Video Screencast Help
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Stephen Doherty | 23 Mar 2011 22:42:48 GMT

Recently at Symantec Security Response, we came across a seemingly innocuous program which was being hosted at a number of different URLs. What flagged the file as unusual was the fact many different customers were submitting the same file for analysis.

The basic behaviour of the program is to run you through a job suitability questionnaire before redirecting you to one of the following URLs:

hxxp://groupinc-upland.biz/registration/1
hxxp://artby-group.biz/registration/1
hxxp://artby-gorup.net/registration/1
hxxp://callisto-ltdco.net/registration/1
hxxp://kresko-group.biz/registration/1
hxxp://kresko-group.net/registration/1
hxxp://targetmarket-groupllc.net /registration/1
hxxp://neoline-llc.net/registration/1
hxxp://neoline-groupco.cc/registration/1

You cannot simply browse to these pages without first downloading and completing the suitability test.

...

Eric Park | 21 Mar 2011 17:39:49 GMT

When Brian Krebs posted a report about Rustock botnet takedown, Symantec observed a decline in overall spam traffic. Symantec.cloud posted a blog about this, and the Wall Street Journal is now reporting that Microsoft led this takedown.

On March 16, Symantec saw global spam drop 24.7% compared to March 15. On March 17, global spam volume dropped another 11.9% compared to March 16. Compared to a week prior, the volume on March 17 was down 40.4%.

As we typically see with a drop in global spam volume, the overall spam percentage saw a similar decline when spam volume...

Mathew Maniyara | 18 Mar 2011 20:13:20 GMT

Recently, phishers have used several types of bait on phishing sites where they impersonated universities, asked for fake donations, targeted celebrities, etc. Now, they are trying their luck on end users who play the lottery with a brand based in the UK. The bait used in the phishing site was a lottery prize of 1356 pounds. The phishing site prompted users to enter their confidential information to have the lottery prize credited to their debit card account.

Lottery is a game where there may be only one winner among participants. But what are the odds for a phisher to harvest the confidential information of lottery winners?

The bigger the lottery prize, fewer are the number of winners. Hence, the motive of phishers was to target a large number of users because they perceive that by duping more users, they would increase their chances of phishing confidential information. Financial gain is a common motive for phishers but this time they were seeking a larger sum from...

Dylan Morss | 18 Mar 2011 18:14:08 GMT

The earthquake and aftershocks which have struck New Zealand in the last few months are still being exploited by spammers and phishers in an attempt to feed upon the fears of Internet users. Symantec has recently observed continued phishing attacks against these users.

In this case, the phishers are asking users to check in with the bank and provide some additional information. The information will then most likely be used to access users’ banking accounts and personal information with the intent of stealing money and probably identities as well.

By the time Symantec went to analyze the data, this site had already been taken down. Although the volume of New Zealand specific attacks continues to dwindle as the events in Japan take center stage, we will continue to see such scams.

Internet users are advised to follow best practices to avoid phishing attacks:

•...

Samir_Patil | 17 Mar 2011 17:11:32 GMT

Symantec observed a spike of malicious spam activity in the early morning of March 16. These spam samples use subject lines related to the recent natural disaster in Japan and political unrest in the middle east. This blog discusses the end-to-end analysis of the attack.

As shown in the samples below, the spam mail uses subject lines related to the nuclear disaster due to series of explosions at Japanese nuclear plants, earthquake and tsunami effects on the global economy, and unrest in middle east.

Below are some of the subjects used in the attack.

Subject: Japanese Stocks May Defy Earthquake, Gain as Global Demand Drives Exports - Bloomberg

Subject: Quake-prone California questions nuclear safety - Reuters

Subject: Yen slips as risk aversion flows subside - Reuters

Subject: Japan Adds to Global Economy Woes

Subject: Apple delays Ipad 2 launch in Japan - Inquirer

Subject: European hospitals may aid Japan

Subject:...

Samir_Patil | 17 Mar 2011 13:53:17 GMT

St. Patrick’s Day is a religious holiday celebrated internationally on March 17. Traditionally, this day is celebrated with festive parades and music in Ireland, Europe, and even New York City. Among the many popular traditions that surround St. Patrick’s Day, one cannot miss out on the food, drink, and merriment at local pubs.

Symantec is monitoring St. Patrick’s Day spam, which is, as usual, offering various bogus products. In one such sample, all that the recipient needs to do is to take part in a very simple survey. Upon completion of the survey, the user will receive a $250 gift card reward absolutely FREE! But wait a minute—think twice before you even try clicking that button. Although the offer is perfectly tailored for the occasion, the reward that awaits the tempted is disastrous.

Subject: Are You Celebrating St. Patty.s Day?

Subject: St. Patty's Day Clearance - Huge Discounts on New Cars.

Subject: You have (1)...

Mathew Maniyara | 16 Mar 2011 15:51:57 GMT

On March 11, 2011, Japan faced its worst nightmare when a massive earthquake struck with a magnitude of 9.0. Nations all over the world are giving their support through aid to Japan. On the other hand, phishers are trying to take advantage of this situation to steal and exploit well meaning donors.

Symantec observed a phishing site that spoofed a popular payment gateway requesting a donation for Japan’s earthquake victims. Phishers paid attention to every minute detail to make the page look like the legitimate brand’s Web site. On the top left corner of the page, phishers used the logo of the American Red Cross, a humanitarian organization, to make it appear that the donation would be sent to them! A donation summary was highlighted towards the left of the phishing page that displayed an amount of one euro. A hyperlink, “Donation for Japan earthquake victims”, was provided...

Eric Park | 16 Mar 2011 15:21:30 GMT

As predicted in last month’s report, average daily global spam volume increased month-over-month for the first time since August 2010. The average daily spam volume increased 8.7 percent in February. This rise in spam volume also increased the overall spam percentage, as spam made up 80.65 percent of all messages in February, compared with 79.55 percent in January.

On the phishing side, we take a look at phishing attempts using fake SSL. Fraudulent sites are becoming more sophisticated and are using fake, or even basic domain validated SSL certificates to fool visitors. An Extended Validation (EV) SSL certificate, which turns the address bar green and ensures a more rigorous validation process, is conducted to verify the website owner is who it says it is.

To find out more, click here to download the March 2011 State of Spam &...

Samir_Patil | 14 Mar 2011 12:33:14 GMT

Only a few days ago, Japan experienced one of the worst earthquakes in its history. The earthquake registered 8.9 on the Richter scale and triggered an enormous tsunami. The heart-wrenching images on television have left the world shaken. It was the worst earthquake and tsunami in the past century and at least 50 countries have since received related tsunami warnings.

As the death and injury tolls continue to rise, one must not forget those who awake to exploit such delicate situations—spammers continue to maintain the guise of charitable institutions and governmental organizations! Don’t be surprised to  suddenly see an email message in your inbox marked as URGENT and pleading with you for "monitory help" [sic] or a phishing mail urging you to donate to the rehabilitation of those affected by the quake and tsunami. Use prudence in finding out the genuine intent of email senders before you reach out or respond.

Within the first few hours of...

Eric Park | 03 Mar 2011 20:34:12 GMT

In this blog published in January, we followed-up on the spam volume saga as the Rustock botnet returned to action on January 10. At the time, it looked like the holidays were over for spammers. Did the prediction hold up?

Yes, as it turns out. Over the following six weeks, the global spam volume has remained more or less flat. Towards the end of February however, it is showing a bit of a decline.

A similar pattern can be seen for the global spam percentage:

Even though the spam volume has somewhat recovered, it is nowhere near what it was one year ago. This chart shows the global spam volume in the month of February in 2010 and 2011: