Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Eric Park | 15 Jan 2014 09:29:01 GMT
After a long hiatus, spammers are once again using an old trick, where they attach a .zip file to trick the user into executing the compressed malware. The chart below shows the number of spam messages with .zip attachments over the last 90 days in Symantec’s Global Intelligence Network (GIN).
 
figure1_6.png
Figure 1. Spam messages with .zip attachments over the last 90 days
 
On January 7, 99.81 percent of the .zip attachment spam that came into Symantec’s GIN had the file name “BankDocs-”  followed by 10 hexadecimal characters.
 
figure2_7.png
Figure 2. Email with “BankDocs-” .zip attachment
 
On January 8, 99.34 percent of the .zip...
Christopher Mendes | 15 Jan 2014 07:35:27 GMT

It’s not surprising to see scammers exploiting the laxity of Internet users.

Symantec has observed another malware wave over the past few days following the holiday season. Many users check their utility and other official emails post-vacation to see if they missed out important messages. This is where spammers take a chance and hope that users will click on malicious links in their emails.

In this latest wave of attacks, spammers are taking advantage of users’ desire to open and respond to urgent emails right away. When this happens, the malware infects users’ computers and extracts confidential data.

Last week, I too, received some of these scam emails posing as delivery failure notifications from well-known stores with an online presence, stating that I missed the delivery of a couple of parcels while I was away on vacation.

At first, I wondered how this was possible since I hadn’t placed any orders, and wondered if they might be surprise gifts....

Christopher Mendes | 16 Dec 2013 09:07:53 GMT

Contributor: Binny Kuriakose

‘Hello world’ we are digital! Well that was ages ago. Today the need for speed has made us extra fast. A click of a button and the desired webpage is up and running in an instant. In fact, organizations are switching to the Web because of cost effective business and global presence the Internet provides. This phenomenon has made predators smack their lips. What better environment to make a kill than Christmas, with the unaware and the vulnerable abound!

With a systematic study of business done during Christmas, spammers have leveraged a plethora of categories since early July, ranging from hospitality-related spam for those who plan early on how to celebrate Christmas later in the year, to last minute shoppers who scramble to buy gifts before rushing home. Now, that is a well-planned spread.

  • For the vacation planner, there is a hospitality-related spam, with headers reading:

From:...

Pavlo Prodanchuk | 11 Dec 2013 08:53:49 GMT

The latest trend in Russian language spam shows that spammers have started promoting Make Money Fast (MMF) schemes where users are told that money can be easily made with the use of binary options trading.

The sample observed by Symantec has the usual spam traits including a catchy subject, which highlights a large sum of money someone is making every month, to grab the attention of the recipient.

The spam is sent from mail.ru, the largest free email service in Russia, with the account name stating the age of the person linking it to the subject line. The following is a translation of the email header: 

Subject: $3700 a month – this retiree making more than you?
From: pensioner.vladimir@mail.ru

This is an effective trick, especially during the festive season when many peoples’ finances are stretched.

figure_0.jpg

...

Binny Kuriakose | 03 Dec 2013 08:16:47 GMT

Word Salad, a workaround method invented by spammers to counter Bayesian spam filtering, is an old trick in the spammer’s manual, but cutting edge anti-spam filtering technology has made this ploy blunt.

As a form of Bayesian poisoning, Word Salad is an incongruous string of words. It uses words that are very legitimate and can be seen in any form of legit prose. From the perspective of Bayesian filtering, there is a large volume of legit data in emails which employs Word Salad. The word salad are often seen in the form of HTML, where nonsensical tags are used to break  URLs up so analysers will have a hard time tracking down the spammy URL. The latest trend in word salad is to add the most current keywords, like the hottest news or an upcoming event.

The demise of Paul Walker, the ‘Fast and Furious’ franchise star, in a fiery car accident on Saturday, is the latest example exploited by spammers. Within hours of this breaking news, Symantec...

Christopher Mendes | 02 Dec 2013 08:10:34 GMT

The Christmas season is a time to loosen up a few strings.  The ‘how’ is obvious, and the ‘where’ is situated in your pocket.

Now that’s no joke. You draw your plans and fix your expenditure. After all, you know the frontiers of your funds. But, the one who values it the most after you is the one who pries on you! It’s amazing to see how easily they do it. All it takes is a little bit of greed, a little bit of fear and a little bit of urgency and you lose your resolutions.  It’s only moments after you have allowed yourself to be cheated that you feel the remorse. After all, you have struggled for months to build your bank account balance to spend for Christmas only to have it burgled in an instance. If this detour does not bring you goosebumps, a little analysis on one such phishing sample should do the needful.

The header of the phishing email reads:

Subject: [Brand name] is giving...

Laura O'Brien | 26 Nov 2013 09:10:44 GMT
Contributor: Vivek Krishnamurthi
cyber_monday_graphic.png
 
December 2, 2013 marks Cyber Monday, the day when Internet retailers expect to experience a major surge in traffic thanks to people shopping online for the holiday season. The concept of Cyber Monday, or Mega Monday as it’s known in Europe, was introduced back in 2005. It takes place after the Thanksgiving holiday weekend, when people return to the office and buy Christmas presents from their work computers, according to retailers. Some dismissed Cyber Monday as marketing hype but over time, the day has grown in significance, thanks to competitive deals on offer from many major retailers. In 2012, the 500 biggest retailers in the US took more than US$206.8 million on Cyber Monday while in Europe,...
Symantec Security Response | 25 Nov 2013 16:26:59 GMT
In a previous blog, Symantec reported a new Ichitaro zero-day vulnerability known as the Multiple Ichitaro Products Unspecified Remote Code Execution Vulnerability (CVE-2013-5990). This flaw was being actively exploited in the wild, but the exploit was not properly working to compromise computers. A week after that, we confirmed a working exploit in multiple incidents which is actually capable of infecting targeted computers with a back door used typically in targeted attacks. The format of the file used to exploit the vulnerability, as was the case in previous attacks, is a rich text format which targets the word processing software Ichitaro, developed by Justsystems.
 
In the earlier cases where the exploit was unsuccessful, variants of...
Binny Kuriakose | 22 Nov 2013 09:42:44 GMT

Contributor: Vivek Krishnamurthi

The holiday season starts in the United States on Thanksgiving on November 28 preceding Black Friday, which occurs on November 29. This also marks the beginning of the much awaited shopping season when people take to the streets to celebrate the shopping furor with their family and friends. The shopping buzz is fuelled by discount sales and promotional offers by online sites and retailer outlets.

With online commerce growing by the day, spammers may take advantage of the holiday season to target shoppers. The spammers usually send out fake promotional messages and bogus deals and lie in wait for any victims who are tricked by these scams. Symantec has been on the lookout for signs of such messages to warn the public on what to avoid this holiday season.

We found the most popular spamming techniques, which topped our chart early this holiday season 

Products offered at discounts never seen before...

Symantec Security Response | 22 Nov 2013 00:12:26 GMT

Fake AV 1 edit.png

Contributor: Joseph Graziano

A new clever way of social engineering spam is going around today that attempts to trick users into running malware on their computers. The methods malware authors are using include emails pretending to be from various antivirus software companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for their antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as...