Video Screencast Help
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Suyog Sainkar | 05 Jan 2011 16:33:43 GMT

Since the close of 2010, Symantec has been observing a recent spam attack that is designed to distribute malware. On the arrival of the new year, Internet users often send best wishes to their friends and families through email or make use of online greeting card services. The spammers have exploited this likelihood, since the email messages in this spam attack appear to contain Happy New Year wishes in the form of an e-card, but in fact are distributing malicious code.

Below are some sample subject lines observed in this spam attack:

Subject:  New Year Ecard Notification
Subject:  Have a funfilled and blasting NewYear!
Subject:  Welcome 2011!
Subject:  Happy 2011 To U!
Subject:  Sparkling wishes on the New Year
Subject:  Happy New Year Wishes!
Subject:  Have a Happy New Year!
Subject: New Year 2011 Ecard Special Delivery

The message text urges the user to...

Eric Park | 16 Dec 2010 18:17:46 GMT

The volume of spam continues to drop.  We have been monitoring the decline in overall spam volume over the last few months, and the downtrend continued in November.  The average daily volume in November dropped 17.4 percent month-over-month.  Compared to August, spam volume was down over 56 percent.  This drop in overall spam volume also brought down the overall spam percentage.  Spam made up 84.31 percent of all messages in November, compared with 86.61 percent in October.

In addition to discussing the volume decline, this month’s report contains interesting predictions for 2011.

Click here to download the December 2010 State of Spam & Phishing Report, which highlights the following trends:

·         What’s Happening to Spam Volume?

...

Samir_Patil | 07 Dec 2010 17:23:16 GMT

Wikileaks.org is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users’ computers. Symantec is observing a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat.

The spam email has subject line “IRAN Nuclear BOMB!” and spoofed headers. The “From” header purports to originate from Wikileaks.org, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs Wikileaks.jar which has a downloader ‘Wikileaks.class’ file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat.

Below is screenshot of the email and website that downloads the threat:

...

Vivian Ho | 26 Nov 2010 19:15:44 GMT

When one thinks of Christmas, an aura of emotion arises. We are reminded of our family reunions, Christmas carols, that aroma of turkey being roasted, the cakes and pastries - don’t forget the Christmas gifts! But before we can wish you a merry Christmas we would like to caution you as you prepare your Christmas shopping list.

Please be careful, especially when you do your Christmas shopping online. Spammers are offering a plethora of fake offers, replicas, medication, and loans at unbelievably low interest rates, as is customary, during this season. Don’t get carried away by their cheap offers because no haute couture brand offers their products at such throw-away prices. We again would like to remind you not to get lured into giving your email credentials without first finding out that the Web site you are shopping on is legitimate and real.

We would like to highlight a few more tricks that spammers have pulled out of their hats this Christmas...

Vivian Ho | 16 Jun 2010 21:44:23 GMT

As 52 countries across the world gear up to celebrate Father’s day on Sunday, June 20, Symantec is monitoring the increase in the Father’s Day spam volume since the end of May. Sadly, spammers don’t forget to send out their holiday spam, although a couple of ongoing global events such as the FIFA World Cup and Shanghai World Expo might also draw their attention. The Father’s Day spam messages are similar to Mother’s Day spam, including hit-and-run spam, product promotion, and ecard services. We have observed that spammers registered lots of domains with various From aliases and Subject lines in order to bypass spam filters in hit-and-run spam. These types of spam messages, with Father’s Day headers, can attract readers’ attention.

Symantec is expecting to see more attacks in the coming days and advises users to ignore these messages. Here...

Vivian Ho | 15 Jun 2010 21:37:42 GMT

Spammers are known to be crowd chasers. And so it goes that social networking forums, sports events, and major news-generating events always seem to catch the spammers’ attention. In line with this trait, spammers are now targeting global expos. With around 70 to 100 million visitors expected to turn up at the Shanghai World Expo 2010 this year, spammers couldn't have asked for a better time to make their presence felt.
 
Spammers are using the Shanghai expo in their subject lines and email messages to deliver fake promotions, sell products, and offer various services. Symantec has been monitoring several different variations of spam types in the campaign.

Sample 1:
Spammers include an expo event subject line to attract hits. In the body, there is a meds promotion URL right in the center and a bogus MSN subscription note at the bottom.

From: <Details Removed>
Subject: 200,000 flood Shanghai Expo...

Samir_Patil | 14 Jun 2010 21:52:21 GMT

Former child star Gary Coleman, who shot to fame on the TV sitcom Diff'rent Strokes, died on May 28, 2010. The American actor is well known not only for his childhood role as Arnold Jackson in Diff'rent Strokes, but also for his small stature as an adult, which was caused by a congenital kidney disease that halted his growth at an early age.

As always, events such as these seem to be prime targets for spammers and malicious code authors alike. Symantec has been monitoring spam samples that tie in to Gary Coleman’s death; in particular, we’ve been observing several health-related spam messages that use the news headlines of Coleman’s death as their Subject lines.

As shown in below example, the message is, in actuality, a promotion of a Canadian pharmacy spam site. The links embedded in the message direct users to this online pharmacy:

In...

Samir_Patil | 11 Jun 2010 20:20:51 GMT

The world’s most awaited sporting event is kicking off today. As the world is getting ready to join the excitement, spammers continue to raise their spam game.
 
As discussed in the blog last month, we started observing variants of the FIFA spam on top of what we have already seen (like fishing, scams, and malicious attachments). Spammers are dishing out a variety of tactics such as fake gift cards and online pharmacies to lure email users.
 
In the recent spam promotion, spammer offers fake gift cards and invite users to participate in surveys. Below is a of such an offer where spammers are asking for opinions on the chances of Team USA in this edition of the World Cup. Email users are being offered free gift cards for taking such surveys.
 
Especially after their good showing in the...

Eric Park | 10 Jun 2010 17:03:00 GMT

Spam made up 89.81 percent of all messages in May, compared with 89.22 percent in April. As we are approaching mid-year, a section of this month’s report takes a look at top spam and phishing trends in 2010 so far, and how those trends are continuing today. In this month’s report, Symantec’s anti-spam analysts also share what they consider to be the most annoying spam.
 
With social networks continuing to add millions of users to its overall user base, crafty spammers are taking advantage of the popularity of these networks to design new spamming techniques week after week. The State of Spam & Phishing report for this month provides a deep dive on social network spam, highlighting some unique and dangerous techniques deployed by spammers.

Click here to download the June 2010 State of Spam & Phishing...

Mayur Kulkarni | 07 Jun 2010 16:16:58 GMT

Symantec has kept its eye on the ball and reported on malicious 419-spam campaigns associated with major global sporting events, from the Beijing Olympic Games 2008 to the upcoming FIFA World Cup 2010.
 
When international sporting events of such scale are happening, the Internet becomes a perfect avenue for cybercriminals to lay their traps and lure sports enthusiasts into their devious game plans. Typically, nefarious online activities related to major sporting events begin as early as a year before the actual event takes place.
 
After an initial burst of activity, spammers go quiet for a while, only to raise their antennae a couple of months before the actual event. This changes if something unusual or sensational happens in the interim. To cash in on such instances, spammers send out video spam. These email messages can be used for malicious attacks, as the video link actually points to a fake update.

 ...