Mathew Maniyara | 01 Mar 2011 14:13:39 GMT

On February 22, 2011, a massive 6.3 magnitude earthquake devastated the New Zealand city of Christchurch. As per the official reports, the death toll has reached 75—a number that may yet increase. Thousands of people in New Zealand have lost their homes and search operations are still in progress. Fraudsters, as usual, are taking advantage of this by sending spam mails that request donations. In January, phishers had used the same ploy of asking for fake donations for victims of the Serrana floods.


The phishing site spoofed the Red Cross website for New Zealand and requested help from end users. Firstly, the phishing site gave details of the earthquake, highlighting the extent of the damage in the city...

Samir_Patil | 23 Feb 2011 13:51:47 GMT

The Tunisian wave has captured the minds of people across the Middle East region. What is surprising to note is the creative use of the Internet in discussing such sensitive issues. The unrest in Tunisia has "tsunamied" into a mass movement straight at the heart of the Arab world. Egypt, with the ousting of President Hosni Mubarak, has become ground zero of this wave. But, as this movement gains momentum and spreads, there are many waiting to misuse this space—as demonstrated in the sample discussed below.

In this typical 419 scam message, the scammer masquerades as the erstwhile President Hosni Mubarak. A handsome proposal, considering the (bogus) bonanza of a 30% handling fee to be given to the one who cooperates in siphoning his booty out of Egypt. Further, because of the urgency of the situation, one is required to give "full contact information" as well...